Web Security and Network Questions

I am trying to find answers for these questions, i had around 50 questions that i got the answers, for these questions it seems like i need clarification not just answers :-)

1. What cipher suite/algorithm/bit length would you use to secure traffic to your web site and explain the reasoning behind it?
2.For compliance purposes you need to log all the connections going to the webserver on your ASA firewall, how do you implement that?
3.You have noticed that you webserver is under heavy duress because it is serving so many image files embedded in your web pages. Suggest three temporary ways that you can reduce the load on your web server by serving the images from a different location (you can utilize F5, Cisco Router or ASA firewall).
4.What does the following Cisco access list match: access-list 11 permit 192.168.1.0 255.1.1.252?
LVL 8
LeoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
btanConnect With a Mentor Exec ConsultantCommented:
May another mean is asking yourself more qns to each
1. What protocol and traffic you are protecting? What threats are the website (or its data) exposed to and controls possible? Will the largest crypto key size be the most secure means to safeguard? Will we need symmetric and/or asymmetric crypto? What is the acceptable web experience that user needs for securing the website?

2. What is the purpose of logging - just compliance? How will the logging impact web server? What option of logging is available and verbosity required to log and comply? What log can be supported in device and off device? Any single of failure possible?

3. Why is many static instead of dynamic content retrieved? What is baseline for normal, peak and non-peak period traffic usage of website? Will the high usage or duress legit traffic? Will there be need for high availability or load balancing or both?

4. Maybe some tips online on ACL may help on what is there a "number 11" and what is "192.168.1.0 255.1.1.252"
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/
and another use case http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/nwacc_f.html
0
 
kevinhsiehCommented:
0
 
LeoAuthor Commented:
Yes agree....you can say its homework.....and as i mentioned in the start of the question i was able to find answers for 46 of them....these 4 I am not clear on the concept....thats why i asked......
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
kevinhsiehCommented:
So are you unclear on the questions, or just the answers? I am more than happy to discuss the questions, which should help you arrive to the answers.
0
 
LeoAuthor Commented:
I only can understand the concept of question 3, rest of the questions i dont really understand what i have to do, to find the answer.
0
 
LeoAuthor Commented:
so if you please briefly explain me the questions....then answers will make more sense :-)
0
 
kevinhsiehCommented:
I was composing a nice answer on my computer but had to leave.
1. Talking about SSL/TLS. Look at the great info at ssllabs.com
2. Google "Asa logging"
3. You already have an idea, but review what a router, firewall, and products from F5 Networks can do.
4. This is a tough one. Review Cisco access lists and bit masks. Most networking people won't know how to answer this one.
0
 
LeoAuthor Commented:
I have understanding now about SSL/TLS, but dont know how to answer that question.
0
 
btanExec ConsultantCommented:
SSL/TLS has different cipher suite the ssllab shared has best practices which you can kickstart some findings..https://www.ssllabs.com/projects/documentation/ and also note ENISA's Guidelines On Cryptographic Solutions is useful as well https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/
0
 
kevinhsiehCommented:
For #1, there are lots of ways to implement SSL and TLS. Some of them are really bad, and some are pretty good. What exactly would you enable and why?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.