Chapter 2: Network Security Devices Flashcards
1
Q
Network-based Firewalls
A
- primary task is to deny or permit traffic that attempts to enter or leave the network
- decisions based on explicit preconfigured policies and rules
2
Q
What are processes used by Network-based Firewalls to allow or block traffic
A
- simple packet-filtering techniques
- Application Proxies
- Network Address Translation
- Stateful Inspection Firewalls
- Next-generation context-aware firewalls
3
Q
Packet-filtering
A
- control access to specific network segments by defining which traffic can pass through them
- usually inspects traffic at the transport layer of the OSI model
- Example: packet filters can analyze TCP/UDP packets and compare them against a set of predetermined rules (ACLs)
- —Inspect the following elements—–
- source address
- destination address
- source port
- destination port
- protocol
4
Q
ACE
A
- Access Control Entry
- classify packets by inspecting Layer 2 through Layer 4 headers
- Layer 2 protocol information: EtherTypes
- Layer 3 Header Information: source/dest IP addresses
- Layer 4 protocol information: ICMP, TCP, UDP
- Layer 4 Header Information: source/dest ports
5
Q
Standard ACLs
A
- used to identify packets based on their destination IP address
- used for route redistribution for dynamic routing deployments
- can only be used if the router is in “routed” mode
- CANNOT be applied to an interface for filtering traffic
6
Q
Extended ACLs
A
- most common type of ACL
- can be used if the router is in “routed” OR “transparent” mode
- can classify packets based on:
- — source and destination IP address
- — Layer 3 protocols
- — source/destination ports
- — destination ICMP type for ICMP packets
7
Q
Application Proxies
A
- aka proxy servers
- devices that operate as intermediary agents on behalf of clients that are on a private or protected network
- clients on the protected network send connection requests to the application proxy to transfer data to the unprotected network or Internet.
- works at the Application Layer
- Great tool for networks with numerous servers that experience high usage
- can protect against some web-server-specific attacks
8
Q
Stateful Inspection Firewalls
A
- track every packet passing through their interfaces by ensuring that they are valid, established connections
- examine packet header contents AND application layer information within the payload