Firewalls Flashcards
What is the primary function of a firewall?
Screen traffic between two portions of a network.
What are the three types of firewall?
Software
Hardware
Embedded
What is a software firewall?
It’s a software based firewall that’s run on a host or a server.
What is a hardware firewall?
A stand alone device installed into the network.
What is an embedded firewall?
It works as a single function on a single device. It’s one piece of a device that has many different functions. It is built into a router or a unified threat management device.
What are the different firewall methods?
Packet Filtering MAC Filtering NAT Filtering Application-layer gateways Circuit-level gateways Web Application Firewall
What is packet filtering?
What are the two types?
Inspection of each packet passing through. The firewall accepts or rejects based on the firewall rules.
Stateless and Stateful
What is the difference between stateless and stateful packet filtering?
Stateless: Accepts/rejects specifically based on firewall rules.
Stateful: Tracks requests that leave through the firewall, and then temporarily opens a port for the return traffic. It inspects the header of each packet received to verify its coming in for the tracked request.
What is MAC filtering?
Filters outbound traffic based on MAC address
What is NAT filtering?
Filters traffic based on ip/port used and TCP or UDP.
What is application-layer gateway firewall?
An in-depth packet inspection that determines the application the packet is intended for. Resource intensive. Known as a layer 7 firewall because it operates at the application layer.
What is a circuit-level gateway firewall?
Applies security checks when a TCP or UPD session establishment. Once its cleared at session establishment, it no longer checks packets. Operates at the session layer.
Explain the differences between Explicit Allow, Explicit Deny, and Implicit Deny.
Explicit Allow: Whitelist - If you’re on the list, you may pass.
Explicit Deny: Blacklist - If you’re on the list, you may not pass.
Implicit Deny: Anything that does not have a rule, is denied.
What is a Web Application Firewall (WAF)?
Firewall installed to protect a server by inspecting traffic sent to/from a web application.
Note: WAF is excellent at preventing XXS or SQL injections.