Packet filters are used to make block/allow decisions based on header data like source and destination address and port.

Stateful firewalls add in the ability to factor in the state of the connection—new, related, established.

An Application layer gateway knows about Application layer protocols.

A unified threat management appliance adds additional capabilities on top of firewall functions, including antivirus.

Confidentiality is about making sure secrets are kept secret.

Integrity makes sure that data isn’t altered accidentally or by an unauthorized agent.

Non-repudiation makes sure someone can’t say a message didn’t originate with them if it came from their identity.

Availability means making sure data is where it needs to be when it should be there. This includes services as well.

Risk is the probability of the occurrence of an event multiplied by the dollar value of loss.

There is no mitigation factor that is quantified, so it could be put into a risk calculation.

Switches and optical cable connections can certainly be part of a network design, but in and of themselves they don’t add any security features.

You may use Linux on the desktop, but without more of a strategy for patch and vulnerability management, Linux is no better than other operating systems.

Access control lists on routers can add an additional layer of security, especially when combined with other elements like firewalls and intrusion detection systems.

Confidentiality is keeping secret information secret, which means unauthorized users can’t access it.

Encryption is a good way to keep unauthorized users from data because in order to get to the data, they need to have the key.

Watchdog processes are used to ensure that programs remain running.

Cryptographic hashes are used to verify the integrity of data.

Web servers are used to serve up information.

Firewalls are used to block traffic into a network, though an intrusion prevention system will also block traffic.

A packet filtering firewall uses header information, such as source and destination address and port, to determine whether to allow traffic into the network.

Syslog and the Windows event subsystem can be used to log system messages.

Intrusion detection systems can be used to generate alerts on traffic.

If a user makes a change to a file and saves it, that’s an intentional act and the data is what the user expects and wants.

If the disk drive has flagged bad blocks on the disk, the drive won’t write any data out to those blocks, so there will be no loss of integrity.

Credit cards passed in cleartext would be a violation of confidentiality.

Memory failures, though, could cause a loss of data integrity, even in the case of writing data to the drive. The corrupted data in memory could be written to disk. Also, memory failures may cause issues with the disk driver, which may also cause data corruption.