Chapter 8: Configuring Firewalls
Which of the following is needed when determining what firewall traffic to allow and what to block?
A complete inventory of all needed or desired network communications
Fumiko is a network technician. She is configuring rules on one of her company's externally facing firewalls. Her network has a host address range of 192.168.42.140-190. She wants to allow her hosts access to a certain port except for hosts 188, 189, and 190. What rule or rules must she write?
A single rule allowing hosts 140-187 is all that is necessary; the default-deny rule takes care of blocking the remaining nonincluded hosts.
Elissa is a network technician. She is configuring firewall rules for one of her company's branch offices, which supports online retail sales of the company's products. She is configuring rules to block traffic based on a traditional model but needs to allow a particular type of traffic. What should she allow?
All traffic from port 80 originating from the office's web server, which is in a protected subnet.
Alphonse is a networking contractor who has been hired by a small to medium-sized company to configure its firewall. The firewall comes preconfigured with a common rule set that allows web, email, instant messaging, and file transfer traffic using default ports. The company wants to allow access to secure websites and common website protocols but block access to insecure Internet websites. Which of the following is the best solution?
Allow access to HTTPS, SQL, and Java, but deny access to HTTP
Tori is a network technician. She needs to configure the edge firewalls for her company's IT infrastructure. Her supervisor told her she must find a configuration method that assumes all network traffic is safe and, as malicious traffic is identified, it is added to a list of exceptions. Which of the following configuration methods does Torri select?
Allow by default/deny by exception
Teodora is the procurement manager for her company's IT department. She is researching firewalls that come with enhancements beyond basic traffic filtering. Which of the following is considered a firewall enhancement?
Anti-malware scanning
Duncan runs a small writing and editing business. He employs two people in his small office/home office (SOHO). He also has general knowledge of networking, including how to configure a basic firewall to protect the network. His off-the-shelf firewall has rule sets built in with several main elements. Duncan is currently setting rules for TCP and UDP. What element is he working with?
Base protocl
What is the first step in deploying a firewall?
Construct a firewall policy.
Hyon is a network consultant. She was hired by a client company to examine the effectiveness of its IT infrastructure. She discovers that the company's Internet-facing firewall is not capable of automatically handling and adjusting for random source ports when a session is being established to its web and gaming servers. How should she correct this?
Create a custom rule to manage random source ports
Hajar is a network administrator. She is inventorying firewalls in her company. She finds on that has a management interface lacking something and makes a note to replace it immediately. What critical security measure is the management interface missing?
Encryption
Which of the following can a delay in firewall software patching cause?
Exploitation of the firewall
A potential loophole is created when the wrong rule is positioned last in a firewall rule set.
False
Allow-by-default automatically prevents most malicious communications by default.
False
Fair queuing is the distribution of the firewall filtering workload across multiple parallel firewalls.
False
Firewalking is a technique to learn the configuration of a firewall from the inside.
False
The source address and the port address of inbound firewall rules are often set to Deny, unless the rule is to apply to specific systems or ports.
False
To avoid confusion, an organization should have a written security policy for a minimum number of security components.
False
A malicious party has discovered the IP address of a host inside a network she wants to hack. She employs a form of port scanning, attempting to establish a connection with the host using multiple different ports. Which technique is she using?
Firewalking
Reid is a network security trainer for a mid-sized company. He is demonstrating alternative methods of protecting a network using unconventional means. The IT department's "sandbox" network is used for texting and is not connected to the production network. Using the sandbox, Reid shows how to protect a network from external threats without using a firewall. What is Reid's approach?
Packet sniffer
Shoshana is a network technician for a mid-sized organization. She is configuring firewall rules. She is in a firewall's graphical interface and sets a rule as TCP, 192.168.42.024, ANY, ANY, 443, Allow. In what order is this rule organizing protocols, source addresses, source and target ports, and actions?
Protocol, source address, source port, target address, target port, action
Tiffany is a network engineer for her company. To enhance the performance of the network, she uses a method that assigns incoming transactions as they arrive in sequence to each of the infrastructure's three firewalls. Transaction 1 goes to firewall 1, transaction 2 goes to firewall 3, transaction 3 goes to firewall 2, and so on. Which technique is Tiffany using?
Round-robin
All firewalls, including those using static packet filtering, stateful inspection, and application proxy, have one thing in common. What is it?
Rules
Leandro is writing a firewall policy. He needs to define which type of firewall he needs for each portion of the infrastructure based on differing areas of risk and trust. What are these areas called?
Security zones
Lenita is a network technician. She is setting up a rule set for a firewall in her company's demilitarized zone (DMZ). For email, she creates an allow-exception rule permitting Simple Mail Transfer Protocol (SMTP) traffic on port 25 to leave the internal network for the Internet. Her supervisor examines Lenita's work and points out a possible problem. What is it?
The allow-exception rule could create a loophole threatening internal communications on the same port.
A best practice for firewall rules is to keep the rule set as simple as possible.
True
A best practice is to define a complete firewall rule set for each prescribed firewall in a written firewall policy.
True
A buffer overflow is a condition in which a memory buffer exceeds its capacity and the extra content "overflows" into adjacent memory.
True
A change control mechanism tracks and monitors the changes to a system.
True
A default-allow firewall stance assumes that most traffic is benign.
True
A default-deny firewall stance assumes that all traffic is potentially unauthorized.
True
An access control list (ACL) focuses on controlling a specific user's or client's access to a protocol or port.
True
Depending on the firewall, a single rule can sometimes define outbound and inbound communication parameters.
True
Firewall filtering is an effective protection against fragmentation attacks.
True
Firewall rules are instructions that evaluate and take action on traffic traversing the network.
True
Firewalls filter traffic using rules or filters.
True
The source address and the port address of outbound firewall rules are often set as ANY, unless the rule is to apply to specific systems or ports.
True
The universal Deny rule should be the last and final rule in a firewall rule set.
True
When a firewall functions at wire speed, the firewall does not introduce any delay or latency in communications because it operates at the same speed as the network.
True
Carl is a networking student who is reading about methods of encryption and how they work with firewalls. Right now, he is studying a form of encryption that encrypts the entire original payload and header of a packet. However, because the header contains only information about endpoints, it is not useful for a firewall filtering malicious traffic. Which of the following is the encryption method being described?
Tunnel mode
Bill is a network technician. He is currently configuring the infrastructure's Internet-facing firewalls. He knows that the Internet Control Message Protocol (ICMP) echo type often referred to as "ping" is used by malicious persons to probe networks. He wants to set up a rule that will deny ping attempts from outside the network. What does he deny?
Type 8