15.

Physical and Hardware Security

Written Lab
In this section, write the answers to the following security questions:
1. Which type of security device employs a redirection device known as a honeypot?
2. Which type of firewall keeps track of existing connections passing through it?
3. If you wanted to ensure that your firewall could block inflammatory email, which type of
service would you look for?
4. A firewall’s list of rules that it uses to block traffic is called ___________________.
5. If you wanted to allow remote access to 500 users, which type of device is recommended?
6. If data from one of your subnets should be restricted from entering another subnet, the
subnets should be configured as different ___________________.
7. Which unsecure protocol uses port 80 by default?
8. Which unsecure protocol utilizes arbitrary port numbers to complete its work?
9. What port number does Secure Shell (SSH) use by default?
10. Logging, notification, and shunning are what types of reactions from what type of
security device?
(The answers to the Written Lab can be found following the answers to the Review
Questions for this chapter.)
Review Questions 537

Review Questions
1. In general, firewalls work by ___________________.
A. Rejecting all packets regardless of security restrictions
B. Forwarding all packets regardless of security restrictions
C. Allowing only packets that pass security restrictions to be forwarded
D. None of the above
2. Which layer of the OSI model do software firewalls operate in? (Choose all that apply.)
A. Application
B. Presentation
C. Physical
D. Network
3. What is the main difference between a network-based firewall and a host-based firewall?
A. A network-based firewall protects the Internet from attacks.
B. A network-based firewall protects a network, not just a single host.
C. A network-based firewall protects the network wires.
D. A network-based firewall protects a CD from data loss.
4. What is one advantage that a stateless firewall has over its stateful counterparts?
A. It’s faster.
B. It utilizes less memory.
C. It’s better at preventing network attacks.
D. It works better on external networks.
5. A network administrator needs to filter unwanted packets when implementing the companies’
security policies. What should be implemented to help exercise control over future
network traffic?
A. Access control list (ACL)
B. Proxy server
C. Intrusion Prevention System
D. VPN concentrator
6. What is the benefit of using a firewall?
A. Protects external users
B. Protects external hardware
C. Protects LAN resources
D. Protects hardware from failure
538 Chapter 15 Physical and Hardware Security
n

7. Your company uses a custom TCP port number of 9080 that is hosted on your DMZ server.
Users can no longer access a custom application that uses this port. You’ve verified that
the firewall is permitting this TCP port. Which command can you use to verify the DMZ
server is still accepting connections on TCP port 9080?
A. ping
B. telnet
C. nbtstat
D. netstat
E. ipconfig
8. Which device can limit traffic on a network and allow access onto specific TCP/IP port
numbers when security is a concern?
A. Hub
B. Firewall
C. DNS
D. Modem
9. Which is not a type of access control list (ACL)?
A. Standard
B. Extended
C. Referred
D. Outbound
10. A network administrator is creating an outbound ACL. Which of the following is not a
general access-list guideline that should be followed when the network administrator is
creating and implementing ACLs on the router?
A. Use only one ACL per interface per protocol per direction.
B. Place IP-extended ACLs as far away from the source as possible.
C. Create ACLs and then apply them to an interface.
D. Every list should have at least one permit statement or it will deny all traffic.
11. What is the best explanation for a DMZ?
A. To separate a security zone for an IPS and IDS server
B. To create a security zone for VPN terminations
C. To create a security zone that allows public traffic but is isolated from the private
inside network
D. To create a security zone that allows private traffic but is isolated from the public
network
Review Questions 539
12. Which of the following are types of services that firewalls can provide? (Choose all that apply.)
A. Content filtering
B. Segregate network segments
C. Signature identification
D. Scanning services
E. All of the above
13. Which type of security device monitors network traffic, looking for signs of an intrusion?
A. Intrusion Detection System
B. Demilitarized zone (DMZ)
C. Firewall
D. VPN concentrator
14. Which of these application-layer protocols is not secure?
A. SSH
B. HTTP
C. HTTPS
D. SNMPv3
15. Which of these application-layer protocols is secure?
A. SFTP
B. RSH
C. SNMPv1
D. SNMPv2
16. Changing network configurations, terminating sessions, and deceiving the attacker are
actions that can be taken from what type of security device?
A. Access control list (ACL)
B. Content filtering
C. Security zones
D. Intrusion Prevention System (IPS)
17. Which of the following are access-control principles that should be followed? (Choose all
that apply.)
A. Use implicit deny or allow.
B. Follow the least-privilege model.
C. Separate out administrative duties.
D. Rotate administrator jobs.
E. All of the above
540 Chapter 15 Physical and Hardware Security
n

18. Which protocol uses port 22 by default?

A. Telnet
B. FTP
C. SSH
D. HTTPS
19. A network administrator needs to transfer files from one computer to another. What protocol
would most likely be used in this scenario?
A. Telnet
B. FTP
C. HTTP
D. RCP
20. What protocol can be used to transfer files and is similar to FTP but not secure?
A. SCP
B. SFTP
C. SSH
D. TFTP
Answers to Review Questions 541

Answers to Review Questions

1. C. Firewalls work by allowing only packets that pass security restrictions to be forwarded
through the firewall. A firewall can also permit, deny, encrypt, decrypt, and proxy all
computer traffic that flows through it; this can be between a public and private network or
between different security domains (or zones) on a private network. You as the administrator
set up the rules by which a firewall decides to forward or reject packets of data.
2. A, D. Firewalls work at the application layer or the network layer.
3. B. A network-based firewall is what companies use to protect their private network from
public networks. The defining characteristic of this type of firewall is that it’s designed to
protect an entire network of computers as opposed to just one system. This is usually a combination
of hardware and software. A host-based firewall is implemented on one machine
and is designed to protect that machine only. Most often, this is implemented as software; no
additional hardware is required in your personal computer to run a host-based firewall.
4. B. The one big advantage that a stateless firewall has over its stateful counterparts is that
it uses less memory. Today, stateless firewalls are best if used on an internal network where
security threats are lower and there are few restrictions.
5. A. ACLs allow routers to filter packets. These filters allow you, the administrator, to
control the flow of packets through a network.
6. C. One of the benefits of using a firewall is that it helps protect LAN resources from
unwanted attacks.
7. B. From any command prompt, or router prompt, you can telnet to the port number on
the DMZ server to verify it is responding.
8. B. Firewalls, which use access-lists can permit or deny connections and types of traffic in
or out of the network.
9. C. Standard, extended, and outbound are all types of ACL. Referred is not.
10. B. When configuring an ACL, you need to place IP-extended ACLs as close to the source
as possible. Because extended ACLs can filter on very specific addresses and protocols, you
don’t want your traffic to traverse the entire network and then be denied. By placing this list
as close to the source address as possible, you can filter traffic before it uses up your
precious bandwidth.
11. C. A DMZ can be set up many different ways, but the best explanation is the DMZ is to
separate and secure your inside network from the Internet well allowing hosts on the Internet
to access your servers.
12. E. Most firewalls provide content filtering, signature identification, and the ability to segregate
network segments into separate security zones. Most firewalls are also capable of performing
scanning services, which means that they scan different types of incoming traffic in
an effort to detect problems.
542 Chapter 15 Physical and Hardware Security
n
13. A. An Intrusion Detection System (IDS) monitors network traffic, looking for signs of an
intrusion. Intrusions are detected by matching activity versus known signatures within the
IDS’s database. If an intrusion is detected, a passive response such as logging or notifying
a network administrator is executed. An Intrusion Prevention System (IPS) is like an IDS,
but with two key differences. First, it learns what is “normal” on the network and can react
to abnormalities even if they aren’t part of the signature database. Second, it can issue an
active response such as shutting down a port, resetting connections, or attempting to lull
the attacker into a trap.
14. B. HTTP is an Application-layer protocol that is not secure.
15. A. SFTP is an Application-layer protocol that is secure.
16. D. Changing network configurations, terminating sessions, and deceiving the attacker are
all actions that can be taken by an IPS device.
17. E. All of these are common access-control principles that should be followed. An implicit
deny is when a user is specifically locked out of a resource. In the least-privilege model,
users only have access to the bare minimum of resources they need. Separating administrative
duties allows you to train junior administrators without giving them full access. It
is also a good idea to make sure you have people cross-trained in various administrative
aspects of your network.
18. C. Secure Shell (SSH) uses port 22 by default. This protocol allows two networked devices
to exchange data using a secure channel. SSH was designed to be a replacement for Telnet
and other unsecure remote shell programs such as rlogin and rsh.
19. B. Although it’s true that transferring files can be done using HTTP, HTTP has more overhead
than FTP, which makes it slower for tasks such as downloading. FTP is streamlined
specifically for this task.
20. D. Trivial File Transfer Protocol (TFTP) is a transfer protocol that does not provide any security.
It has no password for authentication or login and no encryption for transfer security. It is
useful for moving configuration and operating-system files onto and off of networking devices
because it has low overhead and the software is easy to run. FTP by default isn’t secure either,
but it wasn’t listed as a possible answer to the question.

Answers to Written Lab

1. Intrusion Prevention System
2. Stateful
3. Content filtering
4. Access Control List (ACL)
5. A VPN concentrator
6. Security zones
7. HTTP
8. FTP
9. 22
10. Passive reactions from an IDS