REM 300 Study Guide - Midterm Guide: Port Scanner, Malware, Phishing
Module 8 (Chapter 8)
Difference between Stateful and Stateless firewalls:
A stateful firewall is able to inspect each incoming packet to determine whether it belongs
to a currently active connection (called a stateful inspection) and is, therefore, a legitimate
packet.
A stateless firewall manages each incoming packet as a stand-alone entity without regard
to currently active connection.
The main difference between these two is that one firewall can monitor packets according
to existing traffic streams (stateful), while the other (stateless) manages each packet as a
stand-alone entity and does not associate it with existing traffic streams. Stateless firewalls
are faster than stateful firewalls, however they are not as sophisticated.
Major Security Risks:
Phishing= Posing as someone needing information
Transmission interception = Jamming
RF Emanation = Created by the leaking of signals from equipment
Eavesdropping = Networks connecting to the Internet via leased public lines
Sniffing = Data travelling over public wireless networks
Port Access via port scanner = unused switch, router, server ports not secured
Private address availability to outside = routers not properly configured to mask
internal subnets
Computers hosting sensitive data = May coexist on same subnet as public computers
*** a proxy service is a software application on a network host that acts as an
intermediary between the external and internal networks
Malware Risks and Infections:
- Malicious software:
• Program designed to intrude upon or harm system, resources (e.g. viruses, Trojan
horses, worms, bots)
Virus= Replicating program with intent to infect more computers (replicates through
network connections or exchange of external storage devices)
Trojan horse (Trojan) = program that disguises itself as something useful (actually harms
your system)
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
A stateful firewall is able to inspect each incoming packet to determine whether it belongs to a currently active connection (called a stateful inspection) and is, therefore, a legitimate packet. A stateless firewall manages each incoming packet as a stand-alone entity without regard to currently active connection. The main difference between these two is that one firewall can monitor packets according to existing traffic streams (stateful), while the other (stateless) manages each packet as a stand-alone entity and does not associate it with existing traffic streams. Stateless firewalls are faster than stateful firewalls, however they are not as sophisticated. Rf emanation = created by the leaking of signals from equipment. Eavesdropping = networks connecting to the internet via leased public lines. Sniffing = data travelling over public wireless networks. Port access via port scanner = unused switch, router, server ports not secured. Private address availability to outside = routers not properly configured to mask internal subnets.