Lesson 10 - Implementing Network Security Appliances Flashcards
Packet Filtering
A type of firewall that does not preserve information about the connection between two hosts. Often used to describe packet-filtering firewalls.
Stateless Firewall
A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.
Stateful Inspection Firewall
Stateful inspection can occur at two layers: transport (layer 4) and application (layer 7).
Information about sessions between hosts that is gathered by a stateful firewall.
State Table
A Layer 7 firewall technology that inspects packets at the Application layer of the OSI model.
Application Aware Firewall
a command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall
iptables
A stateful rule that allows any traffic that is part of an established or related session.
ctstate rule
A standalone hardware device that performs only the function of a firewall, which is embedded into the appliance’s firmware.
Appliance Firewall
Routed (layer 3)—the firewall performs forwarding between subnets. Each interface on the firewall connects to a different subnet and represents a different security zone.
Bridged (layer 2)—the firewall inspects traffic passing between two nodes, such as a router and a switch. This is also referred to as transparent mode. The firewall does not have an IP interface (except for configuration management). It bridges the Ethernet interfaces between the two nodes. Despite performing forwarding at layer 2, the firewall can still inspect and filter traffic on the basis of the full range of packet headers. The typical use case for a transparent firewall is to deploy it without having to reconfigure subnets and reassign IP addresses on other devices.
A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware
Router Firewall
A software application running on a single host and designed to protect only that host.
Host-based firewall (or personal firewall)
Software designed to run on a server to protect a particular application such as a web server or SQL server.
Application firewall
A software-based firewall running on a network server OS, such as Windows or Linux, so that the server can function as a gateway or proxy for a network segment.
Network operating system (NOS) firewall
A server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance.
Proxy Server
A forward proxy provides for protocol-specific outbound traffic. For example, you might deploy a web proxy that enables client computers on the LAN to connect to websites and secure websites on the Internet. This is a forward proxy that services TCP ports 80 and 443 for outbound traffic.
Forward Proxy Servers
A feature of many proxy servers that enables the servers to retain a copy of frequently requested web pages.
caching engines
A server that redirects requests and responses for clients configured with the proxy address and port.
non-transparent proxy
A non-transparent proxy means that the client must be configured with the proxy server address and port number to use it. The port on which the proxy server accepts client connections is often configured as port 8080.
A server that redirects requests and responses without the client being explicitly configured to use it. Also referred to as a forced or intercepting proxy.
transparent (or forced or intercepting) proxy
A transparent (or forced or intercepting) proxy intercepts client traffic without the client having to be reconfigured. A transparent proxy must be implemented on a switch or router or other inline network appliance.
A type of proxy server that protects servers from direct contact with client requests.
reverse proxy
A reverse proxy server provides for protocol-specific inbound traffic.
A basic principle of security stating that unless something has explicitly been granted access, it should be denied access.
Implicit Deny
A routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.
Network Address Translation (NAT)
10.0.0.0 to 10.255.255.255 (Class A private address range).
172.16.0.0 to 172.31.255.255 (Class B private address range).
192.168.0.0 to 192.168.255.255 (Class C private address range).
Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications.
Overloaded NAT/Network Address Port Translation (NAPT)/Port Address Translation (PAT)
A process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN.
Destination NAT/port forwarding