Firewall

Question 1

In Firewall setting, what configuration of Firewall would only allow packets through that already have a TCP connection?

Answer 1

Allow messages with ACK field = SET

Question 2

Packet filtering approach to firewall advantages & disadvantages

Answer 2

+ - easy to set up & transparent to users
- - can’t prevent attacks that use application-specific vulnerabilities and limited logging fxnality and can’t see exploits that use packet-to-packet exploit and sometimes too simple

Question 3

Statefull Inspection Firewall - describe it

Answer 3

logs information about prior information regarding packet, more specific info about connection

Question 4

Application-Level Gateway Firewall

Answer 4

a MiddleMan between remote host application and user, checks user authentication and remote app authentication checks before connection them.

Question 5

Application-Level Gateway must have what for each application. What’s good and bad about it?

Answer 5

It must have web proxy code - this restricts certain application features to what’s allowed.
+ - more secure than packet filters
- - additional processing overhead on each connection because there’s double the connections compared to without Gateway

Question 6

an example of a application-level gateway used to access a remote application is called a

Answer 6

Bastion Host - have read only access to code, are typically a fraction of the complexity of actual application, are non-privileged users and can restrict features that can be accessed

Question 7

Personal Firewall

Answer 7

often used at homes and much like host-based except it does more:
- can make computer invisible to network and drop unsolicited comms UDP packets, logging of activity, and require apps to have authorization to provide services