4 - Firewalls

Packet Filtering Firewall (1 description, 2 default policies)

> Applies forwarding rules to incoming/outgoing IP packets based on IP/TCP header entries >> Discard Policy: Prohibit unless explicitly permitted >> Forward Policy: Permit unless explicitly prohibited

Packet Filtering Weaknesses (4)

> Can't prevent application specific vulnerability attacks > Limited logging fcns > Vulnerable to attacks exploiting TCP/IP > Firewalls susceptible to security breaches from improper configs

Stateful Inspection Firewall (3)

> Create directory of TCP connections, only allow traffic for established connections > Record TCP sequence number > Review packet info for undesirable commands

Firewall Topologies (7) *

> Host-resident firewall: personal/server firewall software > Screening router: router between internal/external networks > Single bastion inline: firewall device between internal and external router > Single bastion T: has 3rd interface to DMZ where externally visible servers are placed > Double bastion inline: DMZ between bastion firewalls > Double bastion T: DMZ on separate network interface on bastion firewall > Distributed firewall: used by large entities

Filtering Types (2)

> Packet filtering (access control lists) > Session filtering (dynamic packet filtering, stateful inspection, context based access control)

Packet Filtering Advantages (3)

> Simple > Fast > Transparent