Looks like no one added any tags here yet for you.
T/F A Packet Filter is hardware that limits connectivity
F (Software)
Packet filters block _______ and ______ traffic
ingress, egress
Packet filters use ____ based filtering
rule
Packet filter rules are combined into ________
rulesets
T/F A good practice with packet filters is to allow what you want then deny all else.
T
A firewall always includes a ______ ______
packet filter
T/F All packet filters are firewalls
F (Firewalls contain packet filters, not vice versa)
T/F Windows firewall, iptables, and pfsense are examples of software "firewalls"
T
T/F Packet filters are often used as a replacement in the IP stack on modern implementations.
F (uncommon)
T/F Packet filters are often implemented as a specialized network device.
T
One should always use __ rather than ___ when configuring a packet filter, as the latter is far easier to spoof.
IP, DNS
When filtering by IP, one should control access based on the ______/__________ IP address.
source/destination
T/F Packet filters are vulnerable to IP address spoofing via ARP.
T
LSRR stands for
Loose Source Record Routing
T/F LSRR tells packets specific routes to gain access to otherwise unreachable networks.
T
T/F LSRR prevents machines from spoofing addresses.
F (Enables spoofing, as net traffic can still find the machine)
T/F You should always enable LSRR on border routers and firewalls
F (DISABLE IT)
UDP and TCP communication is based on numbered _____
ports
T/F UDP and TCP source and destination ports are standardized.
F (only destination)
UDP and TCP ______ ports are chosen randomly, from port ____ and above
source, 1024
The two types of port filtering are ______ and ________
Static, dynamic
Static port filtering involves only allowing traffic based on ____ number or IP/____ number combination
port
In static port filtering, each packet is checked _____________
independently
Dynamic port filtering is also known as ________ ______ __________
stateful packet inspection
Dynamic port filtering checks the _______ of the packet as well as ______ and ___________ addresses
context, source, destination
T/F Destination Static Port Filtering involves examining and filtering based on source port number
F (destination you dip)
The major limitation of Destination Static Port Filtering is that it only works if a server responds to incoming messages on the _________ ____
receiving port
In source static port forwarding, source ports are typically randomly chosen from numbers above ____
1023
In source static port forwarding, after a server sends a message using a random port > 1023, the return traffic will be _______ by the firewall.
blocked
To work around the blocking caused by SSPF, you must ______ incoming traffic for ports > 1023
allow
T/F Allowing traffic for SSPF is a massive security problem.
T
By monitoring the source port for ingress traffic in SSPF, you have created a __-__________ static filter
bi-directional
TCP Static Source Port Filtering consists of performing a check on the ___ bit of outgoing TCP traffic
ACK
TCP SSPF does not work for flows that dynamically open ________ connections, such as FTP or H.323
Multiple
UDP source packet filtering can be done by denying ___ traffic
UDP
T/F UDP SPSF is essentially impossible due to the reliance on DNS
T
To solve the inherent problem with DNS in UDP SPSF, one can use DNS _________ and limit IP addresses to your upstream DNS server
forwarding
In _______ packet filtering, ports are closed until they are needed.
Dynamic
Dynamic Packet Filtering builds a _____ _____ of information about communications
state table
T/F The state table in DPF keeps track of sequence numbers of TCP packets and UDP data flows.
T
T/F Dynamic Packet Filtering cannot perform authentication upon session startup
F (it can)
T/F Dynamic packet filtering can examine the application layer to ensure the traffic is what it says it is.
T
The three things that can be done when a filter blocks traffic are:
1. Send ICMP host not reachable
2. Send ICMP host not administratively reachable
3. Send _______
Nothing
The safest solution when deciding to block traffic is to send ______
Nothing
The primary strength of a packet filter is how ____ it is
fast
T/F A packet filter can approach line speeds.
T
T/F Packet filters log everything that passes through them.
F (Too much data to collect)
T/F Packet filters are fully capable of perfectly authenticating all traffic passing through
F (very limited authentication)
T/F Once you allow traffic to pass through a filter, it likely cannot be tracked.
T
T/F Always ensure Loose Source Record Routing is disabled.
T
T/F Best practice is to send an ICMP host not reachable message when a packet is blocked by a firewall.
F (Send nothing)
T/F A properly configured packet filter is immune to IP address spoofing
F (Not immune)
T/F All modern packet filters implement stateful (dynamic) packet inspection
T
T/F Your mail server is delivering a message to an external address. The source port address will be TCP 25.
F (The source address will be randomly chosen from a value of 1024 or higher, up to 2^16)
T/F Stateful packet inspection is another term for application layer gateway.
F (Stateful packet inspection is a filtering method. As such packets are delivered from the source to the destination. An application layer gateway breaks the data flow into two separate sessions: one between the target and the ALG and one from the requester and the ALG)
T/F To simplify writing packet filter rules you should use DNS domain names instead of IP addresses.
F
T/F The biggest disadvantage of packet filtering is that a direct connection is made between the source and destination hosts.
T
T/F Using UDP static filtering and allowing outgoing connections effectively opens up all non-reserved UDP ports for incoming traffic.
T
IPsec adds security to the IPv4 or IPv6 ________ layer
network
IPsec reduces the need for __________ layer security
Application
T/F IPsec can provide a layer of security to inherently insecure application layer protocols.
T
IPsec runs at a ___ layer of the operating system
low
T/F IPsec does not support filtering
F (it does)
T/F IPsec will filter all traffic across the network at all times.
F (some traffic is handled natively by IP/TCP/UDP, etc)
The two modes of IPsec operation are __________ and ______
Transport, Tunnel
The two protocols utilized in IPsec are the ____________ _______ protocol, and the ____________ _______ _______.
Authentication Header, Encapsulating Security Payload
T/F IPsec AH and ESP can be used simultaneously.
T
T/F The authentication header can be used for encryption of network traffic.
F (only authentication)
T/F Both transport and tunnel mode can work with AH and ESP.
T
Transport mode is used to secure any layer _ or above protocol set.
4
T/F Transport mode can be used with virtually all application layer protocols
T
T/F IPsec does not require the communication endpoint to be the cryptographic endpoint.
F (comm endpoint must be cryptographic endpoint)
Transport mode is used to protect standard application layer data during transmission across an _______ network.
insecure
T/F Tunnel mode requires an entire IP packet to be encapsulated into the IPsec data field.
T
Tunnel mode is utilized for the creation of ___ connections.
VPN
Authentication Header protocol was established with RFC ____.
4301
AH in included in IP Protocol __.
51
AH provides authentication of the entire IPv4 _______
datagram
AH ensures a packet is not _______ or _______.
spoofed, munged
T/F Authentication Headers provide an anti-replay service with optional sequence numbers.
T
T/F Even when using Authentication Headers, the source address could be spoofed.
F (theoretically the source address cannot be spoofed)
Authentication Headers doe not ______ data.
encrypt
Encapsulating Security Payload is included in RFC ____, ____ et. al.
2460, 4303
ESP is included in IP Protocol __
50
ESP provides for ___________ and/or _________
authentication, encryption
T/F ESP allows implementation of authentication and encryption, but neither have to be enabled when configuring IPsec.
F (one must be specified, otherwise why enable it to begin with)
IPsec supports many block ciphers using ______ _____ _______ (CBC)
Cipher Block Chaining
An IPsec ________ defines the set of cryptographic tools used by IPsec
transform
PIX/ASA implementations of IPsec refer to crypto tools as _______ ____
transform sets
In cryptography, a _______ __________ is a one way set of security information used to facilitate a logical connection between nodes
security association
___ security associations are required for duplex communication.
two
A Security Association contains cryptographic information, including __________, _________ information, and ___ information
authenticators, Encryption, MAC
T/F Before two nodes can communicate securely, they must sort out their security associations
T
Transforms that can be performed in IPsec include ___/__, ______ with key, and ___ with key
ESP/AH, Cipher, MAC
Both nodes must agree on the _______ of interest
traffic
T/F Both nodes must agree on the path MTU.
T
The _______ ________ _____ is a unique 32 bit value identifying each individual data flow.
Security Parameter Index
T/F IPsec security associations are usually manually configured
F (Rarely done, as it is less secure than automatic)
IPsec security associations are configured automatically via a ___ _______ ______
key exchange protocol
ISAKMP stands for
Internet Security Association Key management protocol