?
Solved

Web Security and Network Questions

Posted on 2015-01-27
11
Medium Priority
?
148 Views
Last Modified: 2015-02-15
I am trying to find answers for these questions, i had around 50 questions that i got the answers, for these questions it seems like i need clarification not just answers :-)

1. What cipher suite/algorithm/bit length would you use to secure traffic to your web site and explain the reasoning behind it?
2.For compliance purposes you need to log all the connections going to the webserver on your ASA firewall, how do you implement that?
3.You have noticed that you webserver is under heavy duress because it is serving so many image files embedded in your web pages. Suggest three temporary ways that you can reduce the load on your web server by serving the images from a different location (you can utilize F5, Cisco Router or ASA firewall).
4.What does the following Cisco access list match: access-list 11 permit 192.168.1.0 255.1.1.252?
0
Comment
Question by:Leo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
11 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40575877
0
 
LVL 8

Author Comment

by:Leo
ID: 40576370
Yes agree....you can say its homework.....and as i mentioned in the start of the question i was able to find answers for 46 of them....these 4 I am not clear on the concept....thats why i asked......
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40576403
So are you unclear on the questions, or just the answers? I am more than happy to discuss the questions, which should help you arrive to the answers.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 8

Author Comment

by:Leo
ID: 40576432
I only can understand the concept of question 3, rest of the questions i dont really understand what i have to do, to find the answer.
0
 
LVL 8

Author Comment

by:Leo
ID: 40576461
so if you please briefly explain me the questions....then answers will make more sense :-)
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40576618
I was composing a nice answer on my computer but had to leave.
1. Talking about SSL/TLS. Look at the great info at ssllabs.com
2. Google "Asa logging"
3. You already have an idea, but review what a router, firewall, and products from F5 Networks can do.
4. This is a tough one. Review Cisco access lists and bit masks. Most networking people won't know how to answer this one.
0
 
LVL 8

Author Comment

by:Leo
ID: 40576804
I have understanding now about SSL/TLS, but dont know how to answer that question.
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40576807
May another mean is asking yourself more qns to each
1. What protocol and traffic you are protecting? What threats are the website (or its data) exposed to and controls possible? Will the largest crypto key size be the most secure means to safeguard? Will we need symmetric and/or asymmetric crypto? What is the acceptable web experience that user needs for securing the website?

2. What is the purpose of logging - just compliance? How will the logging impact web server? What option of logging is available and verbosity required to log and comply? What log can be supported in device and off device? Any single of failure possible?

3. Why is many static instead of dynamic content retrieved? What is baseline for normal, peak and non-peak period traffic usage of website? Will the high usage or duress legit traffic? Will there be need for high availability or load balancing or both?

4. Maybe some tips online on ACL may help on what is there a "number 11" and what is "192.168.1.0 255.1.1.252"
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/
and another use case http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/nwacc_f.html
0
 
LVL 64

Expert Comment

by:btan
ID: 40576808
SSL/TLS has different cipher suite the ssllab shared has best practices which you can kickstart some findings..https://www.ssllabs.com/projects/documentation/ and also note ENISA's Guidelines On Cryptographic Solutions is useful as well https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40576824
For #1, there are lots of ways to implement SSL and TLS. Some of them are really bad, and some are pretty good. What exactly would you enable and why?
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question