ECM 1413 firewalls Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

A firewall can

A
  • Restrict both incoming and outgoing traffic
  • Use both positive and negative filters
  • Consider both the payload and different tcp/ip headers
  • Consider packets individually or as part of a flow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is a firewall

A

A firewall is a security system designed to prevent unauthorized access into or out of a computer network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The principal types of firewalls are:

A

1- Packet filtering firewalls
2- Stateful packet inspection firewalls
3- Application level gateways
4- Circuit level gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Packet-filtering firewalls

A

A packet-filtering firewall filters individual packets on the basis of packet headers (up to the transport layer) and packet payloads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A packet-filtering firewall may filter packets on the basis of:

A
  • Port numbers
  • Ip addresses
  • Filetypes
  • Malware signatures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Wildcard masks

A

A wildcard mask indicates which bits of an IP address a particular rule is concerned with during IP address matching
- 0: the corresponding bit must match
- 1: the corresponding bit does not matter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Action: Allow
IP address: 20.1.1.1
Wildcard Mask: 0.0.255.255

A

means “allow all IP addresses of the form 20.1.x.y”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Action: Deny
IP address: 20.2.1.1
Wildcard mask: 0.0.0.255

A

means “deny all IP addresses of the form 20.2.1.z”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Statefull firewalls

A

A stateful firewall reviews the same packet information as a packet filtering firewall, but also filters packets on the basis of a directory of established transport-layer connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A stateful firewall can track

A
  • TCP connections by looking for handshakes during connection startup and connection shutdown
  • UDP segments by tracking ip addresses and port numbers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Application-level gateway

A

Filters packets based on applications or certain features of applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does an application-level gateway

A

Sets up 2 tcp connections: one from the trusted network to the firewall, and one from the firewall to the untrusted network

Example: an application-level gateway can be used as a web or email gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Circuit-level gateways

A

A circuit-level gateway determines which tcp connections will be allowed. Just as the application-level gateway, a circuit-level gateway sets up two tcp connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Circuit-level gateway example

A

1 The circuit-level gateway receives a TCP connection request from a trusted client

2 The circuit-level gateway approves or denies the TCP connection based on IP addresses, port numbers, user authentication, etc.

3 If the connection is approved, the circuit-level gateway establishes a second TCP connection to the server on the client’s behalf

4 From this point on, the circuit-level gateway simply relays segments in the TCP connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Firewall organizations include:

A

1 single firewall inline

2 double firewall inline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Single firewall inline

A

A single firewall inline puts a firewall between an external and internal router

17
Q

Double firewall inline

A

puts a dimilitarized zone (DMZ) between an external and internal firewall. The dmz is a network for systems that must be externally accessible (e.g., e-mail, dns, web) but still need some protection

18
Q

virtual private network (VPN)

A

uses encryption and authentication (provided by Ipsec as an example) to provide a secure connection through an otherwise insecure network, typically the internet

19
Q

benefit and drawback of VPNs

A

+ can be used to bypass firewalls and other restrictions, and to increase privacy and security
-may result in a lower connection speed, blocks certain internet services, resale of your data to third parties.