Solved

Web Security and Network Questions

Posted on 2015-01-27
11
126 Views
Last Modified: 2015-02-15
I am trying to find answers for these questions, i had around 50 questions that i got the answers, for these questions it seems like i need clarification not just answers :-)

1. What cipher suite/algorithm/bit length would you use to secure traffic to your web site and explain the reasoning behind it?
2.For compliance purposes you need to log all the connections going to the webserver on your ASA firewall, how do you implement that?
3.You have noticed that you webserver is under heavy duress because it is serving so many image files embedded in your web pages. Suggest three temporary ways that you can reduce the load on your web server by serving the images from a different location (you can utilize F5, Cisco Router or ASA firewall).
4.What does the following Cisco access list match: access-list 11 permit 192.168.1.0 255.1.1.252?
0
Comment
Question by:Leo
  • 4
  • 4
  • 2
11 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
Yes agree....you can say its homework.....and as i mentioned in the start of the question i was able to find answers for 46 of them....these 4 I am not clear on the concept....thats why i asked......
0
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
So are you unclear on the questions, or just the answers? I am more than happy to discuss the questions, which should help you arrive to the answers.
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
I only can understand the concept of question 3, rest of the questions i dont really understand what i have to do, to find the answer.
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
so if you please briefly explain me the questions....then answers will make more sense :-)
0
NetScaler Deployment Guides and Resources

Citrix NetScaler is certified to support many of the most commonly deployed enterprise applications. Deployment guides provide in-depth recommendations on configuring NetScaler to meet specific application requirements.

 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
I was composing a nice answer on my computer but had to leave.
1. Talking about SSL/TLS. Look at the great info at ssllabs.com
2. Google "Asa logging"
3. You already have an idea, but review what a router, firewall, and products from F5 Networks can do.
4. This is a tough one. Review Cisco access lists and bit masks. Most networking people won't know how to answer this one.
0
 
LVL 8

Author Comment

by:Leo
Comment Utility
I have understanding now about SSL/TLS, but dont know how to answer that question.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
May another mean is asking yourself more qns to each
1. What protocol and traffic you are protecting? What threats are the website (or its data) exposed to and controls possible? Will the largest crypto key size be the most secure means to safeguard? Will we need symmetric and/or asymmetric crypto? What is the acceptable web experience that user needs for securing the website?

2. What is the purpose of logging - just compliance? How will the logging impact web server? What option of logging is available and verbosity required to log and comply? What log can be supported in device and off device? Any single of failure possible?

3. Why is many static instead of dynamic content retrieved? What is baseline for normal, peak and non-peak period traffic usage of website? Will the high usage or duress legit traffic? Will there be need for high availability or load balancing or both?

4. Maybe some tips online on ACL may help on what is there a "number 11" and what is "192.168.1.0 255.1.1.252"
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/
and another use case http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/nwacc_f.html
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
SSL/TLS has different cipher suite the ssllab shared has best practices which you can kickstart some findings..https://www.ssllabs.com/projects/documentation/ and also note ENISA's Guidelines On Cryptographic Solutions is useful as well https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/
0
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
For #1, there are lots of ways to implement SSL and TLS. Some of them are really bad, and some are pretty good. What exactly would you enable and why?
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now