Firewall Flashcards

1
Q

What is a computer program or hardware device that is designed to block unauthorized access while permitting authorized communications based on a set of rules and other criteria

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Firewalls emerged in the 1980’s as a result of several high-profile breaches. What device did they evolve from?

A

From simple ACLs on Routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Whats are the four basic firewall security designs?

A
  • Packet
  • Stateful Inspection
  • Application Layer
  • Hybrid
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of firewall is used on modern networks?

A

Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of firewall is the simplest and filters packets based on a comparison of packet contents with filters in its rules?

A

Packet Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of firewall is essentially a packet-filtering design except that the system creates and maintains a session table to ensure every packet is part of a valid connection.

A

Stateful Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of firewall acts as a server to the internal client, but acts like a client to the external server? It is commonly referred to as a proxy firewall.

A

Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hybrid firewalls can analyze traffic that is passed/dropped at what layers of the OSI model?

A

Layer 3 – Network Layer
Layer 4 – Transport Layer
Layer 7 – Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Whats is the Air Force’s enterprise firewall solution?

A

McAfee Sidewinder (appliance-based firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does Sidewinder call logical network partitions or zones? These are used by Type Enforcement to isolate networks of different regions of trust or security.

A

Burbs (they allow assignment to any interface on the firewall without modifying multiple rules)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the implementation of Mandatory Access Controls and is based on the principle of least privilege?

A

Type Enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DNS can be handled in three different ways on Sidewinder, what are they?

A
  • Transparent
  • Single Server
  • Split Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In what DNS function does Sidewinder not act upon DNS queries, instead it passes DNS from internal to external if there is a rule for it. The system does not cache any queries nor participate in the DNS stream.

A

Transparent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In what Sidewinder DNS function are all DNS records on the firewall handled by a single server for all interfaces (not entirely secure)

A

Single Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In what DNS function does Sidewinder have two separate servers on the firewall. The Internet server is only for the Internet burb and its queries. The Unbound server is for all other burbs. (The most secure method)

A

Split Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

(T/F) Sidewinder does not have the ability to perform time synchronization.

A

False. Sidewinder can function as an NTP server on any interface.

17
Q

Sidewinder can be managed with a GUI or a command line interface. What are the advantages of using CLI?

A
  • More powerful
  • Direct interface
  • Can affect multiple things at once
  • Less steps/effective immediately
18
Q

In what order are rules stored and processed in Sidewinder?

A

Rules are stored numerically (“First match, not “Best match”)

19
Q

What are the 7 types of objects that can be created in Sidewinder?

A
  • Domain
  • Geo-location
  • Host
  • IP Address
  • IP Range
  • Netmap
  • Subnet
20
Q

TCPDump output: Which is the Source IP and which is the Destination IP in the SYN/ACK packet?

13: 02:52.538242 192.168.1.9.43012 > 69.31.49.57.80: S 1770561188:1770561188(0) win 16384 (DF)
13: 02:52.639065 69.31.49.57.80 > 192.168.1.9.43012: S 2757318732:2757318732(0) ack 1770561189 win 64240 (DF)
13: 02:52.639086 192.168.1.9.43012 > 69.31.49.57.80: . ack 1 win 16560 (DF)

A

Source: 192.168.1.9
Destination: 69.31.49.57