Information Security Chapter 6 Review Questions
What is a hybrid firewall?
A Hybrid firewall "combine the elements of other types of firewalls that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways
What is a Next Generation Firewall (NextGen or NGFW)?
A Next-Generation Firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS)
What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?
A TCP Packet sends information, and reports back to the sender on progress to assure that information has been sent and received. UDP on the other hand is designed more for speed after establishing a connection and is used to strive for the fastest data retrieval rate as possible, but for this type of packet, it's less important that it reports back. I don't believe there will be specific transactions that involve both types of packets. But TCP is better for assuring that data is being received completely, but UDP focuses on assuring data is retrieved as quickly as possible.
What special function does a cache server perform? Why is this useful for larger organizations?
A cache server is a server that basically makes available frequently used pages. For example, big corporations use cache servers to make sure pages that they use to market their products are basically pre-rendered and ready to send instead of asking for a full request from a webpage host. It also adds an additional layer of protection against attacks as only portions of a website can be attacked at a time.
How is an application layer firewall different from a packet-filtering firewall?
A packet-filtering firewall only allows "a particular packet with a particular source, destination, and port address to enter". An application layer firewall is sometimes called a proxy server because it "runs special software that acts as a proxy for a service request" It is more to deal with outgoing connections and making connections within the DMZ zone of an organization.
Explain the conceptual approach that should guide the creation of firewall rule sets.
It operates at the transport layer. Prevents direct connections between one network and another. It's the transport
Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.
Packet filtering firewalls include Static Filtering, dynamic filtering, and stateful inspection filtering these all work at the transport layer of the network. Packet filtering interacts with network traffic to confirm or deny it based on a rule set for a packet going up against a set of rules that is determined. Static filtering is up against a rule set for each packet, dynamic filtering filters packets depending on network traffic and usage limits, and stateful inspection examines packets and verifies where they are coming and going to determine via logs.
What is stateful inspection? How is state information maintained during a network connection or transaction?
Stateful inspection keeps track of each network connection between internal and external system using a state table. A state table track the context and state of each packet in the conversation by recording which station sent the packet and when it was dent.
How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?
Static filtering works with rules that are already designated or "developed and installed with the firewall" and only a person can change it
What is the typical relationship among the untrusted network, the firewall, and the trusted network?
The relationship is that data is only limited to what firewalls allow via specific places called "ports". There is the untrusted network on the outside, then the firewall which prevents unwanted or suspicious connections, and the trusted network is what lies within the bounds of the firewall.
What is the primary value of a firewall?
To protect something from unwanted network traffic.
Describe Unified Threat Management. Why might it be a better approach than single- point solutions that perform the same functions? How does UTM differ from Next Generation Firewalls?
Unified Threat Management (UTM) is a network security function which assimilates multiple security services into a single device or service. The alternative to UTM is to have multiple, separate devices to perform one or more functions. The difference between UTM and NGFW is that NGFW is a firewall enhanced with an IPS and application intelligence. A UTM includes an NGFW plus: Email protection, Endpoint protection, Wireless protection, Web protection, Web server protection and Network protection.
