Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.
- Your organization compiles data for the local blood bank. How should you configure your database server so that certain fields (such as blood type and quantity) are accessible to external hospitals and emergency response organizations while other fields (such as disease screening and donor identity) are kept confidential?
- You're the manager for your organization's new firewall. You must restrict access to a Web server (10.10.10.10) in your DMZ to allow only HTTP and HTTPS protocol access, but your attempts to do that have been unsuccessful. The following table shows the list of packet filters that you configured at the external firewall to protect the servers located in your DMZ. What's wrong with the packet filter list?
Protocol | Source IP | Source Port | Target IP | Target Port | Transport Protocol | Action |
HTTP | Any | 80 | 10.10.10.10 | Any | TCP | Allow |
HTTPS | Any | 443 | 10.10.10.10 | Any | TCP | Allow |
- In the following table, enter the correct packet filters for your organization's firewall to allow HTTP and HTTPS connections to your Web server located at 10.10.10.10 in your DMZ.
Protocol | Source IP | Source Port | Target IP | Target Port | Transport Protocol | Action |
| | | | | | |
- Contoso uses a DMZ to protect resources exposed to the Internet. What security weaknesses do you see in the DMZ configuration proposed in Figure 14.29?
Figure 14.29 Proposed DMZ configuration for Contoso Ltd.
- The news has just reported that computer intruders have taken control of an army of remote "zombie" computers. The bandwidth of all those computers will be targeted at a single target Web site, "flooding" the Web site with partial connections and effectively shutting it down. List two ways you can protect your e-business Web site.
- During a routing inspection of the Web server in your DMZ, you discover that an unauthorized software application is installed on your Web server. The software application is a Trojan horse that collects passwords. What could you do to prevent this sort of attack? What measure must you take for private network security because of this attack?
Answers