1. What are some common hazards. menaces.
and exposures normally found in the LAN-to-WAN Domain that must be mitigated through a superimposed security scheme? A superimposed security scheme will embrace Rouge protocols such as Bit excavation and P2P. Unauthorized web scanning and examining. and unauthorised entree to the web. 2. What is an Access Control List ( ACL ) and how is it utile in a superimposed security scheme? An ACL is a Control list which will let or deny traffic or devices based on specifications defined in the ACL. This ACL by and large is applied and configured on Firewalls. It is utile in a superimposed security attack because from an External point of view it become the first line of defence when hosts attempt to link to the web.
3. What is a Bastion Host? Provide an illustration of when a Bastion Host should be used and how. A “Bastion Host” is a host that is minimally configured package firewall incorporating merely necessary software/services. These are besides referred to as bare metal or “lite” and is managed to be overly secure through a minimalist attack. All traffic coming is directed to the Bastion or “screened host” . Outbound traffic is non sent through it. The most common menace to the Bastion Host is to the operating system that is non hardened with extra security applications.
4. Supply at least two illustrations of how the enclave demand to put a firewall at the margin can be accomplished. a. Puting a firewall between two routers and another firewall before a DMZ would be the best demand pick to utilize 5. What is the difference between a traditional IP Stateful Firewall and a Deep Packet Inspection Firewall? a. IP Stateful firewall review takes topographic point in bed 4. when traffic efforts to track the firewall a requested a beginning port and a finish port brace become portion of the session leting the beginning to have information. Stateful review firewalls solve the exposure of allowing all the high numbered ports by making a tabular array incorporating the outbound connexions and their associated high numbered port ( s ) . b. Firewalls utilizing deep package review provides sweetenings to Stateful firewalls’ Stateful firewall is still susceptible to assail even if the firewall is deployed and working as it should be. By adding application-oriented logic into the hardware. basically uniting IDS into the firewall traffic. Deep Packet Inspection uses an Attack Object Database to hive away protocol anomalousnesss and onslaught traffic by grouping them by protocol and security degree.
6. How would you supervise for unauthorised direction entree efforts to sensitive systems? Acl’s and audit logs can be leveraged to corroborate which station is trying to do the unauthorised connexion. 7. Describe Group ID ( Vulid ) : V-3057 in the Network IDS/IPS Implementation Guide provided by DISA? A direction waiter is a centralised device that receives information from the detectors or agents 8. What is the significance of VLAN 1 traffic within a Cisco Catalyst LAN Switch? Describe the exposures associated if it traverses across unneeded bole. VLAN1 traffic will incorporate the STP or crossing tree traffic. CDP traffic. and Dynamic trunking traffic to call a few. If unneeded traffic traverses the bole it could do the switch instability doing it to travel down or go inoperable.
9. At what logging degree should the syslog service be configured on a Cisco Router. Switch. or Firewall device? Syslogs traps should be configured at degrees 0-6. Loging Level 2 10. Describe how you would implement a superimposed. security scheme within the LAN-to-WAN Domain to back up authorised remote user entree while denying entree to unauthorised users at the Internet ingress/egress point. To implement a superimposed security scheme for distant user entree. we would get down with an application based login. such as a VPN -SSL hallmark so pair it with LDAP on a radius or Tacacs+ service. LDAP is bound to Active directory which will leverage Role based entree controls to look into group permissions.
11. As defined in the Network Infrastructure Technology Overview. Version 8. Let go of 3. describe the 3 beds that can be found in the DISA Enclave Perimeter layered security solution for Internet ingress/egress connexions ( i. e. . DMZ or Component Flow ) . 3 types of beds found in the Enclave Perimeter Component Flow include the Network layer security. Application layer security and security of the existent applications themselves. 12. Which device in the Enclave Protection Mechanism Component Flow helps extenuate hazard from users go againsting acceptable usage and unwanted web sites and URL links? The Web Content Filter
13. True or False. The Enclave Protection Mechanism includes both an internal IDS and external IDS when linking a closed web substructure to the public Internet. True. it is required to hold external IDS every bit good as internal IDS. Requirements include holding a firewall and IDS in between the
cyberspace confronting router and the internal. “premise” . and router. 14. True or False. Procuring the enclave merely requires perimeter security and firewalls. False. procuring the enclave includes a superimposed firewall attack both on the interior and outside of the web. Sensitive informations can be secured from other sections of the internal web ( internal ) every bit good as Internet links ( external ) . 1
5. What is the primary aim of this STIG as is relates to web substructures for DoD webs? STIG. or Security Technical Implementation Guide. is an intended usher to diminish exposures and potency of losing sensitive informations. The usher focuses on web security. giving security considerations for the enforced web. The STIG besides covers the degree of hazards and the associated acceptable degrees to said hazards.