Ch 2 Flashcards
(19 cards)
What is a firewall?
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.
What are the major types of firewalls?
The major types of firewalls include:
- Packet Filter
- Application Gateway
- Circuit Level Gateway
- Stateful Packet Inspection
- And More..
What is a Packet Filter?
The most basic type of firewall, also known as a ‘Screening’ firewall, operates on the transport and network layer of TCP/IP.
What does a Packet Filter examine?
A Packet Filter examines a packet’s:
1. Source address
2. Destination address
3. Source port
4. Destination port
5. Protocol type
What are the disadvantages of a Packet Filter?
Disadvantages include:
- Does not compare packets
- No authentication
- Susceptible to SYN and Ping flood attacks
- Does not track packets
- Does not look at the packet data, just the header
- Not necessarily the most secure firewall.
What is an Application Gateway?
Also known as Application proxy or application-level proxy, it operates on the Application layer and examines the connection between the client and the server applications.
What are the disadvantages of an Application Gateway?
Disadvantages include:
- Requires more system resources
- Susceptible to flooding attacks (SYN, Ping)
- Time taken to authenticate user
- Once connection is made, packets are not checked.
What is a Circuit Level Gateway?
Circuit-level gateways monitor TCP handshakes and other network protocol session initiation messages across the network.
What are the advantages of Circuit Level Gateways?
Advantages include:
- More secure than application gateways
- External systems do not see internal systems.
What is Stateful Packet Inspection?
Stateful Packet Inspection monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
What are the characteristics of Stateful Packet Inspection?
Characteristics include:
- Tracks sessions of network connections
- Aware of context of packets
- Recognizes whether source IP is within the firewall.
What are Hybrid Firewalls?
Hybrid Firewalls take multiple approaches to their firewall implementations, such as using SPI and circuit level gateways together.
What is a Network Host-Based Firewall?
A firewall installed on each individual server that controls incoming and outgoing network traffic, running on top of the operating system.
What is a Dual-Homed Host?
A networked device built with two network interface cards (NICs), expanded version of the Network host firewall.
What is a Router-Based Firewall?
Usually the first line of defense, it uses simple packet filtering and can be preconfigured by the vendor for specific user needs.
What is a Screened Host?
A combination of firewalls using a bastion host and screening router, similar in concept to the dual-homed host.
What is the purpose of using a Proxy Server?
A Proxy Server prevents the outside world from gathering information about your internal network and provides valuable log information.
What is Network Address Translation (NAT)?
NAT translates internal IP addresses to public addresses and can explicitly map ports to internal addresses for web servers.
What are the critical components of network security solutions?
Firewalls and proxy servers are critical for network security solutions, with various solutions available that range in price and features.
