Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

End of Chapter Solutions Template

advertisement 
Guide to Firewalls and Network Security
Chapter 9 Solutions
Review Questions
1.
What do VPNs do that firewalls cannot do?
Answer: C. The other answers are all functions that firewalls can perform whether or not they also
help establish a VPN.
2.
Which of the following is a limitation of using leased lines to set up a private network?
Answer: D
3.
Which of the following is a limitation of using a VPN rather than a leased line?
Answer: C. VPNs can be unreliable because they rely on the public Internet, and if part of that Internet
that helps create the VPN goes down, the VPN becomes unusable.
4.
Why would you choose a VPN that is built into a firewall rather than a VPN appliance or a router?
(Choose all that apply.)
Answer: A, B, D. Hardware appliance VPNs can be just as secure as firewall-based VPNs. But a
firewall that you have already configured makes it relatively convenient to set up a VPN.
5.
Why is it particularly easy to set up a VPN with Check Point FireWall-1?
Answer: B. It’s true that FireWall-1 can perform encryption and authentication but these are not
reasons why it’s easier to set up a VPN with the product.
6.
Why is the term tunnel misleading?
Answer: It implies that there is a single dedicated cable linking one computer or network to another,
but in reality, the VPN uses the public Internet to join the two networks. The “privacy” in VPN comes
from encryption, encapsulation, and authentication.
7.
Which of the following is a downside of using a proprietary VPN protocol such as FWZ?
Answer: A. FWZ provides for 40-bit encryption which, while lower than other methods, is still a
relatively strong level of encryption.
8.
Why is authentication an essential part of a VPN? (Choose all that apply.)
Answer: B, C
9.
How are the participants in a VPN actually authenticated?
Answer: C
10. Which of the following protocols does not provide for client-to-site authentication on its own?
Answer: D
11. Which of the following is a benefit of setting up a VPN rather than a leased line? (Choose all that
apply.)
Answer: B, C, D. VPNs are actually less reliable than leased lines, but they are faster and less
expensive.
12. Which of the following is a special consideration you need to take into account when setting up
multinational VPN?
Answer: A. While it’s true that different electrical systems are used in some countries, this doesn’t
affect the operation of the VPN specifically.
Guide to Firewalls and Network Security
Chapter 9 Solutions
13. Why would you consider purchasing a VPN appliance rather than installing less expensive VPN
software? (Choose all that apply.)
Answer: B, D
14. Aside from the fact that they’re less expensive, under what circumstances does using a software VPN
give you an advantage over a VPN appliance?
Answer: D. Software VPNs scale well with fast-growing companies.
15. Finish this sentence: A record that a VPN terminator checks to see if a security association exists is
called a _______...
Answer: C
16. A mesh VPN configuration is ideal in what situation?
Answer: A. It would be advantageous if all participants used the same ISP because this would speed
communications, but it’s not relevant in choosing a VPN configuration.
17. A hub-and-spoke VPN configuration is ideal in what situation? (Choose all that apply.)
Answer: B, C. A is incorrect because a mesh configuration tends to operate more quickly than a huband-spoke configuration, where all communications have to pass through a single node.
18. What is the VPN protocol most widely used today?
Answer: D. IPSec provides powerful encryption and authentication and is an Internet standard
supported by many software and hardware manufacturers.
19. Tunnel mode seems like the obvious choice in using IPSec to secure communications through a VPN
tunnel; what’s the potential drawback with it?
Answer: B
20. PPTP is an older VPN protocol that is mainly used when older client computers, but it has one
advantage over the more recent L2TP. What is it?
Answer: D. PPTP is used to link remote users to networks, not sites to sites. In addition, L2TP is
compatible with firewalls and packet filters.
Hands-on Projects
Project 1
n/a
Project 2
n/a
Project 3
n/a
Project 4
n/a
Project 5
n/a
Project 6
The secret, because it is used for authentication, should have the properties of a good password: it should
be relatively short (perhaps 7-9 characters), contain a mixture of numerals and characters, is relatively easy
to remember, and not written down where others can discover it.
Guide to Firewalls and Network Security
Chapter 9 Solutions
Project 7
n/a
Case Projects
Case Project 1
Since all offices need to participate in the VPN and you have a small VPN to begin with, you should
probably convert all offices that need to participate in the VPN to a hub-and-spoke configuration.
Alternatively, you could keep the existing mesh configuration for the local offices and use a hub-and-spoke
arrangement for the overseas ones.
Case Project 2
The easiest way to expand the network would be to simply add another spoke to the hub and extend it to the
distribution center. However, because speed is of the essence you should probably set up a separate mesh
configuration linking the central office, the branch office, and the distribution center.
Case Project 3
One alternative would be to check the Asian company’s ISP connection. Go to the ISP’s Web site, and email the branch office’s network administrator, in order to determine if the network has been running
slowly or if there have been a significant number of slowdowns. If there have, you should recommend that
a new ISP be found—preferably one that is already being used by other offices in the VPN. Another
alternative is to increase the bandwidth available to the central VPN router, which is responsible for
directing traffic to and from the overseas branch offices.
Case Project 4
The probable cause is the use of transport method, which encrypts and decrypts packets outside the packet
filters at the perimeter of the two LANs. Packets pass through the packet filter in encrypted form, so that
their contents are not filtered. Switching to tunnel mode would cause packets to be encrypted and decrypted
inside the packet filtering perimeter which would reduce the chances that corrupted packets could be
allowed into the second LAN.
Guide to Firewalls and Network Security
Chapter 9 Solutions
Related documents
Peplink SpeedFusion
Peplink SpeedFusion
Establishment of the VPN connection with the
Establishment of the VPN connection with the
VPN_Request - ANS Group Plc
VPN_Request - ANS Group Plc
3.3d - mr-damon.com
3.3d - mr-damon.com
Chapter 13
Chapter 13
Ch. 6 - Teleworker Services - Information Systems Technology
Ch. 6 - Teleworker Services - Information Systems Technology
201193040347
201193040347
About GeoEdge - Fiddler Book
About GeoEdge - Fiddler Book
Download
advertisement