Saturday, February 23, 2019
Common risks, threats, and vulnerabilities Essay
1. What argon some common risks, affrights, and vulnerabilities commonly found in the LAN-to-WAN Domain that must(prenominal) be mitigated through a moulded security system system? A layered security strategy go forth encompass make up protocols such as Bit mining and P2P, Unauthorized network see and probing, and unauthorized access to the network. 2. What is an Access Control List (ACL) and how is it useful in a layered security strategy? An ACL is a Control argument which will allow or deny traffic or devices ground on specifications defined in the ACL. This ACL generally is applied and configured on Firewalls. It is useful in a layered security approach because from an immaterial standpoint it become the first line of defense when hosts attempt to colligate to the network.3. What is a citadel Host? Provide an example of when a Bastion Host should be used and how. A Bastion Host is a host that is minimally configured software system firewall containing only necessary software/services. These are in any case referred to as bare metal or unaccented and is managed to be overly secure through a minimalist approach. altogether traffic coming is directed to the Bastion or screened host. outward traffic is not sent through it. The most common threat to the Bastion Host is to the operating system that is not hardened with surplus security applications.4. Provide at least two examples of how the enclave requirement to score a firewall at the mete can be accomplished. a. Placing a firewall amongst two routers and another firewall before a DMZ would be the top hat requirement choice to use 5. What is the difference between a traditional IP Stateful Firewall and a Deep Packet Inspection Firewall? a. IP Stateful firewall inspection takes place in layer 4, when traffic attempts to traverse the firewall a pass on a source port and a destination port bitstock become part of the session allowing the source to receive information. Stateful inspection firewalls put to work the vulnerability of permitting all the high numbered ports by creating a table containing the outward-bound connections and their associated high numbered port(s). b. Firewalls utilizing deep packet inspection provides enhancements to Stateful firewalls Stateful firewall is still susceptible to bombardment even if the firewall is deployed and working as it should be. By adding application-oriented logic into the hardware, essentially compounding IDS into the firewall traffic. Deep Packet Inspection uses an Attack Object Database to store protocol anomalies and attacktraffic by assemblying them by protocol and security level.6. How would you monitor for unauthorized management access attempts to tender systems? Acls and scrutinise logs can be leveraged to confirm which station is attempting to make the unauthorized connection. 7. draw off Group ID (Vulid) V-3057 in the Network IDS/IPS Implementation Guide provided by DISA? A management server is a centr alized device that receives information from the sensors or agents 8. What is the significance of VLAN 1 traffic deep down a lake herring gas pedal LAN Switch? Describe the vulnerabilities associated if it traverses across unnecessary trunk. VLAN1 traffic will contain the STP or spanning tree traffic, CDP traffic, and Dynamic trunking traffic to spend a penny a few. If unnecessary traffic traverses the trunk it could cause the switch dissymmetry causing it to go down or become inoperable.9. At what put down level should the syslog service be configured on a Cisco Router, Switch, or Firewall device? Syslogs traps should be configured at levels 0-6. Logging aim 2 10. Describe how you would see a layered, security strategy within the LAN-to-WAN Domain to support authorized remote user access eyepatch denying access to unauthorized users at the Internet ingress/ result point. To implement a layered security strategy for remote user access, we would absorb with an application b ased login, such as a VPN -SSL au whereforetication then pair it with LDAP on a radius or Tacacs+ service. LDAP is bound to combat-ready directory which will leverage Role based access controls to check group permissions.11. As defined in the Network Infrastructure Technology Overview, interpretation 8, Release 3, describe the 3 layers that can be found in the DISA Enclave mete layered security solution for Internet ingress/egress connections (i.e., DMZ or Component Flow). 3 types of layers found in the Enclave Perimeter Component Flow include the Network layer security, Application layer security and security of the actual applications themselves. 12. Which device in the Enclave Protection appliance Component Flow helps mitigate risk from users violating acceptable use and casteless websites and URL links? The Web Content Filter13. True or False. The Enclave Protection Mechanism includes both an intimate IDS and external IDS when connecting a unlikable network infrastructure to the public Internet. True, it is required to have external IDS as well as internal IDS. Requirements include having a firewall and IDS in between theinternet facing router and the internal, premise, and router. 14. True or False. Securing the enclave only requires perimeter security and firewalls. False, securing the enclave includes a layered firewall approach both on the at heart and outside of the network. Sensitive data can be secured from other segments of the internal network (internal) as well as Internet links (external). 15. What is the primary objective of this STIG as is relates to network infrastructures for DoD networks? STIG, or security department Technical Implementation Guide, is an intended guide to decrease vulnerabilities and potential of losing sensitive data. The guide focuses on network security, giving security considerations for the implemented network. The STIG also covers the level of risks and the associated acceptable levels to said risks.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment