Firewalls Flashcards
The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.
(T/F)
True
A firewall can serve as the platform for IPSec..(T/F)
True
A packet filtering firewall is typically configured to filter packets going in both directions. (T/F)
True
A prime disadvantage of an application-level gateway is the additional processing overhead on each connection. (T/F)
True
A DMZ is one of the internal firewalls protecting the bulk of the enterprise network. (T/F)
False
The _______ defines the transport protocol.
IP protocol field
A _________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.
circuit-level
Typically the systems in the ________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.
DMZ
A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control.
distributed firewall
The ________ attack is designed to circumvent filtering rules that depend on TCP header information.
tiny fragment
Firewall design goals
All traffic from inside to outside and vice versa must pass through firewall.
Only authorized traffic as defined by local security policy will be allowed to pass
The firewall itself is immune to penetration. (use hardened system)
Critical component to planning/implementation of firewall
suitable access policy: lists traffic authoried to pass through firewall
Type of traffic
address ranges
protocols
applications
content
Firewall characteristics
IP Address and Protocol Values
Application Protocol
User Identity
Network Activity
Firewall Capabilities
Firewall defines a single choke point that attempts to keep unauthorized user out of the protected network, prohibit potentially vulnerable services from entering/leaving network, and provide protection from IP spoofing and routing attacks
Provides location for monitoring security related events
Platform for internet functions not related to security
Platform for IPSec (implement virtual private networks)
Gives insight into traffic
mix via logging
Network Address Translation
Encryption
Firewall Limitations
Firewalls cannot protect…
- -Traffic that does not cross it
- —–Routing around
- —–Internal traffic
- -When misconfigured
Can’t protect against attacks that bypass the firewall (internal systems with dial out or mobile broadband, or dial in)
Can’t fully protect against internal threats
Improperly secured wireless LAN accessible from outside
Laptop, PDA, portable storage device may be infected outside the network and then attached internally
Types of Firewalls
Packet filtering
Stateful inspection
Application proxy/Application Level Gateway
Circuit level firewall/gateway/proxy
Packet Filtering Firewall
Rules applied to incoming/outgoing IP packets.