Firewalls

Question 1

What is a firewall?

Answer 1

A combination of hardware and
software components that controls the flow of
traffic from one network to another

Question 2

Where is a firewall normally placed?

Answer 2

In between a internal office network and an external public network such as the Internet

Question 3

What is a firewall normally used for?

Answer 3

• Used to protect an internal
  network from the Internet
• A firewall can also filter traffic
  between any two networks

Question 4

How does a firewall work?

Answer 4

-All traffic must pass through the firewall
– Traffic can be restricted in almost any way
– This is more efficient than filtering traffic on each
client in the network
-Firewalls can be used to enforce security policies

Question 5

Why is a firewall a logical place to log network activity?

Answer 5

All traffic passes through the firewall so it is the
logical place to capture information about
network use (and abuse)

Question 6

How do firewalls limit security exposure?

Answer 6

– Firewalls are the single point of contact between
the internal and external networks
– People on external networks can only see
computers and services approved by
administrators

Question 7

What does a firewall not do?

Answer 7

• Can’t protect from malicious insiders
  -A firewall can’t protect against traffic that doesn’t go
  through it
  -Firewalls can’t protect against completely new threats

Question 8

Depending on the architecture, what 2 or 3 tasks will a firewall perform?

Answer 8

– Packet filtering
– Proxying
– Application layer filtering (e.g. anti-virus and antispam filtering)

Question 9

What is packet filtering?

Answer 9

The process of examining incoming and outgoing packets to determine which are allowed to pass, and which will be blocked

Question 10

What is proxying?

Answer 10

Use of an intermediary service to carry out authorized tasks

Question 11

What are the three most common firewall architectures

Answer 11

– Dual homed host
– Screened host
– Screened subnet

Question 12

What is dual homed host?

Answer 12

A dual homed host is a computer with two network connections (two home addresses)
– One IP address for network connection to the
internal network
– One IP address for network connection to the
external network

Question 13

How does dual homed host work?

Answer 13

• Computers on the internal network that want to send traffic to external network send it to the dual homed host.
• Dual homed host can then perform packet filtering before forwarding traffic
• Dual homed host performs NAT on internal network IP addresses

Question 14

What is a flaw with dual homed host?

Answer 14

-Dual homed host is on both networks
- Dual homed host is a single point of failure - there
is no depth of defence

Question 15

How does a screen host work?

Answer 15

• The services of the external network are provided by a host on the internal network by proxying
• Routing is performed separately by a dedicated routing device such as a router

Question 16

What can a router on a screen host allow to happen?

Answer 16

Allow other devices other than the firewall screen host connect to certain sites such as accounting site.

Question 17

Why is a screen host generally more secure than a dual homed host?

Answer 17

Because the primary point of contact with the external network is a router not a host, and routers tend to be more difficult to compromise than hosts

Question 18

How does a screened subnet work?

Answer 18

The firewall host is place between an internal router and an external router