Firewall Flashcards
What is the range of characteristics that a firewall access policy could use to filter traffic?
IP Address and Protocol Values
Application Protocol
User Identity
Network Activity
Controls access based on the source or destination addresses and port numbers, direction flow being inbound or outbound, and other network and transport layer characteristics.
IP Address and Protocol Values
Controls access based on the basis of authorized application protocol data. e.g., checking SMTP email for spam, or HTPP web requests to authorized sites only.
Application Protocol
Controls access based on the users identity, typically for inside suers who identify themselves using some form of secure authentication technology, such IPSec.
User Identity
Controls access based on consideration such as the time or request, e.g., only in business hours; rate of requests, e.g., to detect scanning attempts; or other activity patterns.
Network Activity
A _____ ______ _____ applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.
packet filtering firewall.
The IP address of the system that originated the IP packet.
Source IP address
The IP address of the system the IP packet is trying to reach.
Destination IP address
The transport-level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET.
Source and destination transport-level address
Defines the transport protocol
IP protocol field
For a firewall with three or more ports, which interface of the firewall the packet came from or which interface of the firewall the packet is destined for.
Interface
In a packet filtering firewall, if there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is no match to any rule, then a default action is taken. Two default policies are possible?
Default = discard: That which is not expressly permitted is prohibited. Default = forward: That which is not expressly prohibited is permitted.
What are the different kinds of firewalls?
General Model Packet filtering firewall Stageful inspection firewall Application proxy firewall Circuit-level proxy firewall
Packet filtering firewall are filtered using what rules?
Source IP address
Destination IP address
Source and destination transport-level address
Interface
What are the advantage of Packet Filter Firewall?
Simplicity
Typically transparent to users and are very fast
What are the weaknesses of Packet Filter Firewall?
Cannot prevent attacks that employ application specific vulnerabilities or functions
Limited logging functionality
Do not support advanced user authentication
Vulnerable to attacks on TCP/IP protocol bugs
Improper configuration can lead to breaches
System identified as a critical strong point in the networks security.
Serves as a platform for an application-level or circuit-level gateway
Bastion Hosts
Used to secure an individual host
Available in operating systems or can be provided as an add-on package
Filter and restrict packet flows
Common location is a server
Host-Based Firewalls
What are the advantage so Host-Based Firewall.
Filtering rules can be tailored to the host environment
Protection is provided independent of topology
Provides an additional layer of protection
Is and extension of an IDS that includes the capability to attempt to block or prevent detected malicious activity.
Can be host-based, network-based, or distributed/hybrid
Can use anomaly detection to identify behavior that is not that of legitimate users, or signature/heuristic detection to identify known malicious behavior can block traffic as a firewall does but makes use of the types of algorithms developed for IDSs to determine when to do so.
Intrusion Prevention Systems
