|
Glossary of Firewall-Related Terms
Java Security,Windows code security, Windows Server 2003 Security,Internet Explorer 7 Security and Internet Firewalls questions and answers
(Continued from previous question...)
Glossary of Firewall-Related Terms
Abuse of Privilege
When a user performs an action that they should not have, according to organizational policy or law.
Access Control Lists
Rules for packet filters (typically routers) that define which packets to pass and which to block.
Access Router
A router that connects your network to the external Internet. Typically, this is your first line of defense against attackers from the outside Internet. By enabling access control lists on this router, you'll be able to provide a level of protection for all of the hosts ``behind'' that router, effectively making that network a DMZ instead of an unprotected external LAN.
Application-Layer Firewall
A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application layer firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
Authentication
The process of determining the identity of a user that is attempting to access a system.
Authentication Token
A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Authorization
The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication: once you have authenticated a user, they may be authorized different types of access or activity.
Bastion Host
A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be ``outside'' web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware operating system.
Challenge/Response
An authentication technique whereby a server sends an unpredictable challenge to the user, who computes a response using some form of authentication token.
Chroot
A technique under Unix whereby a process is permanently restricted to an isolated subset of the filesystem.
Cryptographic Checksum
A one-way function applied to a file to produce a unique ``fingerprint'' of the file for later reference. Checksum systems are a primary means of detecting filesystem tampering on Unix.
Data Driven Attack
A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall.
Defense in Depth
The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.
DNS spoofing
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Dual Homed Gateway
A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.
Encrypting Router
see Tunneling Router and Virtual Network Perimeter.
Firewall
A system or combination of systems that enforces a boundary between two or more networks.
Host-based Security
The technique of securing an individual system from attack. Host based security is operating system and version dependent.
Insider Attack
An attack originating from inside a protected network.
Intrusion Detection
Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network.
IP Spoofing
An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.
IP Splicing / Hijacking
An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.
Least Privilege
Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.
Logging
The process of storing information about events that occurred on the firewall or network.
Log Retention
How long audit logs are retained and maintained.
Log Processing
How audit logs are processed, searched for key events, or summarized.
Network-Layer Firewall
A firewall in which traffic is examined at the network protocol packet layer.
Perimeter-based Security
The technique of securing a network by controlling access to all entry and exit points of the network.
Policy
Organization-level rules governing acceptable use of computing resources, security practices, and operational procedures.
Proxy
A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
Screened Host
A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.
Screened Subnet
A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router.
Screening Router
A router configured to permit or deny traffic based on a set of permission rules installed by the administrator.
Session Stealing
See IP Splicing.
Trojan Horse
A software entity that appears to do something normal but which, in fact, contains a trapdoor or attack program.
Tunneling Router
A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.
Social Engineering
An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems.
Virtual Network Perimeter
A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.
Virus
A replicating code segment that attaches itself to a program or data file. Viruses might or might not not contain attack programs or trapdoors. Unfortunately, many have taken to calling any malicious code a ``virus''. If you mean ``trojan horse'' or ``worm'', say ``trojan horse'' or ``worm''.
Worm
A standalone program that, when run, copies itself from one host to another, and then runs itself on each newly infected host. The widely reported ``Internet Virus'' of 1988 was not a virus at all, but actually a worm.
Other Interview Questions
- Is Java secure?
- What are the risks?
- How common are security breaches?
- Who is at risk?
- How can I protect myself?
- What about products that claim to detect malicious applets?
- What about products that claim to block Java applets at a firewall?
- Which is more secure: Java or ActiveX?
- Which version of my browser should I use?
- What about ``hostile applets?''
- I run a Web server. Am I at risk?
- What about JavaScript?
- What’s the difference between code-based security and role-based security? Which one is better?
- How can you work with permissions from your .NET application?
- How can C# app request minimum permissions?
- What’s a code group?
- What’s the difference between authentication and authorization?
- What are the authentication modes in ASP.NET?
- Are the actual permissions for the application defined at run-time or compile-time?
- # What’s the difference between local, global and universal groups?
- # I am trying to create a new universal user group. Why can’t I?
- # What is LSDOU?
- # Why doesn’t LSDOU work under Windows NT?
- # Where are group policies stored?
- # What is GPT and GPC?
- # Where is GPT stored?
- # You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?
- # You want to set up remote installation procedure, but do not want the user to gain access over it. What do you do? gponame–>
- # What’s contained in administrative template conf.adm?
- # How can you restrict running certain applications on a machine?
- # You need to automatically install an app, but MSI file is not available. What do you do?
- # What’s the difference between Software Installer and Windows Installer?
- # What can be restricted on Windows Server 2003 that wasn’t there in previous products?
- # How frequently is the client policy refreshed?
- # Where is secedit?
- # You want to create a new group policy but do not wish to inherit.
- # What is "tattooing" the Registry?
- # How do you fight tattooing in NT/2000 installations?
- # How do you fight tattooing in 2003 installations?
- # What does IntelliMirror do?
- # What’s the major difference between FAT and NTFS on a local machine?
- # How do FAT and NTFS differ in approach to user shares?
- # Explan the List Folder Contents permission on the folder in NTFS.
- # I have a file to which the user has access, but he has no folder permission to read it. Can he access it?
- # For a user in several groups, are Allow permissions restrictive or permissive?
- # For a user in several groups, are Deny permissions restrictive or permissive?
- # What hidden shares exist on Windows Server 2003 installation?
- # What’s the difference between standalone and fault-tolerant DFS (Distributed File System) installations?
- # We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box.
- # Where exactly do fault-tolerant DFS shares store information in Active Directory?
- # Can you use Start->Search with DFS shares?
- # What problems can you have with DFS installed?
- # I run Microsoft Cluster Server and cannot install fault-tolerant DFS.
- # Is Kerberos encryption symmetric or asymmetric?
- # How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
- # What hashing algorithms are used in Windows 2003 Server?
- # What third-party certificate exchange protocols are used by Windows 2003 Server?
- # What’s the number of permitted unsuccessful logons on Administrator account?
- # If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to attack the password lists, specifically the ones using NTLMv1?
- # What’s the difference between guest accounts in Server 2003 and other editions?
- # How many passwords by default are remembered when you check "Enforce Password History Remembered"?
- #1: Default protection from potentially dangerous Active X controls
- #2: Per-zone control of Active X opt-in
- #3: Site and zone locking for Active X controls
- #4: Protection against phishing
- #5: Cross-domain security
- #6: Locked down security zones
- #7: Better SSL/TLS notification and digital certificate info
- #8: Privacy protection features
- #9: Address bars
- #10: International character alert
- What is a network firewall?
- Why would I want a firewall?
- What can a firewall protect against?
- What can't a firewall protect against?
- What about viruses and other malware?
- Will IPSEC make firewalls obsolete?
- Where can I get more information on firewalls on the Internet?
- What are some of the basic design decisions in a firewall?
- What are the basic types of firewalls?
- Network layer firewalls
- Application layer firewalls
- What are proxy servers and how do they work?
- What are some cheap packet screening tools?
- What are some reasonable filtering rules for a kernel-based packet screen?
- What are some reasonable filtering rules for a Cisco?
- What are the critical resources in a firewall?
- What is a DMZ, and why do I want one?
- How might I increase the security and scalability of my DMZ?
- What is a `single point of failure', and how do I avoid having one?
- How can I block all of the bad stuff?
- How can I restrict web access so users can't view sites unrelated to work?
- What is source routed traffic and why is it a threat?
- What are ICMP redirects and redirect bombs?
- What about denial of service?
- What are some common attacks, and how can I protect my system against them?
- Do I really want to allow everything that my users ask for?
- How do I make Web/HTTP work through my firewall?
- How do I make SSL work through the firewall?
- How do I make DNS work with a firewall?
- How do I make FTP work through my firewall?
- How do I make Telnet work through my firewall?
- How do I make Finger and whois work through my firewall?
- How do I make gopher, archie, and other services work through my firewall?
- What are the issues about X11 through a firewall?
- How do I make RealAudio work through my firewall?
- How do I make my web server act as a front-end for a database that lives on my private network?
- But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?
- How Do I Make IP Multicast Work With My Firewall?
- What is a port?
- How do I know which application uses what port?
- What are LISTENING ports?
- How do I determine what service the port is for?
- What ports are safe to pass through a firewall?
- The behavior of FTP
- What software uses what FTP mode?
- Is my firewall trying to connect outside?
- The anatomy of a TCP connection
- Glossary of Firewall-Related Terms
|