Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IMT4125 Network Security > Session 2: Firewalling > Flashcards

Session 2: Firewalling Flashcards

1
Q

What is the simplest form of firewalling that is also the most limited?

A

Packet filtering with very limited functionality. Typically the simpler firewalls look at the kind of transport layer protocol used. One example of packet filtering is to disallow UDP datagrams

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where should packet filtering be implemented and why?

A

At logical boundaries of network, with the intention to keep rough malicious traffic like spoofing out. For this, a simple basic header inspection is sufficient. Furthermore, if implemented correctly, this does not slow down the network interface. For this speed reason, packet filtering is still usually implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name the two types of packet filtering methods, and also what these filters defend against.

A

Ingress (inbound) and egress (outbound) filtering. Ingress filtering protects against spoofing, protects vulnerable services from being contacted, and can help against DoS attacks. Egress filtering can be used as spoofing protection, and protect against unauthorized use of services like mail gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name a few weaknesses with packet filtering.

A

Naïve implementation of sequential rules (essentially a Boolean
expression) is computationally expensive and results in latency issues.

Adding and removing rules normally requires general re-configuration
to ensure consistent semantics, resulting in losses and interruptions.

Hardware acceleration is typically limited by number and complexity
of filters implemented — exceptions can result in substantial
performance variations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are bloom filters?

A

Structures that allow parallelization. Bloom filters are hash tables which operate in constant time, but can crash. Logical operations can also be implemented on bloom filters. In essence, a bloom filter can be used to look for certain signatures. For a given input, a bloom filter will either return a probability of the input matching known signatures, or state for a fact that there is no match between the input and the signatures looked of in the filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some of the basic upgrades in stateful filtering compared to stateless filtering?

A

It can verify whether or not an ICMP reply actually matches an earlier request
Stateful filtering can also keep track of UDP-based protocols
Since some TCP and UDP based protocols will also have different ports active, stateful filtering also knows which applications packets on these ports come from

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Application level gateways (ALGWs) have access to the full layer 7 protocol semantics. What are some of the negatives with this?

A
  • Effectively serve as a man in the middle
  • It is powerful at detecting abnormal or malicious activity, but is computationally expensive and may lead to violations of protocol semantics.
  • Breaks end-to-end security, as it has to inspect the whole packet, not just the header
  • May also be susceptible to DoS attacks if state is retained or protocols must be decoded
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some of the limitations of filtering?

A
  • Most of these approaches seek to limit inbound connections and match response traffic, but will not restrict many types of traffic.
  • Some protocols can be proxied, or force the use of gateway systems
  • Protocols such as HTTP are rarely limited
  • For example Javascript code like mouse-over actions are not blocked, since outbound connection is initiated by visiting the website
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Deep packet inspection (DPI) is a derivative of stateful packet filtering. Name some of the positives of DPI.

A
  • Has applications beyond straightforward network security
  • Seeks to provide similar application-level insights as ALGWs, but by only inspecting packet payload and headers
  • This allows searches for various criteria including protocol non-compliance, malware, intrusions or other patterns
  • Signatures can also span multiple packets, which an provide some features between layers 3 and 7
  • Can also be used to filter arbitrary content (parental filtering, censorship)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name some of the problems in DPI implementations.

A
  • Multiple patterns must be matched in parallel
  • Searches may therefore be for finite or infinite pattern sets
  • For examples where patterns are not fully known, wildcards may be used to reduce number of errors or noise
  • Multiple wildcards can quickly make algorithms problematic in complexity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IMT4125 Network Security (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions