CNIT 455 Exam I

studied byStudied by 1 person
0.0(0)
get a hint
hint

T/F A Packet Filter is hardware that limits connectivity

1 / 209

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

210 Terms

1

T/F A Packet Filter is hardware that limits connectivity

F (Software)

New cards
2

Packet filters block _______ and ______ traffic

ingress, egress

New cards
3

Packet filters use ____ based filtering

rule

New cards
4

Packet filter rules are combined into ________

rulesets

New cards
5

T/F A good practice with packet filters is to allow what you want then deny all else.

T

New cards
6

A firewall always includes a ______ ______

packet filter

New cards
7

T/F All packet filters are firewalls

F (Firewalls contain packet filters, not vice versa)

New cards
8

T/F Windows firewall, iptables, and pfsense are examples of software "firewalls"

T

New cards
9

T/F Packet filters are often used as a replacement in the IP stack on modern implementations.

F (uncommon)

New cards
10

T/F Packet filters are often implemented as a specialized network device.

T

New cards
11

One should always use __ rather than ___ when configuring a packet filter, as the latter is far easier to spoof.

IP, DNS

New cards
12

When filtering by IP, one should control access based on the ______/__________ IP address.

source/destination

New cards
13

T/F Packet filters are vulnerable to IP address spoofing via ARP.

T

New cards
14

LSRR stands for

Loose Source Record Routing

New cards
15

T/F LSRR tells packets specific routes to gain access to otherwise unreachable networks.

T

New cards
16

T/F LSRR prevents machines from spoofing addresses.

F (Enables spoofing, as net traffic can still find the machine)

New cards
17

T/F You should always enable LSRR on border routers and firewalls

F (DISABLE IT)

New cards
18

UDP and TCP communication is based on numbered _____

ports

New cards
19

T/F UDP and TCP source and destination ports are standardized.

F (only destination)

New cards
20

UDP and TCP ______ ports are chosen randomly, from port ____ and above

source, 1024

New cards
21

The two types of port filtering are ______ and ________

Static, dynamic

New cards
22

Static port filtering involves only allowing traffic based on ____ number or IP/____ number combination

port

New cards
23

In static port filtering, each packet is checked _____________

independently

New cards
24

Dynamic port filtering is also known as ________ ______ __________

stateful packet inspection

New cards
25

Dynamic port filtering checks the _______ of the packet as well as ______ and ___________ addresses

context, source, destination

New cards
26

T/F Destination Static Port Filtering involves examining and filtering based on source port number

F (destination you dip)

New cards
27

The major limitation of Destination Static Port Filtering is that it only works if a server responds to incoming messages on the _________ ____

receiving port

New cards
28

In source static port forwarding, source ports are typically randomly chosen from numbers above ____

1023

New cards
29

In source static port forwarding, after a server sends a message using a random port > 1023, the return traffic will be _______ by the firewall.

blocked

New cards
30

To work around the blocking caused by SSPF, you must ______ incoming traffic for ports > 1023

allow

New cards
31

T/F Allowing traffic for SSPF is a massive security problem.

T

New cards
32

By monitoring the source port for ingress traffic in SSPF, you have created a __-__________ static filter

bi-directional

New cards
33

TCP Static Source Port Filtering consists of performing a check on the ___ bit of outgoing TCP traffic

ACK

New cards
34

TCP SSPF does not work for flows that dynamically open ________ connections, such as FTP or H.323

Multiple

New cards
35

UDP source packet filtering can be done by denying ___ traffic

UDP

New cards
36

T/F UDP SPSF is essentially impossible due to the reliance on DNS

T

New cards
37

To solve the inherent problem with DNS in UDP SPSF, one can use DNS _________ and limit IP addresses to your upstream DNS server

forwarding

New cards
38

In _______ packet filtering, ports are closed until they are needed.

Dynamic

New cards
39

Dynamic Packet Filtering builds a _____ _____ of information about communications

state table

New cards
40

T/F The state table in DPF keeps track of sequence numbers of TCP packets and UDP data flows.

T

New cards
41

T/F Dynamic Packet Filtering cannot perform authentication upon session startup

F (it can)

New cards
42

T/F Dynamic packet filtering can examine the application layer to ensure the traffic is what it says it is.

T

New cards
43

The three things that can be done when a filter blocks traffic are:

1. Send ICMP host not reachable

2. Send ICMP host not administratively reachable

3. Send _______

Nothing

New cards
44

The safest solution when deciding to block traffic is to send ______

Nothing

New cards
45

The primary strength of a packet filter is how ____ it is

fast

New cards
46

T/F A packet filter can approach line speeds.

T

New cards
47

T/F Packet filters log everything that passes through them.

F (Too much data to collect)

New cards
48

T/F Packet filters are fully capable of perfectly authenticating all traffic passing through

F (very limited authentication)

New cards
49

T/F Once you allow traffic to pass through a filter, it likely cannot be tracked.

T

New cards
50

T/F Always ensure Loose Source Record Routing is disabled.

T

New cards
51

T/F Best practice is to send an ICMP host not reachable message when a packet is blocked by a firewall.

F (Send nothing)

New cards
52

T/F A properly configured packet filter is immune to IP address spoofing

F (Not immune)

New cards
53

T/F All modern packet filters implement stateful (dynamic) packet inspection

T

New cards
54

T/F Your mail server is delivering a message to an external address. The source port address will be TCP 25.

F (The source address will be randomly chosen from a value of 1024 or higher, up to 2^16)

New cards
55

T/F Stateful packet inspection is another term for application layer gateway.

F (Stateful packet inspection is a filtering method. As such packets are delivered from the source to the destination. An application layer gateway breaks the data flow into two separate sessions: one between the target and the ALG and one from the requester and the ALG)

New cards
56

T/F To simplify writing packet filter rules you should use DNS domain names instead of IP addresses.

F

New cards
57

T/F The biggest disadvantage of packet filtering is that a direct connection is made between the source and destination hosts.

T

New cards
58

T/F Using UDP static filtering and allowing outgoing connections effectively opens up all non-reserved UDP ports for incoming traffic.

T

New cards
59

IPsec adds security to the IPv4 or IPv6 ________ layer

network

New cards
60

IPsec reduces the need for __________ layer security

Application

New cards
61

T/F IPsec can provide a layer of security to inherently insecure application layer protocols.

T

New cards
62

IPsec runs at a ___ layer of the operating system

low

New cards
63

T/F IPsec does not support filtering

F (it does)

New cards
64

T/F IPsec will filter all traffic across the network at all times.

F (some traffic is handled natively by IP/TCP/UDP, etc)

New cards
65

The two modes of IPsec operation are __________ and ______

Transport, Tunnel

New cards
66

The two protocols utilized in IPsec are the ____________ _______ protocol, and the ____________ _______ _______.

Authentication Header, Encapsulating Security Payload

New cards
67

T/F IPsec AH and ESP can be used simultaneously.

T

New cards
68

T/F The authentication header can be used for encryption of network traffic.

F (only authentication)

New cards
69

T/F Both transport and tunnel mode can work with AH and ESP.

T

New cards
70

Transport mode is used to secure any layer _ or above protocol set.

4

New cards
71

T/F Transport mode can be used with virtually all application layer protocols

T

New cards
72

T/F IPsec does not require the communication endpoint to be the cryptographic endpoint.

F (comm endpoint must be cryptographic endpoint)

New cards
73

Transport mode is used to protect standard application layer data during transmission across an _______ network.

insecure

New cards
74

T/F Tunnel mode requires an entire IP packet to be encapsulated into the IPsec data field.

T

New cards
75

Tunnel mode is utilized for the creation of ___ connections.

VPN

New cards
76

Authentication Header protocol was established with RFC ____.

4301

New cards
77

AH in included in IP Protocol __.

51

New cards
78

AH provides authentication of the entire IPv4 _______

datagram

New cards
79

AH ensures a packet is not _______ or _______.

spoofed, munged

New cards
80

T/F Authentication Headers provide an anti-replay service with optional sequence numbers.

T

New cards
81

T/F Even when using Authentication Headers, the source address could be spoofed.

F (theoretically the source address cannot be spoofed)

New cards
82

Authentication Headers doe not ______ data.

encrypt

New cards
83

Encapsulating Security Payload is included in RFC ____, ____ et. al.

2460, 4303

New cards
84

ESP is included in IP Protocol __

50

New cards
85

ESP provides for ___________ and/or _________

authentication, encryption

New cards
86

T/F ESP allows implementation of authentication and encryption, but neither have to be enabled when configuring IPsec.

F (one must be specified, otherwise why enable it to begin with)

New cards
87

IPsec supports many block ciphers using ______ _____ _______ (CBC)

Cipher Block Chaining

New cards
88

An IPsec ________ defines the set of cryptographic tools used by IPsec

transform

New cards
89

PIX/ASA implementations of IPsec refer to crypto tools as _______ ____

transform sets

New cards
90

In cryptography, a _______ __________ is a one way set of security information used to facilitate a logical connection between nodes

security association

New cards
91

___ security associations are required for duplex communication.

two

New cards
92

A Security Association contains cryptographic information, including __________, _________ information, and ___ information

authenticators, Encryption, MAC

New cards
93

T/F Before two nodes can communicate securely, they must sort out their security associations

T

New cards
94

Transforms that can be performed in IPsec include ___/__, ______ with key, and ___ with key

ESP/AH, Cipher, MAC

New cards
95

Both nodes must agree on the _______ of interest

traffic

New cards
96

T/F Both nodes must agree on the path MTU.

T

New cards
97

The _______ ________ _____ is a unique 32 bit value identifying each individual data flow.

Security Parameter Index

New cards
98

T/F IPsec security associations are usually manually configured

F (Rarely done, as it is less secure than automatic)

New cards
99

IPsec security associations are configured automatically via a ___ _______ ______

key exchange protocol

New cards
100

ISAKMP stands for

Internet Security Association Key management protocol

New cards

Explore top notes

note Note
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 13 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 22 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 11 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8 people
Updated ... ago
4.0 Stars(1)
note Note
studied byStudied by 754 people
Updated ... ago
4.9 Stars(14)
note Note
studied byStudied by 1395 people
Updated ... ago
5.0 Stars(2)

Explore top flashcards

flashcards Flashcard119 terms
studied byStudied by 42 people
Updated ... ago
4.5 Stars(2)
flashcards Flashcard136 terms
studied byStudied by 9 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard32 terms
studied byStudied by 11 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard101 terms
studied byStudied by 16 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard25 terms
studied byStudied by 131 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard24 terms
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
flashcards Flashcard21 terms
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
flashcards Flashcard242 terms
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)