Question

Guide To Firewalls & VPNs Third Edition

11. What is the benefit of establishing a bare-bores configuration on a bastion host?

12. What is the benefit of using an application like Microsoft Security Compliance Manager? What does it do?

13. What characteristics should you look for when physically locating the bastion host?

14. What are the criteria for grouping services on the same bastion host?

15. What services should be disabled on a typical UNIX/Linux server? Windows server?

16. what are dependency services?

17. Why back up a system after you configure it?

18. What are three important things to consider when choosing a bastion host OS?

19. What should you consider when evaluating the effectiveness of the bastion host configuration during the auditing process?

20. What is a baseline, and why is it important in the context of a bastion host?

Answer 1

Guide To Firewalls & VPNs Third Edition

11. What is the benefit of establishing a bare-bones configuration on a bastion host?

Ans:  As you know that bastion host is a special-purpose computer on a network
specifically designed and configured to withstand attacks. The computer
generally hosts a single application, for example a proxy server, and
all other services are removed or limited to reduce the threat to the
computer.

benefit of establishing a bare-bones configuration on a bastion host

1) Configure SSH keys to save typing two passwords in order to proxy through the
bastion host.
2) Setup iptables to have bastion act as a NAT gateway so the safe host can download
OS updates and packages.
3) Use a common DNS hostname pattern and glob matching in .ssh/config to make it
easy to SSH into all machines behind the bastion host.

12. What is the benefit of using an application like Microsoft Security Compliance Manager? What does it do?

Ans:  

(i) Microsoft Security Compliance Manager(SCM): enables organizations to
centrally plan, view, update, and export thousands of Group Policy settings
for Microsoft client and server operating systems and applications.
It makes it easier for organizations to plan, implement, and monitor
security compliance baselines in their Active Directory infrastructure

(ii) Microsoft Security Compliance Manager: includes the LocalGPO tool
which allows you to manage the local group policy objects (LGPO) on
non-domain joined computers.

(iii) SCM: provides ready to deploy policies and Desired Configuration
Management (DCM) Configuration Packs that are tested and fully supported.
DCM provides organizations with a way to easily scan their networks for
compliance using System Center Configuration Manager.

13. What characteristics should you look for when physically locating the bastion host?

Ans: When you physically locating the bastion host you should care of:

The physical location for a bastion host should be a room that is properly
ventilated, with adequate cooling and a backup power system. Proper environmental
controls such as sprinklers as well as physical security devices such as
deadbolt locks and alarm systems should also be included when physically locating
the bastion host

14. What are the criteria for grouping services on the same bastion host?

Ans: The services you want to run on the bastion host, make sure the server
software is the latest version and that available security patches and
updates are installed.

15. What services should be disabled on a typical UNIX/Linux server? Windows server?

Ans:  Any unwanted services or accounts on the bastion host should be disabled.
In particular, routing services should be disabled so they cannot be
exploited by intruders.

16. what are dependency services?

Ans: Dependency services: are services that the system needs to function correctly.

17. Why back up a system after you configure it?

Ans: You should back up your system after configuring it so that the system may
be restored quickly in case it becomes corrupted. Should the system become
corrupted by any virus, You can restore part or all of it from scratch
using the backup you have made earlier.

18. What are three important things to consider when choosing a bastion host OS?

Ans:  On the part of the administrator, compatibility with other computers on
the network, availability of required services, stability, and security
are important considerations when choosing a bastion host operating system( OS ).

19. What should you consider when evaluating the effectiveness of the bastion host configuration during the auditing process?

Ans: You should be consider Security and performance when evaluating the
effectiveness of the bastion host configuration during the audit process.

20. What is a baseline, and why is it important in the context of a bastion host?

Ans: A baseline is a level of performance that you consider acceptable and that
the system can be compared against. It is important because needs to establish a baseline for
system performance to gauge how a system normally runs.

----------------------------------------------------------------------------QED------------------------------------------------------------------------

"Hope that I am successfully completed your Question And You Understood"