CP3302 - Chap6
How is an application layer firewall different from a packet-filtering firewall? Why is an application layer firewall sometimes called a proxy server?
-The application layer firewall takes into consideration the nature of the applications being run (the type, timing of the network connection requests, the type and nature of the traffic generated) whereas the packet filtering firewall simply looks at the packets as they are transferred. - The application firewall is also known as a proxy server, since it runs special software that acts as a proxy for a request.
What are the four questions that must be addressed when selecting a firewall for a specific organization?
.What type of firewall technology offers the right balance between protection and cost for the needs of the organization? • What features are included in the base price? What features are available at extra cost? Are all cost factors known? • How easy is it to set up and configure the firewall? How accessible are the staff techni- cians who can competently configure the firewall? • Can the candidate firewall adapt to the growing network in the target organization?
What is a content filter? Where is it placed in the network to gain the best result for the organization?
@It is a software filter, not a firewall, that allows administrators to restrict content from within a network, these are written scripts aurora programs.@It is placed on the primary connection which directly connects to the internet.
is the process of validating a supplicant's supported identity. Answer:
Authentication
What is the commonly used name for an intermediate area between a trusted network and an untrusted network?
Demilitarized zone (DMZ)
Which type of firewall filtering allows the firewall to react to an emergent event and update or create rules to deal with the event?
Dynamic
True or False: The authentication factor something a supplicant relies upon individual characteristics, such as fingerprints, palm prints, hand topography, hand geometry, or retina and iris scans.
False
What is the system most often used to authenticate the credentials of users who are trying to access an organization's network via a dial-up connection?
RADIUS
In which mode of IPSEC is the data within an IP packet encrypted, while the header information is not?
Transport mode
What key features point up the superiority of residential/SOHO firewall appliances over personal computer-based firewall software?
When the protective control fails, the appliance will most often fail in a safe mode, while the software is likely to stop working, leaving the protected system vulnerable.
What is stateful inspection? How is state information maintained during a network connection or transaction?
*stateful inspection keeps track of each network connection between internal and external systems using a state table. Stateful inspection firewalls use packet filtering to allow or deny packets. It also defaults to its ACL if a packet doesn't match in its state table. *State information is maintained in a state table which contains the familiar IP and port source and destination
What is the typical relationship among the untrusted network, the firewall, and the trusted network?
-The untrusted network refers to the internet. -The trusted network refers to the privately owned network. -The firewalls filters traffic from the untrusted network to the trusted network to ensure it is legitimate and not harmful.
What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?
-UDP packets are designed to be connectionless. -TCP packets usually involve the creation of a connection from one host computer to another. -A single transaction would not usually involve TCP and UDP ports.
How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?
-static filtering is where the filtering rules tell the firewall which packets are allowed and which are denied are developed and installed. - dynamic filtering is where the firewall reacts to an emergent event and update or create rules to deal with the event. *while static filtering firewalls allow entire sets of one type of packet to enter in response to authorised requests, the dynamic packet filtering firewall allows only a particular packet with a particular source, destination and port address to enter through the firewall.
List the five generations of firewall technology. Which generations are still in common use?
@First gen - static firewalls; second gen - application level/proxy server firewalls; third gen - stateful inspection firewalls; fourth gen - dynamic/packet filtering firewalls; fifth gen - kernel proxy firewall. @Most generations are still in use and combine features from more than one.
What is a hybrid firewall?
A hybrid firewall combines features and functions from other types of firewalls. Hybrid firewalls use a combination of the other three methods, and in practice, most firewalls fall into this category, since most use multiple approaches within the same device.
_____ is the method by which systems determine whether and how to admit a user into a trusted area of the organization.
Access Control
What is a VPN? Why is it becoming more widely used?
It is a private/secure network connection between systems that use the data communication capability of an unsecured public network. @They are more widely used because they are easy to setup and maintain and only require that they are dual homed (connecting a private network to the internet or another outside connection point).
What is a circuit gateway, and how does it differ from the other forms of firewalls?
It operates at the transport layer. Connections are based on addresses. Like filtering firewalls, circuit gateways do not usually look at data traffic flowing between networks, but they prevent direct connections between networks. They do this by creating tunnels connecting specific processes or systems on each side of the firewall. A circuit gateway is a firewall component often included in the category of application gateway, but is in fact a separate type of firewall.
Explain the basic technology that makes residential/SOHO firewall appliances effective in protecting a local network. Why is this usually adequate for protection?
Network Address Translation (NAT) assigns non-routing local addresses to the computer systems in the local area network and uses the single ISP assigned address to communicate with the Internet. Since the internal computers are not visible to the public network, they are much less likely to be scanned or compromised
What type of firewall examines every incoming packet header and can selectively filter packets based on header information, such as destination address, source address, packet type, and other key information?
Packet filtering
Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.
*packet filtering firewalls scan network data packets and either accept or deny them depending on the rules of the firewall's database. *Filtering firewalls inspect packets at the network layer (layer 3 of OSI) *MAC layer firewalls are designed to operate at the media access control layer (layer 2) *Application level firewalls operate above layer 3 using knowledge of protocols and applications.
What a sacrificial host? What is a bastion host?
They are synonyms. The bastion host stands as a sole defender on the network perimeter, therefor it's also called the sacrificial host. this system requires the external attack to compromise two separate systems before it can access internal data.