Firewall

Question 1

What is a computer program or hardware device that is designed to block unauthorized access while permitting authorized communications based on a set of rules and other criteria

Answer 1

Firewall

Question 2

Firewalls emerged in the 1980’s as a result of several high-profile breaches. What device did they evolve from?

Answer 2

From simple ACLs on Routers

Question 3

Whats are the four basic firewall security designs?

Answer 3

• Packet
• Stateful Inspection
• Application Layer
• Hybrid

Question 4

Which type of firewall is used on modern networks?

Answer 4

Hybrid

Question 5

Which type of firewall is the simplest and filters packets based on a comparison of packet contents with filters in its rules?

Answer 5

Packet Filtering

Question 6

Which type of firewall is essentially a packet-filtering design except that the system creates and maintains a session table to ensure every packet is part of a valid connection.

Answer 6

Stateful Inspection

Question 7

Which type of firewall acts as a server to the internal client, but acts like a client to the external server? It is commonly referred to as a proxy firewall.

Answer 7

Application Layer

Question 8

Hybrid firewalls can analyze traffic that is passed/dropped at what layers of the OSI model?

Answer 8

Layer 3 – Network Layer
Layer 4 – Transport Layer
Layer 7 – Application Layer

Question 9

Whats is the Air Force’s enterprise firewall solution?

Answer 9

McAfee Sidewinder (appliance-based firewall)

Question 10

What does Sidewinder call logical network partitions or zones? These are used by Type Enforcement to isolate networks of different regions of trust or security.

Answer 10

Burbs (they allow assignment to any interface on the firewall without modifying multiple rules)

Question 11

What is the implementation of Mandatory Access Controls and is based on the principle of least privilege?

Answer 11

Type Enforcement

Question 12

DNS can be handled in three different ways on Sidewinder, what are they?

Answer 12

• Transparent
• Single Server
• Split Server

Question 13

In what DNS function does Sidewinder not act upon DNS queries, instead it passes DNS from internal to external if there is a rule for it. The system does not cache any queries nor participate in the DNS stream.

Answer 13

Transparent

Question 14

In what Sidewinder DNS function are all DNS records on the firewall handled by a single server for all interfaces (not entirely secure)

Answer 14

Single Server

Question 15

In what DNS function does Sidewinder have two separate servers on the firewall. The Internet server is only for the Internet burb and its queries. The Unbound server is for all other burbs. (The most secure method)

Answer 15

Split Server

Question 16

(T/F) Sidewinder does not have the ability to perform time synchronization.

Answer 16

False. Sidewinder can function as an NTP server on any interface.

Question 17

Sidewinder can be managed with a GUI or a command line interface. What are the advantages of using CLI?

Answer 17

• More powerful
• Direct interface
• Can affect multiple things at once
• Less steps/effective immediately

Question 18

In what order are rules stored and processed in Sidewinder?

Answer 18

Rules are stored numerically (“First match, not “Best match”)

Question 19

What are the 7 types of objects that can be created in Sidewinder?

Answer 19

• Domain
• Geo-location
• Host
• IP Address
• IP Range
• Netmap
• Subnet

Question 20

TCPDump output: Which is the Source IP and which is the Destination IP in the SYN/ACK packet?

13: 02:52.538242 192.168.1.9.43012 > 69.31.49.57.80: S 1770561188:1770561188(0) win 16384 (DF)
13: 02:52.639065 69.31.49.57.80 > 192.168.1.9.43012: S 2757318732:2757318732(0) ack 1770561189 win 64240 (DF)
13: 02:52.639086 192.168.1.9.43012 > 69.31.49.57.80: . ack 1 win 16560 (DF)

Answer 20

Source: 192.168.1.9
Destination: 69.31.49.57