Common risks, threats, and vulnerabilities Essay

1. What are some common hazards. menaces. and exposures normally found in the LAN-to-WAN Domain that must be mitigated through a superimposed security contrivance? A superimposed security scheme allow for em bring up Rouge protocols such as Bit excavation and P2P. unlicenced web scanning and examining. and un classic entree to the web. 2. What is an Access potency List ( ACL ) and how is it utile in a superimposed security scheme? An ACL is a Control list which will let or deny traffic or winds based on specifications defined in the ACL. This ACL by and large is applied and tack together on Firewalls. It is utile in a superimposed security attack because from an External point of view it become the first line of defence when hosts endeavour to link to the web.3. What is a Bastion Host? Provide an illustration of when a Bastion Host should be used and how. A Bastion Host is a host that is minimally configured package firewall incorporating merely necessary software/services. Th ese are besides referred to as bare metal or lite and is managed to be overly secure through a minimalist attack. All traffic coming is directed to the Bastion or screened host . Outbound traffic is non direct through it. The most common menace to the Bastion Host is to the operating system that is non hardened with extra security applications.4. Supply at least ii illustrations of how the enclave demand to put a firewall at the margin can be accomplished. a. Puting a firewall between two routers and another firewall before a DMZ would be the best demand pick to utilize 5. What is the difference between a traditional IP Stateful Firewall and a Deep Packet Inspection Firewall? a. IP Stateful firewall review article takes topographic point in bed 4. when traffic efforts to track the firewall a requested a beginning port and a finish port brace become portion of the session leting the beginning to have nurture. Stateful review firewalls solve the exposure of allowing all the high n umbered ports by making a tabular start incorporating the outbound connexions and their associated high numbered port ( s ) . b. Firewalls utilizing deep package review provides sweetenings to Stateful firewalls Stateful firewall is still susceptible to assail even if the firewall is deployed and working as it should be. By adding application-oriented logical system into the hardware. basically uniting IDS into the firewall traffic. Deep Packet Inspection uses an Attack Object Database to hive away protocol anomalousnesss and onslaught traffic by grouping them by protocol and security degree.6. How would you supervise for unauthorised direction entree efforts to gauzy systems? Acls and audit logs can be leveraged to corroborate which station is trying to do the unauthorised connexion. 7. Describe Group ID ( Vulid ) V-3057 in the Network IDS/IPS Implementation Guide provided by DISA? A direction waiter is a centralised device that receives information from the detectors or agents 8. What is the significance of VLAN 1 traffic within a Cisco Catalyst LAN Switch? Describe the exposures associated if it traverses across unneeded bole. VLAN1 traffic will incorporate the STP or crossing tree traffic. CDP traffic. and Dynamic trunking traffic to call a few. If unneeded traffic traverses the bole it could do the switch derangement doing it to travel down or go inoperable.9. At what logging degree should the syslog service be configured on a Cisco Router. Switch. or Firewall device? Syslogs traps should be configured at degrees 0-6. Loging Level 2 10. Describe how you would implement a superimposed. security scheme within the LAN-to-WAN Domain to back up authorised remote user entree while denying entree to unauthorised users at the net profit ingress/egress point. To implement a superimposed security scheme for distant user entree. we would get down with an application based login. such as a VPN -SSL hallmark so pair it with LDAP on a gas constant or Tacacs+ serv ice. LDAP is bound to Active directory which will leverage Role based entree controls to look into group permissions.11. As defined in the Network root word Technology Overview. Version 8. Let go of 3. describe the 3 beds that can be found in the DISA Enclave Perimeter leveled security solution for Internet ingress/egress connexions ( i. e. . DMZ or Component Flow ) . 3 types of beds found in the Enclave Perimeter Component Flow include the Network layer security. Application layer security and security of the existent applications themselves. 12. Which device in the Enclave Protection Mechanism Component Flow helps extenuate hazard from users go againsting congenial usage and unwanted web sites and URL links? The Web Content Filter13. True or False. The Enclave Protection Mechanism includes both an internal IDS and away IDS when linking a closed web substructure to the public Internet. True. it is required to hold foreign IDS every bit good as internal IDS. Requirements includ e holding a firewall and IDS in between thecyberspace confronting router and the internal. premise . and router. 14. True or False. Procuring the enclave merely requires perimeter security and firewalls. False. procuring the enclave includes a superimposed firewall attack both on the inner and outside of the web. Sensitive informations can be secured from other sections of the internal web ( internal ) every bit good as Internet links ( external ) . 15. What is the primary aim of this STIG as is relates to web substructures for DoD webs? STIG. or Security Technical Implementation Guide. is an intended usher to diminish exposures and potency of losing sensitive informations. The usher focuses on web security. giving security considerations for the enforced web. The STIG besides covers the degree of hazards and the associated acceptable degrees to said hazards.