Professional Documents
Culture Documents
Security Answers
Security Answers
Security Answers
what is firewall -
A firewall is a hardware or software system that prevents
. unauthorized access to or from a network
:Types
Packet filtering *
.Also referred to as static packet filtering
Controlling access to a network by analyzing the incoming
and outgoing packets and letting them pass or halting them
.based on the IP addresses of the source and destination
Statefull inspection *
.Also referred to as dynamic packet filtering
Stateful inspection is afirewall architecture that works at the
.network layer
Unlike staticpacket filtering, which examines a packet based
on the information in its header, stateful inspection tracks
each connection traversing all interfaces of the firewall and
.makes sure they are valid
An example of a stateful firewall may examine not just the
header information but also the contents of the packet up
through the application layer in order to determine more
about the packet than just information about its source and
.destination
A stateful inspection firewall also monitors the state of the
connection and compiles the information in a state table.
Because of this, filtering decisions are based not only on
administrator-defined rules (as in static packet filtering) but
also on context that has been established by prior packets
.that have passed through the firewall
Proxy *
Proxy firewalls or application gateway firewalls, are a fairly
.recent addition to mainstream security environments
Until a few years ago, the stateful inspection firewall was the
most advanced firewall protection. While stateful firewalls
can monitor open connections, they cannot inspect
.application layer traffic
Therefore, if you were to allow HTTP traffic through your
firewall, a stateful inspection firewall would not prevent an
.HTTP-based attack
Proxy firewalls, on the other hand, combine stateful
inspection technology with the ability to perform deep
application inspections
They also analyze layer 7 protocols, such as HTTP and FTP and
.monitor traffic for additional signs of attack
To make this work, the firewall must act as a proxy; that is,
the client opens a connection with the firewall (usually
unbeknownst to the client) and the firewall opens a separate
.connection to the server on the client's behalf
Proxy servers
they act as a middleman for connections between clients and
servers
They're generally used to provide content filtering and
performance enhancements (such as caching) for local user's
.Web traffic
Since most proxy firewalls can provide all of the benefits of a
proxy server, administrators typically use dedicated proxy
servers where they wish to remove the performance load
from the firewall
Utm (unified threat management ) *
Block contains ( firewall, gateway anti-virus, and intrusion
detection and prevention )
password attack -
A dictionary attack uses a word list file, which is a list of
.potential passwords
A brute-force attack is when the attacker tries every
.possible combination of characters
A hybrid attack builds on the dictionary attack method
by adding numerals and symbols to dictionary words
? what are types of hackers -
* script kiddies : based on unstructured attack
* black hat
يعمل attack , hackعلى اى سيستم بدون اى هدف معين ( اثبات نفس ..
انتقام ..فلوس )
* white hat
عنده نفس خبرة ال black hatبس بيعمل بيها defenseعشان يمنع ال
black hat
* gray hat
ممكن يشتغل كبالك او كوايت هات
? what is forensics -
digtial forensicsوهو المجال الي بيتكلم عن البحث الجنائي من الناحية
االلكترونية وازاي لو حصلت عملية اختراق التوصل للمخترق وفحص جهازه
ومعرفة طرق االختراق والداتا الي قدر يحصل عليها بتدرس فيه طرق عمل
الهارديسك وتركيبه بالتفصيل علشان تقدر ترجع الداتا لو اتمسحت بتدرس فيه ال
ramوازاي طرق استخراج المعلومات المهمة منها
فيه اجزاء كتير زي network forensics - windows forensics -hard
disk forensicsوفيه منه مجال ال malware forensicsوهو بيتكلم عن
طرق تحليل الفيروسات والملفات الضارة ومعرفة خطرها وتاثيرها في النظام
ومحاولة تتبعها للوصول للمبرمج وليه كورسات زي
CHFI CCFP SANS forensics
what are differences between risk , vulnerability and -
? threat
: Vulnerability
Weakness of system , network of device
: Threat
Potential danger posed by vulnerability
vulnerability الخطر المحتمل ان تتسببه ال
: Risk
Likelihood of a hacker taking advantage of af vulnerability and
corresponding business impact
يبدا الهاكر يستعمل نقطه الضعف ويسبب ضرر للسيستم
: " Exposure " exploit
احتمالية ان ممكن يحصل فقد في البيانات بسبب الهكر
Threat + vulnerability = Risk
? what are 5 phases of any attack -
reconnaissance (foot printing) *
ابدا اجمع معلومات عن السيستم