Module 3: Firewall Fundamentals

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

expected encryption key length

256 bits

transport mode encryption

A form of encryption also known as point-to-point or host-to-host encryption. Transport mode encryption protects only the payload of traffic and leaves the header in plain-text original form.

Tunnel mode encryption

Aka site-to-site, LAN-to-LAN, gateway-to-gateway, host-to-LAN, and remote access encryption. complete encapsulation of the original traffic into a new tunneling protocol. The entire original header and payload are encrypted and a temporary link or tunnel header guides the data across the intermediary network.

____ the rules on a firewall are exceptions

All

public key cryptography

Asymmetric cryptography that uses key pairs Each participant in a communication or community has a discrete key pair set.-consists of a private key and a public key. The private key is kept secure and private at all times. The public key is put out for open public access and use. The key pairs work together as opposites. The encryption or encoding that one of the keys performs can only be undone by the opposite key of the pair.

what needs to be disabled before using software firewalls with multiple interfaces?

IP forwarding

any hardware connecting a local network—or even a single computer—to a telco's carrier network to access the Internet

ISP connection device

How does a firewall operate as a dead-man switch

If the firewall fails or goes offline, so does the connection it was filtering

four primary options of combined firewall types

Personal software firewall Commercial software firewall Personal hardware firewall Commercial hardware firewall

Firewalls for web e-commerce sites can act as the endpoint of what tunnels

Secure Sockets Layer (SSL) or Transport Layer Security (TLS) tunnel

define deny by default/allow by exception

Some exception rules define what you allow. Some exception rules define what you wish to deny. The final option, sometimes called the final rule, is that anything that did not match one of the exceptions is denied by default.

firewalls can filter based on content T or F

T

firewalls can filter based on encryption T or F

T

firewalls can log events T or F?

T

port forwarding

The function of routing traffic from an external source received on a specific predefined IP address and port combination (also known as a socket) to an internal resource server. Also known as reverse proxy and static NAT.

what does a circuit proxy prevent

a direct connection from existing between a client and server to protect the network

software firewall uses what as its host.

a standard client or server

chokepoint

access point to other areas of resources, a chokepoint is a specialized kind of gateway that focuses on traffic to a single concentrated pathway to simplify the process of filtering

threat that takes some type of initiative to seek out a target to compromise

active threat

Position firewall ____ encryption is removed

after

symmetric cryptography

algorithms that use a single, shared secret key to encrypt and decrypt data very fast

a general filter for malicious activity firewall can do what

allow communication using any protocol on any port or limit communications to specific protocols and ports

Firewalls is not and cannot...

an authentication server a remote access server malicious code scanner intrusion detection system unencrypt traffic detect misconfigurations

Personal hardware firewall is part of

an integrated firewall product, such as a wireless access point (WAP) or a cable/digital subscriber line (DSL) modem

hardware firewall is aka

appliance firewall

the go-between or middleman between a client and a server

application proxy

what is able to inspect traffic fully at any layer, including the application payload

application proxy

Content filtering is often a feature of which firewalls

application proxy firewalls, stateful inspection firewalls, and dynamic packet-filtering firewalls

cryptography

art and science of changing information so it is not easily recognized or understood by unauthorized third parties

asymmetric cryptography

based on algorithms that use either key pairs or some other special mathematical mechanism Different keys are used for different purposes, different keys are used by different members of the communication session, and some systems use something different from keys altogether slow

Firewalls that work with SSL and TLS filters content _____ the web server receives and processes the information

before

Firewall rules center around

blocking traffic with spoofed addresses, uncommon ports, unauthorized protocols, invalid header constructions or values

types of firewall implementations

bump-in-the-wire and bump-in-the-stack.

examples of ISP connection devices

cable modems, DSL modems, satellite modems, routers, and wireless modems, include firewall features.

what does virtualizing firewalls gain you

can craft new network architectures that may not exist in the traditional network architectural concepts

proxy firewall

can hide the identity of one or both endpoints of a communication from the participants.

issues with dynamic packet filtering

can sometimes be fooled through manipulation of header contents that makes malicious traffic appear to be part of an existing valid session not all traffic uses states (ICMP, UDP)

socket

combo of IP address and port number

out of band communication

communication through a different channel or means OR communication stream that occurred separate in time from the existing communication.

Stateful inspection addresses the issue of

complex malicious traffic

firewalls can also filter based on what

content

avalanche effect

cryptography tactic where a small change elicits a large effect in the output hash.

hardware firewall uses what as its host

dedicated appliance

what philosophy or stance of security do firewalls follow

deny by default/allow by exception

stateful packet filtering

determines whether or not a current packet is part of an existing session, and allow/deny decisions are made based on this determination Layers 4-7 will keep track of current sessions in a state table stored in memory

Content filtering can focus on

domain name, URL, filename, file extension, or keywords in the content.

ontent filtering can focus on what

domain name, URL, filename, file extension, or some other form of keyword

limitation of application proxy firewall

each unique application will need its own dedicated application proxy

what happens if a firewall fails

fails into a secured state known as fail-safe or fail-secure.

Host firewall

filter traffic entering or leaving a single computer system and protects the network from the threats coming from the host

What is a firewall

filtering device that enforces network security policy and protects the network against external attacks

Ingress filtering

filtering packets arriving at a network from the outside

what happens if a packet fails to match any rule

firewall drops packet by default

Egress filtering

firewall filters packets when they are leaving the network, prevents replies to probe packets from leaving the network and prevents a firm's infected hosts from attacking other firms

Bastion host

firewall positioned at the initial entry point where a network interfaces with the Internet. It serves as the first line of defense for the network; also known as a sacrificial host

bump-in-the-stack

firewall that is implemented via software.

Network address translation is common on most modern ______

firewalls

circuit proxy/firewall

focuses its filtering on the initial setup process of a session, state, or circuit a list of rules of IP addresses, port numbers, domain names, networks, or even resource providers determine which circuits or connections are allowed and which are not.

Firewalls can act as a _____ or as a _____

general filter for malicious activity one-way sieve

most common filtering focus

header payload of packet close second

software firewall is aka

host firewall

what firewall provides protections for both inbound and outbound communications.

host software firewall

symmetric cryptography is the preferred method to secure data where

in storage or in transit of any size.

next generation firewall has what in addition to normal capabilities

integrated IDS/IPS functionality

a border firewall is unable to see what kind of traffic

interior

state

logical connection between a client and a resource server

one-way function

mathematical operation performed in one direction relatively easily, but impossible or nearly so to reverse used in asymmetrical cryptography

issue with static packet filtering

may allow the subsequent packets of a fragmented message through, even though the lead packet was dropped. This can result in a DoS on the destination system

firewall on operating system

native firewall

software firewall can only filter traffic that reaches what

network interface of its host.

dual-homed firewalls have two or more what

network interfaces

Firewalls differentiate between _____ and ____

networks, subnets

Best practice for where to place firewalls

on each host, on every border gateway or chokepoint, and between each significant subnet or interior network division

Firewalls can focus on what

packet header packet payload content of a session, the establishment of a circuit possibly other assets

threats you must seek out to be harmed

passive threat

Firewall is the _____ embodiment of the security policy.

phsyical

form of static reversal of network translation

port forwarding

firewalls can provide ______ services

port-forwarding

dynamic packet filtering

process of automatically creating temporary filters once a session is established, the firewall watches for packets that do not belong to authorized sessions allows for simpler rule sets

stateful inspection

process of automatically tracking sessions or states to allow inbound responses to previous outbound requests. Aka dynamic packet filtering

keyspace

range of keys that are valid for use for that specific algorithm.

port forwarding _____ the effective security provided by a firewall

reduces

Original firewall

screening router

firewalls can _____, or divide, based on results of filtering

segment

benefit of multiple homed firewalls

segments, subnets, or networks connected to each firewall interface are electronically isolated from each other

bump-in-the-wire

separate hardware firewall implementation

transparent proxy (in-line proxy)

server that stands in place of and behaves initially as if it were the web server and is installed immediately between the firewall, protecting against Internet intrusions, and a web server. Request passed here if it meets firewall rules

session of communication

state- TCP's three-way handshake

most common form of filtering

static packet filtering

Three main types of cryptography algorithms

symmetric, asymmetric, and hashing

Load balancer

take the load coming into a set of servers and ensure that the load is balanced between or among the servers, based on a variety of factors

Packet payload

the essential data of the packet

Network Address Translation (NAT)

translates between internal addresses and public external addresses most common translation service

encryption key

unique and secret number that controls the encryption and decryption processes performed by the algorithm very large binary number measured or defined in terms of its bit length.

what is the riskiest element in a network infrastructure.

user

static packet filtering

uses a static or fixed set of rules to filter network traffic focuses on header contents, not payload focus on Layer 3 & 4 fast

variety of firewall and firewall-like concepts using software to perform firewall activities.

virtual firewall

How does a firewall work

watches for traffic that fails to comply with the rules defined by the firewall administrator

what does fail-safe mean

when the firewall is offline, locked or frozen, or otherwise experiences a problem, the firewall stops all traffic rather than allowing all traffic through.

a sieve firewall

will only allow traffic to originate from the private or trusted side


Ensembles d'études connexes

Face-Negotiation Theory - Communication Theory

View Set

Common Keyboard Shortcuts-Windows

View Set

4 : The Flow of Food : An Introduction

View Set

BIBL 104-Quiz: The Old Testament Books of Prophecy

View Set