UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004



Similar documents
Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Stateful Firewalls. Hank and Foo

CSE543 - Computer and Network Security Module: Firewalls

- Introduction to Firewalls -

Chapter 7. Firewalls

Firewall Defaults and Some Basic Rules

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

CIT 480: Securing Computer Systems. Firewalls

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Main functions of Linux Netfilter

CSC574 - Computer and Network Security Module: Firewalls

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

CIT 480: Securing Computer Systems. Firewalls

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Technical Support Information

Overview. Firewall Security. Perimeter Security Devices. Routers

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation

Guideline on Firewall

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the

GregSowell.com. Mikrotik Security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Chapter 9 Firewalls and Intrusion Prevention Systems

How To Configure Virtual Host with Load Balancing and Health Checking

Lab Configuring Access Policies and DMZ Settings

Chapter 15. Firewalls, IDS and IPS

Assignment 3 Firewalls

Security Technology: Firewalls and VPNs

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

_Firewall. Palo Alto. How Logtrust works with Palo Alto Networks

FIREWALL AND NAT Lecture 7a

INTRODUCTION TO FIREWALL SECURITY

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Networking Basics and Network Security

Internet Security Firewalls

Module: Firewalls. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

74% 96 Action Items. Compliance

SECURITY ADVISORY FROM PATTON ELECTRONICS

Network Security Management

Firewalls. October 23, 2015

CIS 433/533 - Computer and Network Security Firewalls

Firewall Examples. Using a firewall to control traffic in networks

Firewall Firewall August, 2003

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Firewalls & Intrusion Detection

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Packet filtering and other firewall functions

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Multi-Homing Security Gateway

Connecting your Virtual Machine to the Internet. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs

Computer Security DD2395

What would you like to protect?

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

CS Computer and Network Security: Firewalls

Lecture 23: Firewalls

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Firewalls (IPTABLES)

Tutorial 3. June 8, 2015

How To Understand A Firewall

Architecture. Dual homed box Internet /8

Network security Exercise 9 How to build a wall of fire Linux Netfilter

Distributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

Chapter 4 Customizing Your Network Settings

Network Security Exercise 10 How to build a wall of fire

Computer Security: Principles and Practice

Definition of firewall

Are Second Generation Firewalls Good for Industrial Control Systems?


Chapter 4 Customizing Your Network Settings

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Computer Security DD2395

CS Computer and Network Security: Firewalls

Firewalls Overview and Best Practices. White Paper

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

Lab Configuring Access Policies and DMZ Settings

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING SEMESTER TWO EXAMINATION 2014/2015 NETWORK MANAGEMENT MODULE NO: CPU6009

Intro to Firewalls. Summary

Firewall Design Principles

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Firewalls, Tunnels, and Network Intrusion Detection

Transcription:

[CRT14] UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004 Date: Wednesday 27 th May 2015 Time: 14:00 16:00 INSTRUCTIONS TO CANDIDATES: There are SIX questions on this paper. Answer FOUR questions. All questions carry equal marks.

Computing and QUESTION 1 Page 2 of 5 1a. What is a DMZ network and identify what it would typically contain? (7 Marks) 1b. A corporate network uses internal subnets 192.168.1.0/24 and 192.168.2/24 for the internal network and 172.16.1.0/24 for the DMZ. The external interface has the address 193.63.10.6. If you were securing this network on the perimeter firewall which has interfaces on all these subnets what addresses would you routinely block, where would you block them, and why would you block them? 1c. Compare the operation of a network using: i a single firewall ii. multiple firewalls (14 marks) in terms of network design and security. (4 marks) QUESTION 2 2a. With the aid of a diagram, demonstrate how packets flow through the NetFilter iptables firewall. Include in the diagram the flow that packets would take destined for both the Forward Chain and the Input/Output Chain. Ensure that the NAT points and Filtering points are clearly available. (20 marks) 2b. What is masquerading? Under what circumstances would you use it and what are its advantages? PLEASE TURN THE PAGE...

Computing and QUESTION 3 Page 3 of 5 3a. State the advantages of stateful inspection packet filters. 3b. The very nature of a Transmission Control Protocol (TCP) as a connection oriented protocol means that the status of communication sessions can be statefully tracked. Discuss each of the states of the TCP connection involved in the connection process. You may use diagrams to assist your explanations. (15 marks) 3c. In terms of computer security, provide an overview of what a baseline is. QUESTION 4 The structure of iptables consists of 4 tables which contain a number of chains that can be thought of as an ordered set of rules. There are 5 chains that can be used within IP tables. Discuss each of the chains and which table they belong in and the purpose of that particular chain. Use a table to assist with your explanation that shows the iptables table and its built in chains. (25 marks) PLEASE TURN THE PAGE...

Computing and QUESTION 5 Page 4 of 5 5a. Outline the concept of defence-in-depth in the context of network security then explain what approach to security could be used in this context. Give examples of the types of security appliances or security software you would employ to protect a network and indicate with the aid of a diagram where these would be located. (16 marks) 5b. Saltzer and Schroeder s Principles discussed a number of principles that relate to information security. Most of these principles are still applied in today s computing infrastructure. Discuss what is meant by the term Fail-Safe Defaults and provide an example in relation to computer security. (9 Marks) QUESTION 6 6a. Intrusion Prevention Systems (IPS) are considered an extension of Intrusion Detection Systems (IDS) due to them both being used to monitor network traffic and/or system activities of potential malicious activity. The main difference is that IPS is capable of actively blocking malicious packets. Compare how IPS and IDS systems connect to a network and outline their advantages and disadvantages. (9 marks) 6b. A company with a national reputation wants to employ an Intrusion Detection System (IDS) to detect malicious activity on the DMZ and is particularly concerned that they may be vulnerable to 'Zero Day' attacks. Explain briefly what is meant by a 'Zero day attack then outline the main methods used by Network Intrusion Detection Systems giving their relative advantages and disadvantages in this context and hence identifying which of these would be appropriate for the company. (9 marks) Question 6 continues over the page... PLEASE TURN THE PAGE.

Computing and Question 6 continued Page 5 of 5 6c. A computer security consultant visiting the company in 6b makes a recommendation that the company employ a Host IDS on each critical server in the DMZ. Explain what you think his justification would be for this. (7 marks) END OF PAPER

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information