Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.
- As security administrator for your organization, you discover that an attacker has successfully authenticated onto the network using your personal credentials. You suspect that the attacker captured and replayed one of your earlier remote sessions. In an effort to prevent further attacks (and clear your name) you implement IPSec using ESP. Will this address the problem? Why or why not?
- The Payroll department shares sensitive data with an internal Accounting department. Data includes the salaries of every employee in your organization. To maintain confidentiality of this data and prevent possible manipulation during transmission, you decide to implement IPSec using the AH protocol. Will this address your concerns?
- The same Payroll department decides to outsource its accounting needs to an external accounting company. They set up IPSec using AH and ESP in tunnel mode between the tunnel servers in the perimeter networks of the two organizations. Files are copied between the two organizations and transmitted in the tunnel. Does this solution prevent inspection of the files as they're transmitted from the Payroll department to the external accounting company?
- Last year you successfully thwarted a well-known hacker who was using a Telnet attack against your organization's FTP server. You did this by blocking the Telnet protocol at your firewall. Now it appears that the attacker has again gained access to the computer by launching the Telnet attack from another computer in your organization's DMZ. What could you do to prevent any Telnet connections to the FTP server?
- What security risks exist when preshared keys are used to authenticate IPSec SAs?
- When data is protected using IPSec AH, are there any fields in the IP packet that aren't protected from modification? Why or why not?