Firewalls and NAT Flashcards
Firewall
A device that monitors and filters incoming and outgoing network traffic based on established security policies
Firewall Objectives
Service control
Behavior control
User/machine control
Service Control
What services can be accessed (in or outbound)
Behavior control
How services are accessed (e.g. spam filtering)
User/machine control
Controls access to services on a per-user/machine level
Default deny (aka blocklist)
Denylist that specifies connectivity that is explicitly disallowed
Less secure, but allows functionality
Default accept
Specifies connectivity that is explicitly allowed
More secure, but may break functionality
First Match Approach
Policies are evaluated until the packet matches a rule
Best Match Approach
Apply the “most specific” matching rule
Stateless
Each packet considered in isolation
Stateful
Allows historical context consideration
Stateless (Pro and Cons)
Pro: much faster processing
Con:
1) more complex rule specification
2) less secure
Stateful (Pros and Cons)
Pro:
1) more simple rule specification
2) more secure
Con: slower processing
De-Militarized Zone (DMZ)
A physical or logical subnetwork that contains and exposes an organization’s external-facing service to an untrusted, usually larger, network such as the Internet
Honeypots
Decoy systems to lure potential attackers
1) divert attackers from critical systems
2) collect information about attacker’s activity
3) delay attacker for enough time to respond
Honeypot (Outside Firewall)
Can detect an attempted connection to unused IP addresses
Honeypot (Inside Firewall)
Catches internal attacks that detect firewall misconfigurations/vulnerabilities
