60. What are two common techniques used to protect a password file? Ans:
One-way encryption: The system stores only an encrypted form of the user's password. When the user presents a password, the system encrypts that password and compares it with the stored value. In practice, the system usually performs a one-way transformation (not reversible) in which the password is used to generate a key for the encryption function and in which a fixed-length output is produced.
Access control: Access to the password file is limited to one or a very few accounts.
61. List the direct approaches that can be implemented to counter insider attacks. Ans:
a. Enforce least privilege, only allowing access to the resources employees need to do their job.
b. Set logs to see what users access and what commands they are entering.
c. Protect sensitive resources with strong authentication.
d. Upon termination, delete employee’s computer and network access.
e. Upon termination, make a mirror image of the employee’s hard drive before reissuing it. That evidence might be needed if your company information turns up with a competitor.
62. What is a salt in the context of UNIX password management? Ans:
The salt is combined with the password at the input to the one-way encryption routine.
63. List and briefly define techniques used to avoid guessable passwords. Ans:
User education: Users can be told the importance of using hard-toguess passwords and can be provided with guidelines for selecting strong passwords.
Computer-generated passwords: Users are provided passwords generated by a computer algorithm.
Reactive password checking: the system periodically runs its own password cracker to find guessable passwords. The system cancels any passwords that are guessed and notifies the user.
Proactive password checking: a user is allowed to select his or her own password. However, at the time of selection, the system checks to see if the password is allowable and, if not, rejects it.
64. List three design goals for a firewall. Ans:
a. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible, as explained later in this section.
b. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of security policies, as explained later in this section.
c. The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating system.
65. List four techniques used by firewalls to control access and enforce a security policy. Ans:
Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address and TCP port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service.
Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
User control: Controls access to a service according to which user is attempting to access it. This feature is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic from external users; the latter requires some form of secure authentication technology; such as is provided in IPSec.
Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam, or it may enable external access to only a portion of the information on a local Web server.
66. What information is used by a typical packet-filtering router? Ans:
Source IP address: The IP address of the system that originated the IP packet.
Destination IP address: The IP address of the system the IP packet is trying to reach. Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET.
IP protocol field: Defines the transport protocol.
Interface: For a router with three or more ports, which interface of the router the packet came from or which interface of the router the packet is destined for.
67. List and briefly defined the different between all types of firewalls. Ans:
Packet filtering firewall: Applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.
Stateful inspection firewall: Tightens up the rules for TCP traffic by creating a directory of outbound TCP connections. There is an entry for each currently established connection. The packet filter will now allow incoming traffic to high-numbered ports only for those packets that fit the profile of one of the entries in this directory.
Application proxy firewall: Acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints. If the gateway does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall. Further, the gateway can be configured to support only specific features of an application that the network administrator considers acceptable while denying all other features
Circuit-level proxy firewall: As with an application gateway, a circuit-level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed.
68. What is a DMZ network and what types of systems would you expect to find on such networks? Ans:
Between internal and external firewalls are one or more networked devices in a region referred to as a DMZ (demilitarized zone) network. Systems that are externally accessible but need some protections are usually located on DMZ networks. Typically, the systems in the DMZ require or foster external connectivity, such as a corporate Web site, an e-mail server, or a DNS (domain name system) server.