Leo
asked on
Web Security and Network Questions
I am trying to find answers for these questions, i had around 50 questions that i got the answers, for these questions it seems like i need clarification not just answers :-)
1. What cipher suite/algorithm/bit length would you use to secure traffic to your web site and explain the reasoning behind it?
2.For compliance purposes you need to log all the connections going to the webserver on your ASA firewall, how do you implement that?
3.You have noticed that you webserver is under heavy duress because it is serving so many image files embedded in your web pages. Suggest three temporary ways that you can reduce the load on your web server by serving the images from a different location (you can utilize F5, Cisco Router or ASA firewall).
4.What does the following Cisco access list match: access-list 11 permit 192.168.1.0 255.1.1.252?
1. What cipher suite/algorithm/bit length would you use to secure traffic to your web site and explain the reasoning behind it?
2.For compliance purposes you need to log all the connections going to the webserver on your ASA firewall, how do you implement that?
3.You have noticed that you webserver is under heavy duress because it is serving so many image files embedded in your web pages. Suggest three temporary ways that you can reduce the load on your web server by serving the images from a different location (you can utilize F5, Cisco Router or ASA firewall).
4.What does the following Cisco access list match: access-list 11 permit 192.168.1.0 255.1.1.252?
ASKER
Yes agree....you can say its homework.....and as i mentioned in the start of the question i was able to find answers for 46 of them....these 4 I am not clear on the concept....thats why i asked......
So are you unclear on the questions, or just the answers? I am more than happy to discuss the questions, which should help you arrive to the answers.
ASKER
I only can understand the concept of question 3, rest of the questions i dont really understand what i have to do, to find the answer.
ASKER
so if you please briefly explain me the questions....then answers will make more sense :-)
I was composing a nice answer on my computer but had to leave.
1. Talking about SSL/TLS. Look at the great info at ssllabs.com
2. Google "Asa logging"
3. You already have an idea, but review what a router, firewall, and products from F5 Networks can do.
4. This is a tough one. Review Cisco access lists and bit masks. Most networking people won't know how to answer this one.
1. Talking about SSL/TLS. Look at the great info at ssllabs.com
2. Google "Asa logging"
3. You already have an idea, but review what a router, firewall, and products from F5 Networks can do.
4. This is a tough one. Review Cisco access lists and bit masks. Most networking people won't know how to answer this one.
ASKER
I have understanding now about SSL/TLS, but dont know how to answer that question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SSL/TLS has different cipher suite the ssllab shared has best practices which you can kickstart some findings..https://www.ssllabs.com/projects/documentation/ and also note ENISA's Guidelines On Cryptographic Solutions is useful as well https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/
For #1, there are lots of ways to implement SSL and TLS. Some of them are really bad, and some are pretty good. What exactly would you enable and why?
http://support.experts-exchange.com/customer/portal/articles/1435136