wk 4 lab 2
1. Unauthorized network probing and port scanning. IP router, firewall and network appliance operation system vulnerability.
2. An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
3. A Bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers.
4. Network Admissions Control - Where a client (supplicant) must pass muster with the networks policy server before being able to connect to resources on the network. Internal firewalls at the host level - These can be software based (personal firewalls) or hardware based such as the 3Com embedded firewalls and policy server that are host-based, hardware-embedded firewalls for desktops, servers and notebooks. These firewalls help to protect individual systems inside or outside the perimeter, wherever an additional layer of security is needed.
5. IP stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.
6. Apply strict security monitoring controls for intrusion detection and prevention.
7. The network element must have assigned all users with the lowest
2. An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
3. A Bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers.
4. Network Admissions Control - Where a client (supplicant) must pass muster with the networks policy server before being able to connect to resources on the network. Internal firewalls at the host level - These can be software based (personal firewalls) or hardware based such as the 3Com embedded firewalls and policy server that are host-based, hardware-embedded firewalls for desktops, servers and notebooks. These firewalls help to protect individual systems inside or outside the perimeter, wherever an additional layer of security is needed.
5. IP stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.
6. Apply strict security monitoring controls for intrusion detection and prevention.
7. The network element must have assigned all users with the lowest