WAF

Question 1

Firewalls in general

What happens in a layer 4 firewall?

Answer 1

Every request and response is distinct, only cares about IP addresses and ports

Question 2

Firewalls in general

What happens in a layer 5 firewall?

Answer 2

Requests and responses are combined by keeping session information

Question 3

Firewalls in general

Why is a layer 5 firewall better than 3 or 4?

Answer 3

More contextual security, less admin overhead

Question 4

Firewalls in general

What happens in a layer 7 firewall?

Answer 4

Requests and responses are combined by keeping session information, understands HTTP

Question 5

Firewalls in general

What can only a layer 7 firewall guard against?

important

Answer 5

Protocol-specific attacks, like XSS maybe

Question 6

Firewalls in general

Do layer 7 firewalls break SSL?

Answer 6

Yes. Firewall is the SSL term, device can deep-inspect HTTP protocol

Question 7

Firewalls in general

What 4 things can a layer 7 firewall do with content it sees?

important

Answer 7

Inspect it (logging), block it (reject request), replace it (redact on way out), tag it (spam)

Question 8

Firewalls in general

What other layer 7 protocol can firewalls understand other than HTTP?

Answer 8

SMTP (intelligent email handling)