Guide to firewalls and VPNS third edition 2611 chapter 8 review 1. A bastion hos

Question

Guide to firewalls and VPNS third edition

2611 chapter 8 review

1. A bastion host provides only one network service, and that service is a firewall. True or false?

2. If it’s ideal to run only one service on a bastion host, what are the obstacles to configuring multiple hosts on a network?

3. What’s the purpose of going through the time and effort of documenting every step involved in bastion host configuration?

4. What are the primary features of the “healthy paranoia’’ you should adopt when configuring a bastion host?

5. Describe the ideal operating system for bastion host.

6. What is benefits of using an application like Microsoft compliance manager? What does it do

7. What are the criteria for grouping services on the same bastion host?

8. What are dependency services?

9. What are the three important things to consider when choosing a bastion host OS?

10. What is a baseline, and why is it important in the context of a bastion host?

Explanation / Answer

        Answer: False: While it’s ideal to run only one service on the bastion host, it may not be economically feasible to do so. And the service does not have to include a firewall: bastion hosts can be configured to run a Web server, DNS server, and other services.

2.If it’s ideal to run only one service on a bastion host, what is the obstacle to configuring multiple hosts on a network? What’s to stop you from recommending the installation of as many bastion hosts as you have services?

Answer: Configuring multiple bastion hosts requires the purchase of multiple dedicated services, and the complexity of configuration increases with each bastion host.

3.What’s the purpose of going through the time and effort of documenting every step involved in bastion host configuration?

Answer: In case of a system crash, you need to get up and running again quickly, and having documentation at hand can help you identify what systems to check.

4.What are the primary characteristics of the attitude of “healthy paranoia” that you should adopt when configuring a bastion host? Name three specific qualities.

Answer: You assume that you will be attacked at some point, that you don’t know where the attack will come from, and that you cannot trust even resources with which you are normally familiar.

5. Describe the ideal operating system for bastion host.

Answer: A. The actual choice of operating system is not as important as the administrator’s familiarity with it, so configuration or recovery can be performed quickly and efficiently.

6. What is benefits of using an application like Microsoft compliance manager? What does it do

Answer:Excellent choices for bastion host operating systems

Reliability and widespread use as servers

Security Compliance Manager

Disable

NetBIOS interface, Server service, and Workstation service

Set up logging for:

Account logon and logoff, object access, policy changes, privilege use, and system events

7. What are the criteria for grouping services on the same bastion host?

Answer:You can divide services into four classes:

Services that are secure

Services in this category can be provided via packet filtering, if you're using this approach. (In a pure-proxy firewall, everything must be provided on a bastion host or not provided at all.)

Services that are insecure as normally provided but can be secured

Services in this category can be provided on a bastion host.

Services that are insecure as normally provided and can't be secured

These services will have to be disabled and provided on a victim host (discussed earlier) if you absolutely need them.

Services that you don't use or that you don't use in conjunction with the Internet

You must disable services in this category.

We'll discuss individual services in detail in later chapters, but here we cover the most commonly provided and denied services for bastion hosts.

Electronic mail (SMTP) is the most basic of the services bastion hosts normally provide. You may also want to access or provide information services such as:

FTP

File transfer

HTTP

Hypertext-driven information retrieval (the Web)

NNTP

Usenet news

In order to support any of these services (including SMTP), you must access and provide Domain Name System (DNS) service. DNS is seldom used directly, but it underlies all the other protocols by providing the means to translate hostnames to IP addresses and vice versa, as well as providing other distributed information about sites and hosts.

8.What are dependency services?

Answer:

9.What are the three important things to consider when choosing a bastion host OS?

Answer: 1. Familiarity on the part of the administrator

        2. Compatibility with other computers on the network

        3. Availability of needed services

        4. Stability

        5. Security

What is a baseline, and why is it important in the context of a bastion host?

Answer:

By testing it for vulnerabilities and evaluating its performance

Establish a baseline for system performance

Level of performance that you consider acceptable and against which the system can be compared

Check system logs, event logs, and performance information

Record the information you uncover.Do not use production servers for testing

Related Questions

Navigate

• Browse (All)
• Browse G
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.