(1) Firewalls and Securing the Outer Edges of the Network Flashcards
Where do network firewalls reside on the network? What do they do?
Network firewalls sit at the borders between networks and give protection to the network.
Where does Network Access Control (NAC) not help?
What helps in those cases instead?
NAC doesn’t help when an intruder is already connected to the network.
In those cases, firewalls help
If a firewall is triple homed, what does that mean?
A firewall that is triple homes is connected to three different networks.
In a triple homed network with a firewall connecting the three networks, if a device is on one network and wants to pass through to another, what must happen?
In a triple homed network with the firewall connecting the three networks, if a device is on one network and wants to pass through to another, it has to pass through the firewall.
In the context of firewalls, what is a screened subnet?
What is an example of a screened subnet?
A screened subnet is a network that sits isolated from the internal network but (often) still able to communicate with the outside world.
An example of a screened subnet is one where an e-mail or web server may sit isolated from the internal network, so that if the e-mail and/or web servers are compromised, the internal network on the other side of the firewall is kept safe by the security policies that the firewall implements.
When firewalls get a request to connect, how does a firewall manage those requests?
If a connection request isn’t specifically allowed, how does the firewall handle it.
Firewalls are set up with a set of stipulations. These stipulations are called an Access Control List (ACL). The ACL says what traffic is allowed and what traffic is not allowed.
If a connection request comes through and the ACL doesn’t specifically allow it, then it is denied by default.
What are the stipulations that a firewall uses based on?
The stipulations are based on destination IP addresses and port numbers that line up to particular services
Firewalls follow the default deny principle, which is what?
The default deny principle is that if a stipulation isn’t specifically present, that the connection is denied.
What are packet filtering firewallas?
Packet filtering firewalls don’t have a lot of smarts. All they do is scan the packet against a very basic set of stipulations and not much else.
What are stateful inspection firewalls?
Stateful inspection firewalls focus more on the condition of the connection that is trying to go through the firewall. A little better than packet filtering firewalls.
What are Next-Generation Firewalls (NGFW)?
NGFW go deeper than packet filtering or stateful inspection firewalls in that they include specifics about apps, business processes and users. They are the most current and therefore useful firewalls as they offer very robust protection.
What are Web Application Firewalls (WAFs)?
WAFs are special firewalls that defend against specific web based attacks such as SQL injection and cross-site scripting