[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 156
  • Last Modified:

Web Security and Network Questions

I am trying to find answers for these questions, i had around 50 questions that i got the answers, for these questions it seems like i need clarification not just answers :-)

1. What cipher suite/algorithm/bit length would you use to secure traffic to your web site and explain the reasoning behind it?
2.For compliance purposes you need to log all the connections going to the webserver on your ASA firewall, how do you implement that?
3.You have noticed that you webserver is under heavy duress because it is serving so many image files embedded in your web pages. Suggest three temporary ways that you can reduce the load on your web server by serving the images from a different location (you can utilize F5, Cisco Router or ASA firewall).
4.What does the following Cisco access list match: access-list 11 permit 192.168.1.0 255.1.1.252?
0
Leo
Asked:
Leo
  • 4
  • 4
  • 2
1 Solution
 
kevinhsiehCommented:
0
 
LeoAuthor Commented:
Yes agree....you can say its homework.....and as i mentioned in the start of the question i was able to find answers for 46 of them....these 4 I am not clear on the concept....thats why i asked......
0
 
kevinhsiehCommented:
So are you unclear on the questions, or just the answers? I am more than happy to discuss the questions, which should help you arrive to the answers.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LeoAuthor Commented:
I only can understand the concept of question 3, rest of the questions i dont really understand what i have to do, to find the answer.
0
 
LeoAuthor Commented:
so if you please briefly explain me the questions....then answers will make more sense :-)
0
 
kevinhsiehCommented:
I was composing a nice answer on my computer but had to leave.
1. Talking about SSL/TLS. Look at the great info at ssllabs.com
2. Google "Asa logging"
3. You already have an idea, but review what a router, firewall, and products from F5 Networks can do.
4. This is a tough one. Review Cisco access lists and bit masks. Most networking people won't know how to answer this one.
0
 
LeoAuthor Commented:
I have understanding now about SSL/TLS, but dont know how to answer that question.
0
 
btanExec ConsultantCommented:
May another mean is asking yourself more qns to each
1. What protocol and traffic you are protecting? What threats are the website (or its data) exposed to and controls possible? Will the largest crypto key size be the most secure means to safeguard? Will we need symmetric and/or asymmetric crypto? What is the acceptable web experience that user needs for securing the website?

2. What is the purpose of logging - just compliance? How will the logging impact web server? What option of logging is available and verbosity required to log and comply? What log can be supported in device and off device? Any single of failure possible?

3. Why is many static instead of dynamic content retrieved? What is baseline for normal, peak and non-peak period traffic usage of website? Will the high usage or duress legit traffic? Will there be need for high availability or load balancing or both?

4. Maybe some tips online on ACL may help on what is there a "number 11" and what is "192.168.1.0 255.1.1.252"
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/
and another use case http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/nwacc_f.html
0
 
btanExec ConsultantCommented:
SSL/TLS has different cipher suite the ssllab shared has best practices which you can kickstart some findings..https://www.ssllabs.com/projects/documentation/ and also note ENISA's Guidelines On Cryptographic Solutions is useful as well https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014/
0
 
kevinhsiehCommented:
For #1, there are lots of ways to implement SSL and TLS. Some of them are really bad, and some are pretty good. What exactly would you enable and why?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now