11. Network security: firewalls Flashcards
What is a firewall?
Controls incoming and outgoing traffic between a trusted internal network and an untrusted external network
What are firewall policies?
Set of rules a firewall to allow/deny traffic
What are blacklists?
Allow by default
What are whitelists?
Deny by default
What are stalest packet filters?
Permits or deny packets in isolation based on the packets header
How do stateful firewalls work?
Maintains a table of each active connection so it can determine if packets are part of legitimate sessions originating from within the trusted network
What is a port scan?
Attacker scans all ports of an IP, looking for applications listening
How does a stateful firewall detect port scans?
Since it maintains a table of connections it can detect a single IP trying to contact many ports
What is an application layer firewall/proxy?
Screens information at the application later e.g. blocking web traffic containing certain words and preventing credit card numbers leaving a database
What does NAT stand for?
Network address translation
Why do we need NAT
Only 4.3 billion IPv4 addresses, so devices need to share
How does NAT work?
Router maps between its own IP and the internal IP’s
How does rule based intrusion detection work?
Identifys actions that match certain known intrusion attacks
What are the disadvantages of rule-based intrusion detection? (2)
Requires admin to anticipate attack patterns
Impossible to detect new types of attack
What are the advantages of rule based intrusion detection? (2)
High accuracy, low false positives
