Examining Firewalls And IPSs

Question 1

What are network firewalls?

Answer 1

These devices act as a security barrier between internal and external networks, controlling incoming and outgoing network traffic based on predetermined security rules. The primary purpose is to prevent unauthorized access while permitting outward communication.

Question 2

What are a few different types of firewalls and their associated functionality?

Answer 2

1. Packet-filtering: Examines packets entering or leaving the network, either accepting or rejecting the packet based on user-defined rules.
2. Stateful packet inspection: Monitors the state of active connections, making decisions based on the context of the traffic and state of the network.
3. Application-level: Filters incoming traffic between the network and the traffic source, operating at the application layer.
4. Circuit-level: Monitors TCP handshakes across the firewall to determine if the session is legitimate.

Question 3

What is a Next-Generation Firewall (NGFW)?

Answer 3

NGFW incorporates features of traditional firewalls with quality of service (QoS) functionalities, including additional features like application awareness, integrated intrusion prevention, and cloud-delivered threat intelligence.

Question 4

What is an Intrusion Detection System (IDS)?

Answer 4

IDS monitors networks or systems for malicious activity or policy violations. It can be network-based (NIDS) or host-based (HIDS).

Question 5

What is an Intrusion Prevention System (IPS)?

Answer 5

IPS is similar to IDS but with the ability to prevent detected threats, actively blocking or preventing intrusions in real-time.

Question 6

What is Unified Threat Management (UTM)?

Answer 6

UTM combines and integrates various security services and features, including Firewall, IDS/IPS, Antivirus, Gateway anti-spam, and Content filtering.

Question 7

What is a stateful firewall?

Answer 7

A stateful firewall keeps track of the state of active connections, making decisions based on the context of the traffic and the state of the network.

Question 8

How do stateful firewalls operate?

Answer 8

Stateful firewalls operate by inspecting both the header information and the contents of data packets.

Question 9

What do stateful inspections monitor?

Answer 9

Stateful inspections monitor ongoing connections to ensure that the traffic is associated with a known connection.

Question 10

What advantage do stateful firewalls offer?

Answer 10

Stateful firewalls provide more awareness of communications occurring over a network, offering a higher level of security.

Question 11

How do stateful firewalls make security decisions?

Answer 11

Stateful firewalls remember previous communications and make security decisions based on past packets and the state of connections.

Question 12

What are circuit-level gateways?

Answer 12

Circuit-level gateways operate at layer 5 of the OSI model, making security decisions based on the handshaking protocols.

Question 13

What do circuit-level gateways monitor?

Answer 13

Circuit-level gateways monitor TCP handshaking between packets, determining whether a session request is legitimate.

Question 14

What can circuit-level gateways do with packet information?

Answer 14

Circuit-level gateways can hide information about the packets.