3.3 - Firewalls Flashcards

1
Q

Standard Issue

A
  • Universal security control
  • Allows us to control the flow of traffic (inbound or outbound)
  • very important for corporations to protect internal network from the internet
  • Can include content control (NSFW, parental controls, etc…)
  • sometimes have protection against malicious code (anti - malware / virus)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network - based firewalls

A
  • Filter traffic by port number of application (Traditional)
  • NGFW (Next Gen Firewalls also include filtering capabilities at the application layer)
  • Many firewalls can act as endpoints (ex: IPSec tunnel when using VPN) Allows you to configure firewall as central place for remote access
  • Most firewalls can be configured to act as a layer 3 device (effectively replace routers used to connect to the internet) (often sits on the ingress/ egress of the network)
  • NAT (Network Address Translation) functionality (so you can have internal, private addresses which can communicate to address)
  • Authenticate dynamic routing communication (b/c it’s acting like a router)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Stateless Firewall

A
  • Does not keep track of traffic flows (doesn’t know that the response from the webserver was as a result of our original request)
  • Each packet is individual examined, regardless of past history
  • Traffic sent outside of an active session will traverse a stateless firewall
  • Needs to have a rule base that examines every flow of traffic (individual rules to handle both the request and response, since it doesn’t understand traffic flows)
  • if an attacker gains access to a webserver to send unprompted information ( it doesn’t know it was unprompted and once it checks its rule base it will allow it, even though it was unprompted) potentially allowing malicious things through the firewall
  • older style of firewall, very uncommon at this point
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stateful Firewall

A
  • Remembers the “state of the session
  • Now, only need a single rule to allow communication from user through firewall to webserver and back (a stateless firewall, needed two rules)
  • Ex: once user request hits the firewall, it is checked in ACL, if valid, the firewall will create a session table (which has information about that particular flow), the webserver sends a response, which checks the ACL table and then the session (or state) table, and is returned
  • The rules are stored in ACL’s
  • If an attacker initiates an attack from the webserver (when it hits the firewalls, it won’t match rule based or session table and it will be denied acces)
  • Everything within a valid flow is allowed
  • more secure than stateless
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

UTM

A
  • Unified Threat Management
  • Web security gateway
  • Newer version of a firewall
  • Possible Additional features: URL filter / Content inspection, malware inspection, spam filter, CSU / DSU connective (for wide-area security connection), router / switching built in, firewall, IDS/ IPS, Bandwidth shaper, VPN endpoint
  • All in one security appliance
  • Challenges: Generally never one single vendor that could provide all services in one device
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NGFW

A
  • Next-generation firewalls
  • application layer devices that can see the application flows across all communication
  • aka Application Layer Gateway
  • aka Stateful multilayer inspection
  • aka Deep packet inspection
  • The OSI Application layer
  • All data in every packet
  • Requires some advanced decodes
  • Every packets must be analyzed (regardless of IP address or ports being used), these are categorized before a security decision is determined
  • more intelligent than UTM or traditional firewall
  • Commonly network - based firewalls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network - based firewalls

A
  • Control traffic flows based on the application
  • (Ex: SQL, Twitter, youtube)
  • might also include Intrusion Prevention System (IPS) might react to any vulnerabilities
  • Content filtering (url filtering, or category filtering)
  • provides more
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

WAF

A
  • Web application Firewall
  • Not like a ‘normal’ firewall (which bases traffic flow on IP address/ ports)
  • not like a NGFW (which examines applications for traffic flows)
  • WAF Applies rules to Http/ Https conversations
  • specifically built for web-based applications
  • Allow / deny traffic based on input to application (based on expected input)
  • Unexpected input is a common method of exploiting an application (SQL Injection)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PCI DSS

A
  • Payment Card Industry Data security standard
  • ## mandates a WAF (Web application Firewall)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ACL’s

A
  • Access Control List
  • aka Security Policy
  • This is the list of rules for a firewall that determines who is allowed through
  • based on tuples
  • Groupings of categories
  • Source IP, Destination IP, port number, time of day, application, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Logical-path

A
  • Usually Top to bottom
  • firewall tries to match the first rule, then second, etc.
  • eventually, we will find a match, and then you know the flow
  • Generally, the specific rules are at the top
  • If there are no rule matches in the table, most firewalls will have an implicit deny (implicit deny’s don’t have logs, so if you want a log, you’ll have to create a rule that is open ended for a given protocol)
  • ACLs (Access Control Lists), the rule table in firewalls, have so many rules, understanding how they traverse is important
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TCP protocol

A
  • web traffic
  • one attribute in an ACL rule table
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Local Port 443

A
  • Typically HTTPs communication
  • one attribute in an ACL rule table (the Local Port), obviously port number could be different
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Port 3389

A
  • Commonly used for remote desktop
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ex: Remote Port 53 and Protocol UDP

A
  • DNS traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Remote Port 123

A
  • Network time protocol for time syncronization
17
Q

Open source firewalls

A
  • tends to allow based on traditional firewall
  • doesn’t tend to be next gen
18
Q

Proprietary Firewall

A
  • Does have application control (Next Gen)
  • Usually built on hardware built for high speeds
19
Q

Hardware firewall

A
  • Purpose built hardware provides efficient and flexible connectivity options
  • fast
  • could connect to ethernet / wireless network
20
Q

Software firewalls

A
  • Software- based firewalls can be installed almost anywhere
  • flexible
21
Q

Appliance based physical firewall

A
  • Appliances provided the fastest throughput
  • b/c purpose built hardware
  • common on enterprise network
22
Q

Host-based firewall

A
  • Are application-aware and can view non-encrypted data b/c they’re run on the OS
  • can make security decisions based on what apps are in use
23
Q

Virtual firewalls provide valuable

A
  • East/West network security
  • if you’re in an environment with many devices (like a data center)