Firewall Basics Flashcards

1
Q

The word firewall commonly describes

A

a system or device or Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Firewall is placed between

A

a trusted network and an untrusted network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A firewall is security devices used to

A

stop or mitigate unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The only traffic allowed on the network

A

is defined via the firewall policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

It grants or rejects access to traffic flows between

A

untrusted & trusted zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A firewall monitors and check

A

incoming and outgoing network related traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

It decides to allow or block specific traffic based on

A

defined set of security rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A firewall can be

A

hardware, software, or both or can be Cloud-based or Virtual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The first generation of firewall technology consisted of

A

packet filters techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The second generation of firewall started with

A

application layers technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The third generation of firewall had

A

“Stateful” filters inspection also called NGFW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Stateful Firewall:

A

o It maintain the state of connection when packet is travelling for the appliance.
o State Full Firewall maintain the state of connection in the state table of Firewall.
o After adding information in state table, it forwards the packet to the destination.
o When it receive the reply-packet, it match the packet information to state-table.
o If Firewall receive the reply packet if match packet is accepted otherwise drop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Simplified Packet Flow

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Stateless Firewalls:

A

o Stateless Firewalls watch network traffic and restrict or block the packets.
o This Firewalls restrict or block packet based on source & destination addresses.
o Stateless Firewalls also restrict or block packet based on other static values.
o Stateless Firewalls are not ‘aware’ of the traffic patterns or the data flows.
o A stateless firewall filter, also known as an Access Control List or (ACL).
o Stateless Firewall does not state fully inspect the traffic to keep the records.
o It evaluates packet contents statically and does not keep track of connection state.
o An example of a packet filtering firewall is the Extended ACL on Cisco Routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Packet Filtering Firewall:

A

o In Packet, filtering firewall packets are filtered using the Access-List (ACL).
o Packet Filtering Firewall is vulnerable to IP spoofing network attack easily.
o Cisco IOS use Standard or Extended ACL, Named ACL etc to filter the traffic.
o Limits info is allowed into a network based on the destination and source address.
o Packet Filtering Firewall can only be implemented on Network & Transport Layers.
o Packet Filtering Firewall filters packets based on address and port number only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Proxy Firewall:

A

o Proxy Firewall works as a proxy for clients of Internal LAN users.
o No direct communication occurs between client & destination server.
o Takes requests from a client, puts that client on hold for a moment.
o Makes the requests as if it is its own request out to the final destination.
o Proxy Firewall is Memory and disk intensive at the proxy server or device.
o Proxy Firewall could potentially be a single point of failure in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Application Firewall:

A

o Application level gateways works on the Application Layer of the OSI reference Model.
o Application Firewall you can block or control the traffic generated by any applications.
o Application Firewalls can also be configured as Caching Servers to increase performance.
o Application Level gateway Firewall is more processor intensive but have very tight control.
o Application Firewall is the ability to analyze traffic all the way up to the Application Layer.

18
Q

Personal Firewall:

A

o Personal Firewall is typically software application that is installed on endpoint device.
o Personal Firewall protect the device itself from unauthorized intrusions or access.
o Most operating systems such as windows or Linux have integrated personal firewalls.
o Personal Firewalls protect a single host or device only in the network.
o Personal Firewalls control traffic arriving at and leaving individual hosts.
o Personal Firewalls have the ability to permit and deny traffic based on the application.
o Personal Firewalls have also the ability to define policies for different classes of network.

19
Q

Transparent Firewall:

A

o It works at layer 2, or it forwards the frames based on destination MAC.
o It has the capabilities to filter the traffic from layer 2 to layer 7 of OSI Model.
o Transparent Firewall is invisible to devices on both sides of protected network.
o Transparent mode does not support dynamic routing protocols or more stuff.

20
Q

Virtual Wire Firewall:

A

o Virtual Wire Firewall mode logically binds two Ethernet interfaces together.
o Virtual Wire Firewall mode allowing for all traffic to pass between interfaces.
o Virtual Wire, also known V-Wire, deployment options use Virtual Wire interfaces.
o A virtual Wire Firewall mode requires no changes to adjacent network devices.
o A Virtual Wire interface supports App-ID, User-ID, Content-ID, NAT & decryption.
o Virtual Wire Firewall mode is typically used when no switching or routing is needed

21
Q

Traditional Network Firewall:

A

o Traditional firewalls work at the network & transport layer of OSI Model.
o Allow or block traffic based on criteria such as an IP address and/or port

22
Q

Zone-Based Firewall:

A

o Zone Based Firewall is the most advanced method of a Stateful Firewall.
o Zone Based Firewall is available on Cisco IOS Routers.
o The idea behind ZBF is that we do not assign access-lists to interfaces.
o In ZBF, different zones created & assigned Interfaces to different zones.
o In Zone Based Firewall security policies assigned to traffic between zones.

23
Q

Could-Based Firewall:

A

o Cloud Firewalls are software-based, cloud deployed network devices.
o Cloud Firewalls built to stop or mitigate unwanted access to private networks.
o As Cloud Firewalls a new technology, they are designed for modern business needs.
o Cloud Firewalls are sit within online application environments to stop any attacks.
o Firewall-as-a-service (FWaaS), Security-as-a-service (SECaaS) are the examples.

24
Q

Virtual Firewall:

A

o Virtual firewall is a firewall service or an application for virtualized environment.
o Virtual firewall provides packet filtering within a virtualized environment.
o Virtual firewalls are commonly used to protect virtualized environments only.
o Virtual firewall is often deployed as a software appliance in virtual environment.
o A virtual firewall manages and controls incoming and outgoing traffic.
o It works in conjunction with switches and servers similar to a physical firewall.

25
Q

UTM Firewall:

A

o The term UTM firewall or simply UTM (Unified Threat Management) is the terminology.
o It is given to hardware or software device capable of assembling various security functions.
o Such as packet filtering, proxy, IDS & IPS, protection against malware, application control.
o UTM provides multiple security features & services in single device or service on network.
o UTM includes functions such as anti-virus, anti-spam, content filtering, & web filtering etc.
o UTM (Unified Threat Management) Firewall is not consider Next-Generation Firewall.

26
Q

Next-Generation Firewall (NGFW):

A

o NGFW performs the role of a traditional firewall and adds NGIPS features.
o Next-Generation Firewall is part of the third generation of Firewall technology.
o All NGFWs offer two key features App Awareness & Control & ID Awareness.
o Next-Generation Firewall (NGFW) provide deep-packet inspection of traffic.
o Next-Generation Firewall add application-level inspection & Intrusion Prevention.
o Next-Generation Firewall provides all traditional IPS features with high performance.
o Next-Generation Firewall allow, and block traffic based on specific application as well.
o Next-Generation Firewall allow, and block traffic based on user information as well.
o Next-Generation Firewall (NGFW) provide both IPS and application control functions.
o There is no big difference between the UTM and Next-Generation Firewall (NGFW).
o Next-Generation Firewall provide high performance and Processing using to protect.

27
Q

Palo Alto Firewall:

A

o The only firewall to identify, control & inspect your SSL encrypted traffic & applications.
o The only firewall with real-time content scanning to protect you against viruses.
o The only firewall to protect against spyware, data leakage & application vulnerabilities.
o The only next-generation firewall based on a stream-based threat prevention engine.
o Palo Alto unleashes the power of the cloud against threats known and unknown.
o Palo Alto is security application that allows or denies traffic by a single fingerprint.
o If one company experiences unique attack, all other subscribers’ networks are updated.
o You can allow certain functions of an application without blocking the entire application

28
Q

Single Pass:

A

o Palo Alto firewalls are based on a unique Single Pass Parallel Processing (SP3) Architecture.
o Single Pass Parallel Processing (SP3) enables high-throughput, low-latency network security.
o SP3, combines two components Single Pass software and Parallel Processing hardware.
o Palo Alto firewalls the single pass software performs an operation once per packet.
o Packet is processed, networking functions, policy lookup, application identification all once.
o Packet is decoding & signature matching for any & all threats & content all performed once.
o the single pass software in next-generation firewalls scans content once to avoid latency.
o This Single Pass traffic processing enables very high throughput and low latency.

29
Q

Parallel Processing:

A

o The other critical piece of Palo Alto Networks SP3 Architecture is hardware.
o It is use Parallel Processing hardware to ensure Single Pass software runs fast.
o Palo Alto Networks engineers designed separate data plan and control plane.
o This separation means you can update the device while still keep forwarding going.
o Palo Alto firewall using multiple cores and processors will run checks in parallel.
o It is not re-compile files in order to scan them but scan stream for signature.
o Identification Technologies Transform the Firewall, App-ID, User-ID, and Content-ID.

30
Q

App-ID (Application Identification) :

A

Is a combination of application signatures, protocol detection and decryption, protocol
encoding, and heuristics to identify Applications. This application identification is carried
through to the Content-ID functionality to scan and inspect applications appropriate to their
use as well as to the policy engine

31
Q

Content-ID (Scan Content):

A

Single hardware accelerated signature format to scan traffic for data credit card numbers, social
security numbers, and custom patterns and Threats vulnerability exploits -IPS, viruses and
spyware plus a URL categorization engine to perform URL Filtering.

32
Q

User-ID (Identify User):

A

Maps IP Address to Active Directory users and users to groups (roles) to enable visibility and
policy enforcement by user and group.

33
Q

Single-Pass Architecture:

A

o PAN Firewall are optimized to only inspect the packet “ONE TIME”, concurrently.
o At same time do Signature Matching, Security Processing & Networking Processing.
o All in Parallel to each other without having to re buffer same packet over & over again.
o Single-Pass performs the L7 classification and inspection Operations once per packet.
o Strength of Palo Alto Networks Firewall is its Single Pass Parallel Processing (SP3) engine.
o Every single layer of Protection Antivirus, Spyware, Data Filtering & Vulnerability protection.
o Palo Alto Networks Firewall all utilized the same stream-based signature format.
o allows PAN to buffer and inspect a packet at the same time, it can do all three in parallel.

34
Q

Control Plane:

A

o Management Functionality is provided via a dedicated control plan processor.
o Drives configuration management, logging & reporting, without touching data processing.
o Palo Alto Control Plan has its own Dual Core CPU, dedicated RAM, and dedicated RAM.

35
Q

Data Plane:

A

o Palo Alto Firewall Data Plan It is the Traffic Forwarding Plan with different chip sets.
o Three functions Signature Match process inspects traffic built on Regular Expressions.
o The second function is Security Processors matches against Palo Alto security policies.
o And the last function is Network Processor is used for traffic forwarding etc.

36
Q

Networking:

A

Packet Routing, Flow lookup, Stat Counts, NAT & All performed on Dedicated Network Pro.

37
Q

Security:

A

User-ID, App-ID, & Policy Engine, all occur on multicore, Encrypting, Decryption, Decompression

38
Q

Signature:

A

Content-ID performs Signature Lookups via a Dedicated FPGA with dedicated Memory.

39
Q
A
40
Q

Firewall Zones:

A

o Security zones are logical way to group physical and virtual interfaces on the Firewall.
o Security Zones is used to control and log the traffic that traverses specific interfaces.
o Interface on Firewall must be assigned to security zone before interface process traffic.
o Zone can have multiple interfaces of same type, but interface belong to only one zone.
o Palo Alto Firewalls zone names have no predefined meaning or policy associations.
o Palo Alto Firewalls rely on concept of security zones in order to apply security policies.
o It means that Security Policies (Firewall Rules) are applied to zones & not to interfaces.
o This zone feature is similar to Cisco’s Zone-Based Firewall supported by IOS Routers.
o Policy rules on Firewall use zones to identify where traffic comes from & where going.
o Traffic can flow freely within a zone, but traffic cannot flow between different zones.
o Traffic between different zones can’t flow until define Security policy rule that allows it.
o Creating a security zone in the Palo Alto Networks NG Firewalls involves three steps.
o Specify the Zone Name, Select the Zone Type and Assign the Interface to the given Zone.