Firewall

Question 1

What is the range of characteristics that a firewall access policy could use to filter traffic?

Answer 1

IP Address and Protocol Values
Application Protocol
User Identity
Network Activity

Question 2

Controls access based on the source or destination addresses and port numbers, direction flow being inbound or outbound, and other network and transport layer characteristics.

Answer 2

IP Address and Protocol Values

Question 3

Controls access based on the basis of authorized application protocol data. e.g., checking SMTP email for spam, or HTPP web requests to authorized sites only.

Answer 3

Application Protocol

Question 4

Controls access based on the users identity, typically for inside suers who identify themselves using some form of secure authentication technology, such IPSec.

Answer 4

User Identity

Question 5

Controls access based on consideration such as the time or request, e.g., only in business hours; rate of requests, e.g., to detect scanning attempts; or other activity patterns.

Answer 5

Network Activity

Question 6

A _____ ______ _____ applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

Answer 6

packet filtering firewall.

Question 7

The IP address of the system that originated the IP packet.

Answer 7

Source IP address

Question 8

The IP address of the system the IP packet is trying to reach.

Answer 8

Destination IP address

Question 9

The transport-level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET.

Answer 9

Source and destination transport-level address

Question 10

Defines the transport protocol

Answer 10

IP protocol field

Question 11

For a firewall with three or more ports, which interface of the firewall the packet came from or which interface of the firewall the packet is destined for.

Answer 11

Interface

Question 12

In a packet filtering firewall, if there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is no match to any rule, then a default action is taken. Two default policies are possible?

Answer 12

Default = discard: That which is not expressly permitted is prohibited. 
Default = forward: That which is not expressly prohibited is permitted.

Question 13

What are the different kinds of firewalls?

Answer 13

General Model
Packet filtering firewall
Stageful inspection firewall
Application proxy firewall 
Circuit-level proxy firewall

Question 14

Packet filtering firewall are filtered using what rules?

Answer 14

Source IP address
Destination IP address
Source and destination transport-level address
Interface

Question 15

What are the advantage of Packet Filter Firewall?

Answer 15

Simplicity

Typically transparent to users and are very fast

Question 16

What are the weaknesses of Packet Filter Firewall?

Answer 16

Cannot prevent attacks that employ application specific vulnerabilities or functions
Limited logging functionality
Do not support advanced user authentication
Vulnerable to attacks on TCP/IP protocol bugs
Improper configuration can lead to breaches

Question 17

System identified as a critical strong point in the networks security.

Serves as a platform for an application-level or circuit-level gateway

Answer 17

Bastion Hosts

Question 18

Used to secure an individual host
Available in operating systems or can be provided as an add-on package
Filter and restrict packet flows
Common location is a server

Answer 18

Host-Based Firewalls

Question 19

What are the advantage so Host-Based Firewall.

Answer 19

Filtering rules can be tailored to the host environment
Protection is provided independent of topology
Provides an additional layer of protection

Question 20

Is and extension of an IDS that includes the capability to attempt to block or prevent detected malicious activity.
Can be host-based, network-based, or distributed/hybrid
Can use anomaly detection to identify behavior that is not that of legitimate users, or signature/heuristic detection to identify known malicious behavior can block traffic as a firewall does but makes use of the types of algorithms developed for IDSs to determine when to do so.

Answer 20

Intrusion Prevention Systems