1. What is a firewall and how does it work?

A firewall prevents a specific type of information from moving between the untrusted network and the trusted network. The trusted network consists of known computers that are allowed to access network resources and the untrusted network consists of all other computers.

2. What is the difference between a packet filtering firewall and an application firewall(Proxy)?

Packet filtering firewalls simply filter individual data packets based on their headers as they are transmitted out and in an organizations network. The application firewall(Proxy) is a second generation firewall and it uses software designed to serve as a proxy for a service request. For example, if an outside user wanted to look at a web page instead of exposing the web server the proxy server would maintain traffic between the outside world and the web server. This helps prevent attacks on servers and limits the information that can be gained about the server.

3. What is the DMZ?

The DMZ is the demilitarized zone. This means that it is still part of the untrusted network, but that known devices that are trusted exist on it. Also this part of the network is where security checkpoints like firewalls live and where most attacks will occur.

4. What is a honeypot?

A honeypot is a server that is dedicated to tricking hackers. It will be a seperate machine somewhere in the DMZ that will look like a vulnerable target. Oftentimes it will be disguised as an unpatched webserver with open ports that looks like a viable target for compromising. The machine is configued with special software that will make it look like a machine, or possibly a complete network with thousands of computers behind it. However, it is actually a hardened server that will track any attacks that are made to the faux machine/network. This red herring will attract enemies and hopefully keep them away from the real network long enough for administrators to stop any real threat from taking place.

5. What is the difference between screened host firewall architecture and screened subnet firewall architecture?

Screened host firewalls combine packet filtering with proxy techniques. This allows for a more secure network than with just a proxy server. It caches data about the network and decides what should be allowed to pass through. Screened subnet firewalls have multiple screed host firewalls and create a DMZ, the DMZ provides more security for the internal network and further prevents unwanted information from the outside world from being able to pass through the network. The screened subnet firewall definitely makes the internal network more secure.

6. What is the difference between Network Intrusion Detection Systems and Host Intrusion Detection Systems?

Host based IDS resides on a server and monitors activity on the system. The IDS records any changes in file size or placement on a network. Host IDS also log predefined events and examine the files and logs for continuity to determine if an attack has occurred. These provide quality security alerts and can be classified into hierarchical emergency events based on urgency and malevolence. NIDS's monitor network traffic, unlike the host based IDS which only reviews information on one host, the network based IDS looks at the traffic and determines if changes to file attributes have been made, or if anamolous levels of traffic have occurred.

7. Is it illegal to port scan?

Scanners are used to find vulnerabilities in a system. Allowing port scanning would increase the chances of being attacked. Therefore, most organization have security infrastructure in place to recognize a port scan and block it. If an organization maintains and checks logs or has a policy in place that alerts adminstrators of a port scan then it is possible for them to track the threat and identify where the scans are coming from. Although port scanning is not necessarily illegal some ISP's have policies against their customers doing it and if notified they will cancel their service to violators.

8. What is a packet sniffer? What does it do?

Packet sniffers can tell the user all of the data that is included in a packet payload, header and footer. This can be a very valuable tool not only because a user could read transmissions of classified data, but IP and MAC addresses of internal trusted computers could be compromised and a hacker could use this information to learn about a network. A packet sniffer does not decrypt packets.

13.What is a VPN?

A Virtual private network is widely popular because it prevents transmissions from one virtual network from being seen by computers not on that network. This increases security and disallows computers that should not be able to interact with transmissions from interacting, this is one method used to stop packet sniffing.

14.What is NAT'ing?

NAT'ing is short for Network Address Translation. Nat'ing offers several security benefits to network adminstrators. The primary benefit being its ability to hide the IP addresses of the internal machines communicating over the internet. NAT'ing allows clients to use private IP addresses on their internal network and still have access to the internet by routing them through a firewall or proxy server. This is where the "address translation" takes place. By modifying the packets going from and coming into the network the computers are able to communicate effectively and more securely.