Chapter 2: Network Security Devices Flashcards

1
Q

Network-based Firewalls

A
  • primary task is to deny or permit traffic that attempts to enter or leave the network
  • decisions based on explicit preconfigured policies and rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are processes used by Network-based Firewalls to allow or block traffic

A
  • simple packet-filtering techniques
  • Application Proxies
  • Network Address Translation
  • Stateful Inspection Firewalls
  • Next-generation context-aware firewalls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Packet-filtering

A
  • control access to specific network segments by defining which traffic can pass through them
  • usually inspects traffic at the transport layer of the OSI model
  • Example: packet filters can analyze TCP/UDP packets and compare them against a set of predetermined rules (ACLs)
  • —Inspect the following elements—–
  • source address
  • destination address
  • source port
  • destination port
  • protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ACE

A
  • Access Control Entry
  • classify packets by inspecting Layer 2 through Layer 4 headers
    • Layer 2 protocol information: EtherTypes
    • Layer 3 Header Information: source/dest IP addresses
    • Layer 4 protocol information: ICMP, TCP, UDP
    • Layer 4 Header Information: source/dest ports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Standard ACLs

A
  • used to identify packets based on their destination IP address
  • used for route redistribution for dynamic routing deployments
  • can only be used if the router is in “routed” mode
  • CANNOT be applied to an interface for filtering traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Extended ACLs

A
  • most common type of ACL
  • can be used if the router is in “routed” OR “transparent” mode
  • can classify packets based on:
  • — source and destination IP address
  • — Layer 3 protocols
  • — source/destination ports
  • — destination ICMP type for ICMP packets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Application Proxies

A
  • aka proxy servers
  • devices that operate as intermediary agents on behalf of clients that are on a private or protected network
  • clients on the protected network send connection requests to the application proxy to transfer data to the unprotected network or Internet.
  • works at the Application Layer
  • Great tool for networks with numerous servers that experience high usage
  • can protect against some web-server-specific attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Stateful Inspection Firewalls

A
  • track every packet passing through their interfaces by ensuring that they are valid, established connections
  • examine packet header contents AND application layer information within the payload
How well did you know this?
1
Not at all
2
3
4
5
Perfectly