Firewalls and Tunnels

Question 1

What is the purpose of a firewall?

Answer 1

To filter network traffic based on predefined policies, separating trusted and untrusted networks.

Question 2

What are the two main firewall strategies?

Answer 2

Default-deny: Block all traffic unless explicitly allowed.
Default-allow: Allow all traffic except what is explicitly blocked.

Question 3

Name three reasons why firewalls are necessary.

Answer 3

1. Prevent unauthorized access to vulnerable services.
2. Control outgoing traffic and data exfiltration.
3. Log network activity for troubleshooting and forensics.

Question 4

What is stateless filtering?

Answer 4

Filtering packets based on static rules without maintaining connection state.

Question 5

How do stateful firewalls work?

Answer 5

They track the state of active connections and make decisions based on the context of packets in a session.

Question 6

What are application-level firewalls?

Answer 6

Firewalls that filter traffic specific to applications, such as HTTP-level filtering for URLs or ads.

Question 7

What is a host-based firewall?

Answer 7

A firewall installed on individual devices to protect them from local threats or unauthorized access.

Question 8

Why might a firewall need dynamic updates?

Answer 8

To respond to ongoing threats like DDoS attacks or handle protocols with dynamically negotiated ports.

Question 9

What are the limitations of stateless firewalls?

Answer 9

They cannot track connection states, making them ineffective for dynamic or fragmented traffic.

Question 10

What does ACK scanning reveal about firewalls?

Answer 10

It can determine if a stateless firewall is in use by observing the response to out-of-sync ACK packets.

Question 11

What does Network Address Translation (NAT) do?

Answer 11

Remaps private IP addresses to a single public IP address for internet access, effectively acting as a default firewall.

Question 12

How does NAT differ from stateful firewalls?

Answer 12

NAT modifies packet headers for address translation but does not fully track higher-layer states like stateful firewalls.

Question 13

What does a Virtual Private Network (VPN) do?

Answer 13

Creates encrypted tunnels over untrusted networks to securely connect remote hosts to private networks.

Question 14

Name three common VPN technologies.

Answer 14

1. PPTP: Layer 2, now considered insecure.
2. IPsec: Layer 3, OS-level support, transparent to applications.
3. SSL: Application-layer, used by OpenVPN.

Question 15

What are the risks of using third-party VPN services?

Answer 15

They can monitor traffic, monetize user data, and are subject to local laws.

Question 16

What are the functions of proxies?

Answer 16

Intermediate “stepping stones” for filtering traffic.
Used for HTTP caching, reverse proxies, and transcoding.

Question 17

What is a SOCKS proxy?

Answer 17

A protocol for generic packet forwarding, supporting multiple application types like HTTP, FTP, and SMTP.

Question 18

What is port forwarding, and how is it used?

Answer 18

Redirecting traffic from one port to another, often to bypass firewalls or allow external access to internal services.

Question 19

What is the key principle of Zero Trust architecture?

Answer 19

“Never trust, always verify”—treating all users, devices, and networks as potentially compromised.

Question 20

Name three principles of Zero Trust architecture.

Answer 20

1. Continuous authentication and authorization.
2. Micro-segmentation to prevent lateral movement.
3. Encrypted communication for all traffic.

Question 21

What is BeyondCorp?

Answer 21

Google’s implementation of Zero Trust, shifting access control from the network perimeter to individual users.

Question 22

What is the purpose of the iptables command?

Answer 22

To configure host-based firewalls by defining rules for incoming and outgoing traffic.

Question 23

What does this command do?
iptables -A INPUT -p tcp –dport 22 -j ACCEPT

Answer 23

Allows incoming TCP traffic on port 22 (SSH).

Question 24

Why are traditional firewalls less effective in modern environments?

Answer 24

Internal devices can still be compromised, and BYOD/work-from-anywhere scenarios blur network boundaries.

Question 25

What is an alternative to relying on network firewalls?

Answer 25

Treat internal networks as untrusted and focus on securing individual users and devices.