6. Although at one time the mainstay of computer networks, twisted-pair cable is rarely used today. True or false?
7. A switch cannot limit the effectiveness of a sniffer. True or false?
8. A DSL broadband connection allows for an “always on” connection, while a cable modem does not. True or false?
9. A Remote Access Server does not recognize the universal naming convention. True or false?
10. Mobile devices, such as PDAs and cell phones, pose no real threat to security. True or false?
11. The physical infrastructure, such as the wire, connectors, and cables, which are used to carry data communications signals between equipment is known as the _____. cable plant
12. An attacker can capture packets as they travel through the network using a technique called _____. sniffing
13. A software firewall runs as a program on a local computer is called a(n) _____. personal firewall
14. _____, which is part of the TCP/IP protocol suite, is used to gather data about network performance. Simple Network Management Protocol (SNMP)
15. A(n) _____is a smaller version of the telephone company’s larger central switching office that is privately owned. PBX
16. Explain the difference between stateful and a stateless packet filtering systems.
Packets can be filtered by a firewall in one of two different ways. Stateless packet filtering looks at the packet and permits or denies it based strictly on the rule base. Stateful packet filtering keeps a record of the state of a connection between an internal computer and an external server and makes decisions based on the connection as well as the rule base. For example, a stateless packet filter firewall would allow a packet to pass through because it passed the rule base. However, a stateful packet filter would drop this packet because the internal network computer did not first solicit or request the packet.
17. How does an active intrusion-detection system differ from a passive intrusion-detection system?
A device that monitors network security at a higher level is an intrusion detection system (IDS). An IDS looks at the activity on the network and what the packets are actually doing instead filtering based on where the packets came from. An active IDS (sometimes called a reactive IDS) will perform a specific function when it senses an attack, such as dropping packets or tracing the attack back to a source. A passive IDS sends information about what happened but the IDS will take no action.
18. What is a demilitarized zone (DMZ) and why is it used?
A demilitarized zone (DMZ) is a separate network that sits outside the secure network perimeter. Outside users can access the DMZ but cannot enter the secure network. In Figure 5-22 a DMZ has been set up outside of the secure network perimeter. The DMZ contains a Web server and an e-mail server, two servers that are continuously accessed by outside users, yet they never enter the secure network. By placing these servers in a DMZ it restricts the access of outside users to the secure network.
19. Explain the difference between and an intranet and an extranet.
An intranet is a network that has the same functionality as the public Internet in that it uses the same protocols (HTTP, HTTPS, etc.) but it is only accessible to trusted inside users. An organization may post human resource information for its employees that allows them to check their number of sick days or change a mailing address. If this was available on the public Web server in the DMZ it would be subject to attacks. However, by keeping this information on a secure intranet it reduces the risk of attack. An extranet is accessible to users that are not trusted internal users but instead are trusted external users. An extranet is not accessible to the general public but may allow vendors and business partners to access a company Web site. An extranet is generally established as a collaborative network that uses Internet technology to link businesses with their suppliers, customers, or other businesses that share common goals.
20. How does Network Address Translation (NAT) work?
Network Address Translation (NAT) hides the IP addresses of network devices from attackers. In a network using NAT the computers are assigned special IP addresses. Known as private addresses these IP addresses are not assigned to any specific user or organization; instead, anyone can use them on their own private internal network. Private addresses function the same as a regular IP address on an internal network. However, if any packet with a private address makes its way to the Internet the routers will drop that packet. On a network using NAT, as a packet leaves the network NAT will remove the private IP address from the sender’s packet and replace it with an alias IP address. The NAT software maintains a table of the special addresses and alias IP addresses. When a packet is returned to the NAT the process is reversed. An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender. Without that address it is more difficult to identify and attack a computer.