Firewalls 2.1

Question 1

How do Firewalls work?

Answer 1

Everything passes through the firewall. Can control inappropriate content. Protects against viruses and malware. They establish security policies through the following mechanisms.

Network Address Translation (NAT)
Basic packet filtering
Stateful packet filtering 
Access Control Lists (ACL)
Application layer proxies

Question 2

Network-based Firewalls

Answer 2

Filters traffic by port numbers and IP addresses. (OSI layer 4, TCP/UDP)
Can encrypt traffic into/out of the network. Can proxy traffic. Most firewalls can be layer 3 devices (routers).

Question 3

Stateless Firewall

Answer 3

Does not keep track of traffic flow. Each packet is individually examined regardless of past history. If traffic is sent outside to an active session, the traffic returning from said location will still be examined. Must have rules for send and receive.

Question 4

Statefull Firewall

Answer 4

Remembers the “state” of the session. Everything within a valid flow is allowed. If a rule is created to a destination, there is no need to create a receive rule from said destination so long as it within the same traffic flow.

Question 5

Access Control List (ACL)

Answer 5

These are the firewall rules. They allow or disallow traffic based on tuples or security policies. Tuples are a grouping of categories; source IP, destination IP, port number, time of day, application, etc.

Question 6

Application-based Firewalls

Answer 6

Application based firewalls can filter through OSI layer 7 which is the Application Layer. They can analyze traffic at a much deeper level examining the application characteristics of traffic. They can block parts of an application, yet allow other parts through giving them much greater specificity than network-based firewalls.