Chapter 6 - Firewalls

Question 1

If the packet is not a provable attack packet, the firewall passes the packet on to its destination.

This is called a __________.

Answer 1

Pass/deny decision

Question 2

Firewalls usually record information about each dropped packet in a __________.

This process is called __________.

Answer 2

1. Log file

2. Logging

Question 3

Many firms have ______ which filter traffic through different parts of the internal network.

Answer 3

Internal firewalls

Question 4

The firewall which examines packets entering the network from the outside is called _________.

Answer 4

Ingress filtering

Question 5

The firewall which examines packets leaving the network from the inside is called _________.

Answer 5

Egress filtering

Question 6

Firewalls must be able to filter traffic at _____ which is the maximum speed of the lines that are connected to it.

Answer 6

Wire speed

Question 7

What are the six types of filtering methods?

Answer 7

1. Stateful packet inspection filtering.
2. Static packet filtering.
3. Network address translation.
4. Application proxy filtering.
5. Intrusion prevention system filtering.
6. Antivirus filtering.

Question 8

All main border firewalls use _____.

Answer 8

Stateful packet inspection (SPI)

Question 9

What type of filtering looks at packets one at a time while isolated?

Answer 9

Static packet filtering

Question 10

What types of attacks can ‘static packet filtering’ stop?

Answer 10

1. Internet Control Message Protocol (ICMP) echo messages.

2. Packets that are spoofed with different IP addresses.

Question 11

Static packet filtering is not used as a _____.

Answer 11

Main border firewall filtering mechanism.

Question 12

“Nearly all” corporate border firewalls use the _____.

Answer 12

Stateful packet inspection (SPI) filtering method.

Question 13

SPI focuses on _____ which are _____ b/w different programs on different computers.

Answer 13

1. Connections

2. Persistent conversations

Question 14

A _____ is a distinct phase in a connection b\w two applications.

Answer 14

State

Question 15

_____ uses specific examination methods depending on the _____ of the _____.

Answer 15

1. Stateful packet inspection
2. State
3. Connection

Question 16

The vast majority of _____ are not a part of _____.

Answer 16

1. Packets

2. Connection-opening attempts

Question 17

In SPI, if the _____ is part of an existing connection, the packet is passed, usually without further _____.

Answer 17

1. Packet

2. Filtering

Question 18

In SPI, if the _____ is not part of an existing connection, the packet is _____ and _____.

Answer 18

1. Packet
2. Dropped
3. Logged

Question 19

_____ consist of a series of rules that are _____ to the default behavior.

Answer 19

1. Access control lists

2. Exceptions

Question 20

A secondary type of protection used in firewalls is _____.

Answer 20

Network address translation (NAT)

Question 21

What ranges from 1024 to 4999?

Answer 21

Ephemeral port numbers

Question 22

The _____ firewall intercepts all _____ traffic and replaces source __ addresses and source ____ numbers with (stand-in) external versions.

Answer 22

1. NAT
2. Outgoing
3. IP
4. Port

Question 23

What are some types of application proxy firewall protections?

Answer 23

1. Internal IP address hiding.
2. Header destruction.
3. Protocol fidelity.

Question 24

Traditional firewalls don’t what?

Answer 24

Don’t do antivirus filtering.

Question 25

Unified Threat Management (UTM) Firewalls use what methods?

Answer 25

1. SPI 2. Antivirus filtering 3. VPNs 4. DoS protection 5. NAT

Question 26

Intrusion Prevention Systems (IPSs) use... and can...

Answer 26

IDS filtering methods, as well as being able to stop 'some' kinds of attacks rather than only identifying threats.

Question 27

If the packet is a _______ the firewall drops the packet.

Answer 27

Provable attack packet

Question 28

Heavy processing requirements involving IDSs are due to what types of methods?

Answer 28

1. Deep Packet Inspection (DPI). | 2. Packet Stream Analysis (PSA).

Question 29

What do IPSs do when they detect potentially suspicious traffic at the high end of the Attack Identification Confidence Spectrum (AICS)?

Answer 29

1. Drop packets (dangerous but highly effective). | 2. Bandwidth limitation.

Question 30

Unified Threat Management (UTM) embraces both _____ firewalls and _____ filtering methods.

Answer 30

1. Traditional | 2. Antivirus

Question 31

Main Border Firewalls are...

Answer 31

At the point where the corporate network connects to the Internet.

Question 32

Between the border firewall and the Internet is the sites _____ and stops simple _____.

Answer 32

1. Screening border router | 2. High-volume

Question 33

What is a positive of the SBR?

Answer 33

It economically reduces the load on the main border firewall.

Question 34

Internal Firewalls do what?

Answer 34

Internal firewalls control the traffic flow in b/w different parts of the firms internal network.

Question 35

What is a Host Firewall?

Answer 35

A host-based firewall is a piece of software running on a single host that can restrict incoming and outgoing network activity for that host only.

Question 36

What does one create when using (1) border, (2) internal, and (3) host firewalls?

Answer 36

It creates defense-in-depth.

Question 37

The border firewall is multihomed, meaning that it...

Answer 37

Connects to multiple subnets.

Question 38

What is the DMZ?

Answer 38

A subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world.