Chapter 9: Implementing Secure Network Designs with complete solution
5 views 0 purchase
Course
Nursing education
Institution
Nursing Education
Chapter 9: Implementing Secure Network Designs with complete solution
Consider the types of zones within a network's topology and locate the zone considered semi-trusted and requires hosts to authenticate to join.
A.) Private network
B.) Extranet
C.) Internet
D.) Anonymous
B
This is a ne...
Chapter 9: Implementing Secure Network Designs with
complete solution
Consider the types of zones within a network's topology and locate the zone
considered semi-trusted and requires hosts to authenticate to join.
A.) Private network
B.) Extranet
C.) Internet
D.) Anonymous
B
This is a network of semi-trusted hosts, typically representing business partners,
suppliers, or customers. Hosts must authenticate to join
Extranet Zone
This is a network of trusted hosts owned and controlled by the organization. This
type of trusted host network is under administrative control and subject to the
security mechanisms set up to defend the network.
Private Network (Intranet)
This or guest, zones permit anonymous access by untrusted hosts over the
Internet. This can also be a mix of anonymous and authenticated access.
Internet
Typical network security weaknesses include:
-Single points of failure—a "pinch point" relying on a single hardware server or
appliance or network channel.
-Complex dependencies—services that require many different systems to be available. I
-Availability over confidentiality and integrity—often it is tempting to take "shortcuts" to
get a service up and running.
-Lack of documentation and change control—network segments, appliances, and
services might be added without proper change control procedures, leading to a lack of
visibility into how the network is constituted.
-Overdependence on perimeter security—if the network architecture is "flat" (that is, if
any host can contact any other host), penetrating the network edge gives the attacker
freedom of movement.
These forward frames between nodes in a cabled network. Switches work at layer
2 of the OSI model and make forwarding decisions based on the hardware or
Media Access Control (MAC) address of attached nodes.
Switches
These can establish network segments that either map directly to the underlying
cabling or to logical segments, created in the switch configuration as virtual
LANs (VLANs).
Switches
These provide a bridge between a cabled network and wireless clients, or
stations. APs work at layer 2 of the OSI model.
Wireless access points
, These forward packets around an internetwork, making forwarding decisions
based on IP addresses. They work at layer 3 of the OSI model and can apply
logical IP subnet addresses to segments within a network.
Routers
These apply an access control list (ACL) to filter traffic passing in or out of a
network segment. They can work at layer 3 of the OSI model or higher.
Firewalls
This distribute traffic between network segments or servers to optimize
performance. It can work at layer 4 of the OSI model or higher.
Load Balancer
This host name records and perform name resolution to allow applications and
users to address hosts and services using fully qualified domain names (FQDNs)
rather than IP addresses. DNS works at layer 7 of the OSI model.
Domain Name System (DNS) servers
This maps a network interface's hardware (MAC) address to an IP address.
Normally a device that needs to send a packet to an IP address but does not
know the receiving device's MAC address broadcasts an ARP Request packet,
and the device with the matching IP responds with an ARP Reply.
Address Resolution Protocol (ARP)
Where should an administrator place an internet-facing host on the network?
A.) DMZ
B.) Bastion host
C.) Extranet
D.) Private network
A
This is a protected but untrusted area (zone) between the Internet and the private
network. Traffic can not pass through this, but it enables external clients to
access data on private systems, such as web servers, without compromising the
security of the entire internal network.
Demilitarized Zones
This reside in a DMZ and are not fully trusted by the internal network due to the
possibility of Internet compromise.
Bastion hosts
There are several types of security zones on a network. Analyze network
activities to determine which of the following does NOT represent a security zone.
A.) DMZ
B.) Screened host
C.) Wireless
D.) Guest
B
This is when a smaller network accesses the Internet using a dual-homed
proxy/gateway servers. This uses two firewalls placed on either side of the DMZ.
The edge firewall restricts traffic on the external/public interface and allows
permitted traffic to the hosts in the DMZ.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LECTMAGGY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.48. You're not tied to anything after your purchase.
