Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

05 - Computer Security > Network Secur Architectures > Flashcards

Network Secur Architectures Flashcards

1
Q

What are firewalls?

A

Network access control system that verifies all the packets flowing through it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the main functions of firewall?

A

IP packet filtering

Network address translation (NAT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the relationship between security policies and firewall rules?

A

A firewall is a stupid bouncer at the door, it just applied rules, therefore, bad rules means no protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are firewalls classified?

A

They are classified based on their packets inspection capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different firewall types?

A

Network layer firewalls, and application layer firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is packet filtering ?

A

Packet filters are a type of firewall technology used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on predetermined security rules. These rules are typically based on the packet’s source and destination IP addresses, ports, and the protocol being used. Packet filtering can be implemented on routers, switches, or dedicated firewall devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the packet filtering rules and what are their components

A

Rules for packet filtering are typically written using Access Control Lists (ACLs). These lists contain a series of statements or rules that define the criteria for allowing or blocking network traffic.

Components of a Packet Filtering Rule

1.	Source IP Address: Specifies the IP address of the origin of the packet. This can be a single IP address, a range of addresses, or a subnet.
2.	Destination IP Address: Specifies the IP address of the destination of the packet. Similar to the source IP, it can be a single address, range, or subnet.
3.	Source Port: Specifies the port number from which the packet is sent. This is relevant for TCP and UDP protocols.
4.	Destination Port: Specifies the port number to which the packet is destined. This helps in filtering traffic based on services (e.g., HTTP, FTP).
5.	Protocol: Specifies the protocol type, such as TCP, UDP, or ICMP.
6.	Action: Defines what action to take if the packet matches the rule. Common actions are “allow” (permit) or “deny” (block).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is the command for the iptables Syntax packet filtering made

A

On Linux systems using iptables, rules are defined differently:

iptables -A INPUT -p tcp –dport 80 -s 0.0.0.0/0 -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -j DROP

•	-A INPUT appends the rule to the INPUT chain.
•	-p tcp specifies the protocol (TCP).
•	--dport 80 specifies the destination port (80).
•	-s 0.0.0.0/0 specifies any source IP address.
•	-d 192.168.1.0/24 specifies the destination subnet.
•	-j ACCEPT allows matching packets.
•	-j DROP drops all other packets.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are state full packet filters?

A

Stateful packet filtering, also known as stateful inspection or dynamic packet filtering, is a more advanced method of network traffic management compared to traditional stateless packet filtering. It tracks the state of active connections and makes decisions based on the context of the traffic, rather than just the individual packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the functionalities of a state full package filter?

A

Include network packet filters, plus:
- keep track of the TCP state machine
- We can track connections without adding a response rule
- make deny rule safer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

See the picture 7 in the Comp Sec album.

Define rules to allow access to internet statically

A

See the picture 7S in the Comp Sec album

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

See the picture 7 in the Comp Sec album

Create a rule to allow incoming connection to the WS on port 80 dynamically

A

See the picture 8S in the Comp Sec album

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How Stateful Packet Filtering Works?

A
  1. Initial Connection Setup: When a new connection attempt is made, the firewall inspects the initial packets (e.g., TCP SYN packet) and checks it against its security rules.
  2. State Table Entry: If the initial packet is allowed, an entry is created in the state table. This entry contains information about the connection, including IP addresses, port numbers, and the state of the connection.
  3. Subsequent Packets: For subsequent packets in the same connection, the firewall refers to the state table to determine if they are part of an established connection. If they match an entry in the state table, they are allowed through.
  4. Connection Termination: When a connection is terminated (e.g., TCP FIN packet), the firewall removes the corresponding entry from the state table.
  5. Timeouts and Cleanup: To handle connections that are not properly terminated, stateful firewalls often include timeout mechanisms to remove stale entries from the state table.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the disadvantages of a dynamic packet filter?

A

Performance bounded on a per-connection basis, not on a per-packet basis.
● The number of simultaneous connections are just as important as packets per second.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is session handling?

A

A session is an atomic, transport-layer
exchange of application data between 2 hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the main protocols responsible for session handling

A

Main transport protocols:
● TCP (Transmission Control Protocol) ○ session =~ TCP connection
● UDP (User Datagram Protocol)
○ session = this concept does not exist

17
Q

What is a NAT session handling using TCP

A

Key Concepts

  1. State Table: The stateful firewall maintains a state table that keeps track of all active connections, including the source and destination IP addresses and port numbers, the connection state (e.g., established, initiating), and the NAT mappings.
  2. NAT Table: This table maps private IP addresses and port numbers to public IP addresses and port numbers. The mapping ensures that return traffic can be correctly directed back to the originating internal host.
18
Q

How does a NAR session initialization occurs using TCP?

A
  1. Initial TCP Connection Setup• Outgoing Request: When a device on the internal network initiates a TCP connection (e.g., to a web server), it sends a TCP SYN packet to the destination IP address and port.
    • State and NAT Table Update:
    • The stateful firewall records the connection details in the state table, marking the connection as initiating.
    • The firewall also creates a NAT entry, mapping the internal IP address and port to an external IP address and port (if using Port Address Translation, or PAT).
  2. Forwarding the SYN Packet• The firewall modifies the source IP address and port of the outgoing packet to the assigned public IP address and port.
    • The modified packet is then forwarded to the external server.
  3. Receiving the SYN-ACK Response• Incoming Response: The external server responds with a SYN-ACK packet, addressing it to the public IP address and port assigned by the firewall.
    • State and NAT Table Lookup:
    • The firewall receives the SYN-ACK packet and checks the NAT table to find the corresponding internal IP address and port.
    • It also verifies the connection state in the state table to ensure the SYN-ACK is part of an ongoing connection.
  4. Forwarding the SYN-ACK Packet• The firewall modifies the destination IP address and port of the incoming SYN-ACK packet to the internal device’s IP address and port.
    • The modified packet is then forwarded to the internal device.
19
Q

How does a NAT initialization occurs using UDP

A
  1. Creating NAT Entries: When a UDP packet from an internal host (e.g., 192.168.1.2:12345) is sent to an external server (e.g., 8.8.8.8:53 for DNS), the NAT device creates a mapping entry. This entry typically includes:
    • Internal IP and port (192.168.1.2:12345)
    • External IP and port (8.8.8.8:53)
    • Translated IP and port (e.g., 203.0.113.5:54321)
  2. Maintaining State: The firewall maintains a state table entry for the UDP “session.” This entry records the source and destination addresses and ports and the translation details.
  3. Timeout Mechanism: Since UDP does not have built-in mechanisms to indicate the end of a session, stateful firewalls use timeout values to manage UDP state entries. If no packets are seen for a certain period, the session is considered inactive, and the state table entry is removed.
    • Default UDP timeout values vary by device but are typically shorter than TCP timeouts (e.g., 30 seconds to a few minutes).
  4. Handling Response Packets: When a response packet arrives from the external server (e.g., 8.8.8.8:53 to 203.0.113.5:54321), the firewall checks the state table. If a matching entry exists, it translates the destination address and port back to the internal address and port (e.g., 192.168.1.2:12345) and forwards the packet to the internal host.

05 - Computer Security (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions