Firewalls Flashcards
Firewalls can stop hackers from breaking into your system
true
Firewalls can stop internet traffic that appears to be from a legitimate source
false
Firewalls can stop viruses and worms that spread through the internet
true
Firewalls can stop spyware being put on your system
false
Firewalls can stop viruses and worms that are spread through email
false
Lists the types of traffic authorized to pass through the firewall
Firewall access policy
________ is developed from the organization’s information security risk assessment and policy, and a broad specification of which traffic types the organization needs to support
Firewall access policy
Firewalls cannot protect when
____ or ____
Traffic that does not cross it (routing around, internal traffic)
when misconfigured
Malware can disable:
A) Software Firewalls
B) Hardware Firewalls
C) Antivirus checkers
A & C
Firewalls can stop/control
A) Pings
B) Packet sniffing
C) Outbound network traffic
A & C
This type of firewall filtering makes decisions on a packet-by-packet basis
Packet Filtering (no state information is saved)
________ is the simplest and most efficient type of firewall filtering
Packet Filtering
What are packet filtering rules based on?
Information contained in the network packet
- Source IP
- Destination IP
- Source & Dest transport level address
- IP protocol field
- interface
What are the 2 default policies of firewall packet filtering?
Discard (prohibit unless explicitly allowed)
Forward (permit unless explicitly forbidden) -> easier to manage, but less secure
What are the advantages of a Packet Filtering firewall?
- Simplicity
* Typically transparent to users and very fast
What are the disadvantages of a Packet Filtering firewall?
- Cannot protect against attacks that use application specific vulnerabilities
- Limited logging functionality
- Vulnerable to attacks and exploits that take advantage of TCP/IP
- Susceptible to security breaches caused by improper configuration
Packet filtering countermeasure:
_____ discard packets with an inside source address if the packet arrives on an external interface
IP Address spoofing countermeasure
Packet filtering countermeasure:
____ discard all packets in which the source destination specifies the route
Source routing attacks countermeasure
Packet filtering countermeasure:
_____ enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header
Tiny fragment attack countermeasure
Packet Filtering
In order for a fragmented packet to be successfully reassembled at the destination, each fragment must obey the following rules:
A) Must not share a common fragment identification number
B) Each fragment must say what place or offset is in the original unfragmented packet
C) Each fragment must tell the length of the data carried in the fragment
D) The fragment does not need to know whether more fragments follow this one
B & C
a _______ firewall uses a connection state table
stateful inspection firewall
______ acts as a relay of application level traffic (basically a man or system in the middle)
Application-level gateway (or application proxy)
Application level gateways tend to be more secure than packet filters
true
Application level gateways may restrict application features supported
true
