Firewall Concepts
Why would you packet filter between before the DMZ?
This would allow users to access sites placed in the DMZ but nothing outside of them
What can't firewalls prevent against?
Malicious insiders Connections that do not go through the firewall
Are APLG more or less secure than packet filtering?
More secure
What are the 2 other security solutions that must be associated with a firewall
An intrusion Detection Protection System (IDPS) Antivirus software
What is packet filtering based on position mean?
Based on the position of where the firewall is placed and activities to monitor, the different packets it will filter
Where can packet filtering be placed?
Between the internet and a host Between a proxy server and the internet
What is it called when a firewall is paired with other security measures?
Defense in Depth
What is stateless packet filtering?
Determines whether to allow or block packets based on the header information
What is the main purpose of the circuit level gateway?
Determines which connections will be allowed by authenticating the users
What are the core functions of a firewall?
Filtering Proxying Logging
What is a firewall?
Firewall is a barrier between your computer or internal network and the outside world/
Why are firewalls not a stand alone solution?
Firewalls are great but they are just a piece of a Defense in Depth approach.
Are firewalls software or hardware?
Firewalls can actually be a combination of both
Where do software based firewalls sit (location)?
For personal firewalls, they are located ethernet adapter and thee TCP/IP stack
What is a proxy server?
Handles traffic on behalf of the computers on the network it protects by rebuilding outbound and inbound requests to hide internal IP address info.
What are the most common IP headers used for SPF?
IP Address Ports TCP Flags
What does an application level gateway do?
It authenticates users requests and then allows those users to create TCP/IP connections with the requested host.
What is a circuit level gateway?
It is a gateway between internal and external TCP users
What is a state table in reference to Stateful Packet filtering?
It is a table that keeps record of all the computers that make connection with a network and what ports that are used like source and destination.
What is stateful packet filtering?
Keep a record of connections that a host computer has made with others computers by maintains a state table.
What are some benefits of stateful packet filtering?
Keeps a state table that can be used to reference all of the connections that have been made to a network.
What are some pros of software firewalls?
Less expensive, easy to place them throughout the network
When would you use a Software FW?
Need many different firewall settings throughout the traffic Budget is less flexible When security varies throughout the network.
When would you use a hardware FW?
Need to handle high amounts of traffic Budget is security focused Asset security needs to be strong
Are firewalls strictly used for corporations?
No, there are many consumer level firewalls available
What can firewalls prevent against?
Outside sources via the network
What did the earliest firewalls specialize on?
Packet filtering
What are the four common types of packet filtering methods?
Packet filtering Application gateway Circuit level gateway Stateful packet inspection
What are the different types of firewalls?
Packet filtering Application gateway Circuit level gateway Statful packet inspection
What are the different methods firewalls use?
Packet filtering Stateful packet filtering User authentication Client application authentication
Why would you packet filter between a proxy server and the internet?
So the proxy server can perform it's job before traffic is sent out or received
Which packet filtering solution is the preferred one?
Stateful Packet filtering
What is a disadvantage of APLG over packet filterring?
The additional processing overhead for each connection
What are some advantages of SLPF?
They are typically cheap or free Some are included in routers and OS
What are some disadvantages of SLPF?
They can be cumbersome for complex networks They are vulnerable to IP spoofs lack authentication processes
What are some cons of Software based firewalls?
They can be tough to setup for an admin need to remove all vulnerable applications for the OS to run.
Why is stateless PF not enough?
They cannot filter intrusions when someone connects to a computer that has not initiated a connection.
What are some advantages of hardware based firewalls?
They do not depend on a conventional OS like linux to run, which reduces known vulnerablilities They scale better and can handle more traffic than a software based FW
What are some disadvantageous of hardware based firewalls?
They need to run on special OS (CISCO), A less publicly tested OS They are expensive
What is an application level gateway?
This acts as a relay of application level traffic
Why would you packet filter between and after the DMZ?
This allows incoming traffic to be filtered without reaching the internal network
Why would a user need a proxy code for each application in reference to an APLG?
This ensures that authenticated connections are legit throughout the proxy process
Why would you packet filter between the internet and the host?
To filter all inbound and outbound traffic
What are the 4 filtering rules that firewalls need to address?
What types of protocols What source ports to allow What destination ports What source IP addresses to allow
What's one of the most common stateful packet filtering firewalls out there?
Windows Firewall
Can you apply packet filtering in more than one spot?
Yes