Firewalls Flashcards
Firewalls can stop hackers from breaking into your system
true
Firewalls can stop internet traffic that appears to be from a legitimate source
false
Firewalls can stop viruses and worms that spread through the internet
true
Firewalls can stop spyware being put on your system
false
Firewalls can stop viruses and worms that are spread through email
false
Lists the types of traffic authorized to pass through the firewall
Firewall access policy
________ is developed from the organization’s information security risk assessment and policy, and a broad specification of which traffic types the organization needs to support
Firewall access policy
Firewalls cannot protect when
____ or ____
Traffic that does not cross it (routing around, internal traffic)
when misconfigured
Malware can disable:
A) Software Firewalls
B) Hardware Firewalls
C) Antivirus checkers
A & C
Firewalls can stop/control
A) Pings
B) Packet sniffing
C) Outbound network traffic
A & C
This type of firewall filtering makes decisions on a packet-by-packet basis
Packet Filtering (no state information is saved)
________ is the simplest and most efficient type of firewall filtering
Packet Filtering
What are packet filtering rules based on?
Information contained in the network packet
- Source IP
- Destination IP
- Source & Dest transport level address
- IP protocol field
- interface
What are the 2 default policies of firewall packet filtering?
Discard (prohibit unless explicitly allowed)
Forward (permit unless explicitly forbidden) -> easier to manage, but less secure
What are the advantages of a Packet Filtering firewall?
- Simplicity
* Typically transparent to users and very fast
What are the disadvantages of a Packet Filtering firewall?
- Cannot protect against attacks that use application specific vulnerabilities
- Limited logging functionality
- Vulnerable to attacks and exploits that take advantage of TCP/IP
- Susceptible to security breaches caused by improper configuration
Packet filtering countermeasure:
_____ discard packets with an inside source address if the packet arrives on an external interface
IP Address spoofing countermeasure
Packet filtering countermeasure:
____ discard all packets in which the source destination specifies the route
Source routing attacks countermeasure
Packet filtering countermeasure:
_____ enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header
Tiny fragment attack countermeasure
Packet Filtering
In order for a fragmented packet to be successfully reassembled at the destination, each fragment must obey the following rules:
A) Must not share a common fragment identification number
B) Each fragment must say what place or offset is in the original unfragmented packet
C) Each fragment must tell the length of the data carried in the fragment
D) The fragment does not need to know whether more fragments follow this one
B & C
a _______ firewall uses a connection state table
stateful inspection firewall
______ acts as a relay of application level traffic (basically a man or system in the middle)
Application-level gateway (or application proxy)
Application level gateways tend to be more secure than packet filters
true
Application level gateways may restrict application features supported
true
An Application level gateway can generically filter traffic for any application
False; must have proxy code for specific applications
A packet filtering firewall is typically configured to filter packets going in both directions
true
A prime disadvantage of an application-level gateway is the additional processing overhead on each connection
true
A packet filtering firewall can decide if the current packet is allowed based on another packet it has just examined
false
A stateful inspection firewall needs to keep track of information of an active connection in order to decide on the current packet
true
A _______ serves as a platform for an application-level gateway, and is a system identified as a critical strong point in the network’s securty
bastion host
__________ firewalls are used to secure an individual host
host based firewalls
The primary role of a personal firewall is to ___________
deny unauthorized remote access
______ hides the system from the internet by dropping unsolicited communication packets
stealth mode
A company has a conventional firewall in place on its network. Which (if any) of these situations requires an additional personal firewall:
A) An employee uses a laptop on the company network and at home
B) An employee uses a desktop on the company network to access websites worldwide
C) A remote employee uses a desktop to create a VPN on the company’s secure network
D) None of the above, in each case the employee’s computer is protected by the company firewall
A & C
Typically the systems in the _____ require or foster external connectivity such as the corporate web site, an e-mail server, or a DNS server
A) DMZ
B) IP protocol field
C) boundary firewall
D) VPN
A) DMZ
A _______ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control
A) packet filtering firewall
B) distributed firewall
C) Boundary firewall
D) VPN
B) distributed firewall
