If the attacker cannot notice the fake service provided by the honeypot, the capture efficiency of the honeypot is relatively low

Honeypot technology is to absorb the network by deploying some king machines as bait Trick attackers into attacking them This allows attacks to be captured and analyzed

Discuss the access layer switch equipment as honeypot equipment

The honeypile can only passively wait for the attacker to attack

After you create or modify an audit profile, the configuration content takes effect immediately.

By default, the audit function of outgoing file content is enabled by default.

By default HTTP status code audit mode is the default mode Only common HTTP status codes are audited.

Trapping needles support simulation services

The trapping technology scheme consists of two parts: trap and trapping probe

The trapping probe is a honeypot

The trapping probe is responsible for identifying the scanning behavior in the network and directing traffic to the trap

3

1

2

4

You need to configure the IP address and route for the forwarding interface of the WAF

The agent works in route-forwarding mode instead of bridge mode

JUDGING FROM THE ANGULARITY OF THE WEB CLIENT THE WEB CLIENT IS STILL DIRECTLY ACCESSING THE SERVER AND IS NOT AWARE OF THE EXISTENCE OF WAF

Minimal network changes enable zero-configuration deployment

S switch

firewall

CE switch

HiSec Insight flow probe

Attacks caused by stored XSS are persistent

The attack code of stored XSS is stored on the target server

The attack code of the reflected XSS is stored on the target server

Attacks caused by reflective XSS are persistent

Delete the process

Encrypt malicious traffic

Password brute force cracking

User privilege elevation

TRUE

FALSE

The DNS overcast function has a great impact on the performance of the device compared to the URL overcast, but all services corresponding to the domain name can be controlled.

DNS filtering can be controlled at the stage of initiating HTTP/HHPS URL requests.

DNS filtering can release or block requests for different time periods or different users/groups by referencing time periods or users/groups.

The DNS filtering function is usually used in enterprise gateways to effectively manage users' access to network resources

TRUE

FALSE

TRUE

FALSE

Use the command display current-configuration to display configuration information for the default configuration file itself.

The administrator should first clarify which types of files need to be purged, and then select the types of files that the device can support Finally, fill in the remaining file types in "Custom extension".

When the default configuration file is referenced by the command line configuration security policy You need to enter the full profile name Otherwise, it cannot be successfully referenced.

Under the command line interface, you can view the configuration information in the default configuration file through the command display profile type url-filter.

TRUE

FALSE

Even for safety training, the focus will be different for different departments.

In terms of training content For senior executives, training on information security strategies and information security laws and regulations is required.

For grassroots employees, some safety technology training should be emphasized.

In terms of training method For most employees, just one induction training is not enough attention, and frequent email campaigns are needed to raise awareness of information security

Installing threats against network weapons, network trapping defense technology, can use deception to make the attack execute special commands in the trapping system

In the face of viruses, worms, WebShell these weaponized attack methods, can use misleading methods to make the attack traffic be diverted to trap probe O

For the detection behavior in the early stage of the attack, you can use deception to burst into defense. By creating various traps to mislead the attacker. Cause attackers to misunderstand the network structure, attack targets, and vulnerabilities.

Network trapping technology can disguise the actual business and vulnerabilities to mislead the attacker, so that the attacker can infiltrate the trapping system.

It is recommended that the heartbeat port be connected directly with a network cable or optical fiber

We recommend that you plan a special interface as a heartbeat port and do not direct service packets to the heartbeat connection and forward

It is recommended to configure at least 2 heartbeat ports, one as the main use One as a backup

It is proposed to use a cross-board Eth-trunk port as a heartbeat port between the two firewalls.

Network trapping technology can automatically sense APR-MISS and realize trapping.

Network trapping technology can automatically sense the non-existence of IP and realize trapping.

Network trapping technology can automatically sense the absence of MAC addresses and realize trapping.

Network trapping technology can automatically sense open ports and realize trapping.

Content security check

Access behavior security check

Security checks for sensitive information

Network security inspection

Establish a secure business environment

Improve situational awareness and resiliency of your business

Build defense-in-depth capabilities for your business

Do a good job of protecting the equipment at the point

Session table

signature

Routing table

IP address

The generation of anti-virus logs has nothing to do with license authorization

The generation of intrusion prevention logs has nothing to do with license authorization

The generation of audit logs has nothing to do with license authorization

Sandbox detection logs include local sandbox and cloud sandbox detection logs, and cloud sandbox detection requires license authorization

Use planting load inspection

Use DNS dynamic mode

Use 302 redirect

Use CHAME

Security audit can identify risks by analyzing threat logs

Security audit is usually divided into database audit, behavior audit and operation and maintenance audit

Security audit is generally a post-event audit, because permission management and authorization are the core of security audit

B/S architecture model and C/S class of database audit Implement a two-layer (presentation layer, data access layer) architecture

TRUE

FALSE

TRUE

FALSE

TRUE

FALSE

TRUE

FALSE

Server-Less 份

Client-Less backup

LAN-Free S份

LAN backup

TRUE

FALSE

In the second point, the server's port 3456 request is transmitted to port 3389

In the second point, the server's port 3789 request is transmitted to port 3456

In the first point, forward the data on port 4444 of the server to 192.168.122.128:3389 ±

In the first point, forward the server's port 3389 data to 192.168.122.111: 4444

Half

- years

2 years

The trapping probe has a business simulation function.

Firewalls and switch devices can act as trapping probes.

In networking mode where the trap and the trap probe are on the same firewall| CIS and SecoManager are not required for trapping Closed-loop threat linkage can be completed directly through FW.

The trapping system produces a unique fingerprint for each attacker Able to record hacker IP, operating system Information such as browser type, type of attack weapon, etC.