• Choose a category
• All
• Classic-Fiction

You’ll need to verify that IP forwarding and routing services aren’t running on this server.

Anytime you have a system that is configured with more than one IP address, it can be said to be multihomed.

The proxy function can occur at either the application level or the circuit level. Application-level proxy functions read the individual commands of the protocols that are being served. This type of server is advanced and must know the rules and capabilities of the protocol used. An implementation of this type of proxy must know the difference between GET and PUT operations, for example, and have rules specifying how to execute them. A circuit-level proxy creates a circuit between the client and the server and doesn’t deal with the contents of the packets that are being processed.

A unique application-level proxy server must exist for each protocol supported. Many proxy servers also provide full auditing, accounting, and other usage information that wouldn’t normally be kept by a circuit-level proxy server.

Stateful Inspection Firewalls

The last section on firewalls focuses on the concept of stateful inspection. Stateful inspection is also referred to as stateful packet filtering. Most of the devices used in networks don’t keep track of how information is routed or used. After a packet is passed, the packet and path are forgotten. In stateful inspection (or stateful packet filtering), records are kept using a state table that tracks every communications channel. Stateful inspections occur at all levels of the network and provide additional security, especially in connectionless protocols such as User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP). This adds complexity to the process. Denial-of-service (DoS) attacks present a challenge because flooding techniques are used to overload the state table and effectively cause the firewall to shut down or reboot.

For the exam, remember that pure packet filtering has no real intelligence. It allows data to pass through a port if that port is configured and otherwise discards it—it doesn’t examine the packets. Stateful packet filtering, however, has intelligence in that it keeps track of every communications channel.

Hubs

One of the simplest devices in a network is a hub. Although it’s possible to load software to create a managed hub, in its truest sense, a hub is nothing more than a device allowing many hosts to communicate with each other through the use of physical ports. Broadcast traffic can traverse the hub, and all data received through one port is sent to all other ports. This arrangement creates an extremely unsecure environment should an intruder attach to a hub and begin intercepting data.

Broadcasts are messages sent from a single system to the entire network. Multicasting sends a message to multiple addresses. Unicasts are multicast formatted but oriented at a single system.

Some of the more expensive hubs do allow you to enable port security. If this is enabled, each port takes note of the first MAC address it hears on that port. If the MAC address changes, the hub disables the port. Port security increases the level of security on the LAN, but it can also increase the administrator’s workload if you reconfigure your environment often.

For exam purposes, think of hubs as, by default, being unsecure LAN devices that should be replaced with switches for security and increased throughput.

Modems

A modem is a hardware device that connects the digital signals from a computer to an analog telephone line. It allows the signals to be transmitted longer distances than are normally possible. The word modem is an amalgam of the words modulator and demodulator, which are the two functions that occur during transmission.

Modems present a unique set of challenges from a security perspective. Most modems answer any call made to them when connected to an outside line. After the receiving modem answers