4 - Firewalls
Packet Filtering Firewall (1 description, 2 default policies)
> Applies forwarding rules to incoming/outgoing IP packets based on IP/TCP header entries >> Discard Policy: Prohibit unless explicitly permitted >> Forward Policy: Permit unless explicitly prohibited
Packet Filtering Weaknesses (4)
> Can't prevent application specific vulnerability attacks > Limited logging fcns > Vulnerable to attacks exploiting TCP/IP > Firewalls susceptible to security breaches from improper configs
Stateful Inspection Firewall (3)
> Create directory of TCP connections, only allow traffic for established connections > Record TCP sequence number > Review packet info for undesirable commands
Firewall Topologies (7) *
> Host-resident firewall: personal/server firewall software > Screening router: router between internal/external networks > Single bastion inline: firewall device between internal and external router > Single bastion T: has 3rd interface to DMZ where externally visible servers are placed > Double bastion inline: DMZ between bastion firewalls > Double bastion T: DMZ on separate network interface on bastion firewall > Distributed firewall: used by large entities
Filtering Types (2)
> Packet filtering (access control lists) > Session filtering (dynamic packet filtering, stateful inspection, context based access control)
Packet Filtering Advantages (3)
> Simple > Fast > Transparent