Quiz for Chapter 6
9. A packet filtering firewall operates on which layer of TCP/IP reference model.
A Packet Filtering Firewall is installed on a TCP/IP based network and it operates at Network layer (OSI) or Internet Layer of TCP/IP reference model.
7. What is Filtering Router?
A router that first applies the filtering rules on the incoming/outgoing network traffic before using the routing table to forward the packet to appropriate output line
7. From firewall perspective, what is the difference between trusted and untrusted network?
From Firewall perspective, private data Network is considered as Trusted Network where as the external networks are assumed to be untrusted
What part of each incoming and outgoing data packet is examined by the packet filtering firewall?
Header
Packet filtering firewall examines the header of what package?
Header of the IP packet
6. Explain how a proxy-firewall protects organization's assets from external networks and control external resources that could be accessed by organization's employees?
If we have a firewall running on a proxy server (such as an application level firewall) - then all access requests coming from the internet network will be sent to the proxy server (e.g., if you write www.cnn.com which is a publically accessible host - this request will be sent to the proxy server rather than directly going to the original web server) whereas all the access requests coming from external networks will be received by the Proxy server. Proxy server, on the other hand, will have a complete list of rules that it can use to determine whether access should be granted or rejected....
1. What is spoofing attack
Spoofing attack is a situation in which a person or a program successfully pretends as another person/program using the false data and thereby gaining illegitimate advantages...
2. What is the difference between stateless firewall and state-aware (state-full) firewall?
Stateless - no memory of previously arrived/transmitted packets State-aware- keep records of recently arrived/transmitted packets
5. Define the primary objective of a firewall
To protect private network and its resources from external users or external networks such as Internet
1. What TCP/IP stands for?
Transmission Control Protocol/Internet Protocol
8. Explain how packet filtering firewall works?
a. A packet filter firewall filters/examine the header information of each incoming and outgoing IP packet (datagram) to determine whether to forward this IP packet to the destination or simply block using the predefined set of rules. b. In Packet Filtering Firewall - these Filtering Rules are based on the information contained in a header part of an IP Packet. The header information may include: i. Source & Destination IP address (32 bit IP address in IPV4)
Advantages of Packet filtering firewall
a. One of the main advantage is that it only examines the header part of each incoming and outgoing packet to make a decision whether to forward or block the packet - so it typically does not take much time to make a decision compare to modern firewalls which typically perform deep packet inspection
Disadvantages of Packet Filtering firewall
b. Packet filtering firewall is considered as stateless firewall since it considers each data packet independently regardless of whether the packet is coming from the same source IP address. c. When we say stateless - it means the firewall has no memory of previously arrived/transmitted packets which makes its vulnerable to spoofing attacks
5. In packet filtering firewall, the filtering rules can be established based on the following
c) Source and destination IP addresses
What level of TCP/IP reference model does packet filtering firewall operate?
internet/ network
Dynamic filtering:
on the other hand allows the firewall to make decision (i.e., update the current set of rules of create new filtering rule) at run time based on the current situation of the network.
Static filtering
requires that firewall must be pre-loaded with all set of rules that a Firewall admin wants to use to determine which packet should be blocked and which packet should be forwarded to the destination.
4. What is the purpose of Application layer in TCP/IP reference model?
• To provide interface between end-user and the layers of TCP/IP reference model. • To support protocols running at the Application layer of TCP/IP reference model