Unit 4 Part 1 Firewalls
When you are configuring a packet filtering firewall rule, you will generally use one (or more) of the what TCP/IP attributes? (7)
- Source IP addresses - Destination IP addresses - IP protocol (telnet, ftp, http, https, etc.) - Source TCP and UDP ports (for example, the http protocol runs on TCP port 80.) - Destination TCP and UDP ports - The inbound firewall network interface - The outbound firewall network interface (Source and Destination IP addresses) (Source and Destination TCP and UDP ports) (Inbound and Outbound firewall network interference)
Physical Layer (Layer 1)
- accepts the frame from the data link layer and converts the frame into bits for transmission over the connection medium - also responsible for receiving bits and converting them into a frame to be used by the data link layer - manages synchronization, manages line noise, medium access, digital/analog/light pulses determination
Application-level firewalls can: (4)
- block malicious activity - log user activity - provide content filtering - protect against spam and viruses.
Layers of the OSI Model:
Application, Presentation, Session, Transport, Network, Data Link, Physical You can remember it with: All People Seem To Need Data Processing
Ingress:
Filters in (outside to inside)
Egress
Filters out (inside to outside)
The foundation of network security technologies is:
Firewalls
The two major types of firewalls are:
Host Firewall Network Firewall
Watch windows firewall video in Schoology.
It may help.
Describe Windows Firewalls:
Microsoft Windows application that filters information coming to your system from the Internet and blocking potentially harmful programs.
NAT
Network Address Translation or Network Address Translator) is the virtualization of Internet Protocol (IP) addresses. Helps improve security and decrease the number of IP addresses an organization needs. The mechanism ("natting") is a router feature, and is often part of a corporate firewall.
Circuit Level Firewalls work in a very similar fashion as ________________, but they operate at the ____________ layers of the OSI model.
Packet-filtering firewalls transport and session
Network Layer (Layer 3)
Primarily responsible for routing
Transport Layer (Layer 4)
Provides the mechanisms for carrying data across the network. It uses three main mechanisms: segmentation, service addressing and error checking. TCP/UDP
Application-level firewalls a.k.a ___________ works by performing a ___________________.
Proxy servers a deep inspection of application data as it traverses the firewall.
Session Layer (Layer 5)
Responsible for data synchronization between the applications on the two devices. The session layer establishes, maintains, and breaks sessions between devices.
TCP Handshake is?
Syn -> Syn Ack -> Ack
Application Layer (Layer 7)
Takes data from the user and passes the data to the lower layers of the OSI model for transport. Responses are passed up through the layers and are displayed back to the user.
Presentation Layer (Layer 6)
The presentation layer converts application layer data into a format that permits the data to be transmitted across the network.
Host firewall:
(personal firewalls) A software firewall is a firewall application installed on a host, used to protect the host from network-based attacks.
The OSI model is:
a conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, to describe a network architecture that allows data to be passed between computer systems
Network firewall:
a firewall application installed on a server used to protect network segments from other network segments.
Circuit-level firewalls are typically considered:
a second generation firewall technology.
Rules are set based by:
analyzing client requests and application responses, then enforcing correct application behavior.
A fire wall protects the computer by:
by filtering the data packets traversing the network.
Routers have the ability to:
do some rudimentary packet filtering, such as permitting all outbound traffic while denying all inbound traffic, or blocking specific protocols from passing through the router, like telnet or ftp.
The OSI model is the standard for discussing:
how networking works
A packet filtering firewall inspects:
inspects the data packets as they attempt to traverse the firewall and (based on the rules that have been defined on the firewall) the firewall allows or denies each packet.
A firewall is a system that:
is designed to protect a computer or a computer network from network-based attacks.
A circuit-level firewall monitors TCP/IP sessions by:
monitoring the TCP handshaking between packets to validate the session.
How are Firewalls used to support Information Security?
provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic.
Stateful multi-level firewalls are designed to:
provide the best features of both packet filtering and application-level firewalls.
Traffic is filtered based on:
specified session rules and may be restricted to authorized computers only.
Packet filtering firewall is considered:
the first generation firewall
Stateless Inspection firewall is:
watches network traffic and restrict or block packets based on source and destination addresses or other static values. They're not 'aware' of traffic patterns or data flows.
Stateful inspection determines:
whether or not a packet is part of an existing session and that information can be used to determine whether to permit or deny a packet.
Data-Link Layer (Layer 2)
Connects the data layer to the physical layer so that the data can be transmitted across the network. The data link layer handles error detection, error correction and hardware addressing. - The data link layer is broken into two sub-layers, the Media Access Control (MAC) sub-layer and the Logical Link Control (LLC) sub-layer.
DMZ is:
Demilitarized Zone The primary way to secure an organization's networks and one of the internal firewalls protecting the bulk of the enterprise network.