ECM 1413 firewalls

Question 1

A firewall can

Answer 1

• Restrict both incoming and outgoing traffic
• Use both positive and negative filters
• Consider both the payload and different tcp/ip headers
• Consider packets individually or as part of a flow

Question 2

what is a firewall

Answer 2

A firewall is a security system designed to prevent unauthorized access into or out of a computer network.

Question 3

The principal types of firewalls are:

Answer 3

1- Packet filtering firewalls
2- Stateful packet inspection firewalls
3- Application level gateways
4- Circuit level gateways

Question 4

Packet-filtering firewalls

Answer 4

A packet-filtering firewall filters individual packets on the basis of packet headers (up to the transport layer) and packet payloads

Question 5

A packet-filtering firewall may filter packets on the basis of:

Answer 5

• Port numbers
• Ip addresses
• Filetypes
• Malware signatures

Question 6

Wildcard masks

Answer 6

A wildcard mask indicates which bits of an IP address a particular rule is concerned with during IP address matching
- 0: the corresponding bit must match
- 1: the corresponding bit does not matter

Question 7

Action: Allow
IP address: 20.1.1.1
Wildcard Mask: 0.0.255.255

Answer 7

means “allow all IP addresses of the form 20.1.x.y”

Question 8

Action: Deny
IP address: 20.2.1.1
Wildcard mask: 0.0.0.255

Answer 8

means “deny all IP addresses of the form 20.2.1.z”

Question 9

Statefull firewalls

Answer 9

A stateful firewall reviews the same packet information as a packet filtering firewall, but also filters packets on the basis of a directory of established transport-layer connections

Question 10

A stateful firewall can track

Answer 10

• TCP connections by looking for handshakes during connection startup and connection shutdown
• UDP segments by tracking ip addresses and port numbers

Question 11

Application-level gateway

Answer 11

Filters packets based on applications or certain features of applications.

Question 12

How does an application-level gateway

Answer 12

Sets up 2 tcp connections: one from the trusted network to the firewall, and one from the firewall to the untrusted network

Example: an application-level gateway can be used as a web or email gateway

Question 13

Circuit-level gateways

Answer 13

A circuit-level gateway determines which tcp connections will be allowed. Just as the application-level gateway, a circuit-level gateway sets up two tcp connections.

Question 14

Circuit-level gateway example

Answer 14

1 The circuit-level gateway receives a TCP connection request from a trusted client

2 The circuit-level gateway approves or denies the TCP connection based on IP addresses, port numbers, user authentication, etc.

3 If the connection is approved, the circuit-level gateway establishes a second TCP connection to the server on the client’s behalf

4 From this point on, the circuit-level gateway simply relays segments in the TCP connection

Question 15

Firewall organizations include:

Answer 15

1 single firewall inline

2 double firewall inline

Question 16

Single firewall inline

Answer 16

A single firewall inline puts a firewall between an external and internal router

Question 17

Double firewall inline

Answer 17

puts a dimilitarized zone (DMZ) between an external and internal firewall. The dmz is a network for systems that must be externally accessible (e.g., e-mail, dns, web) but still need some protection

Question 18

virtual private network (VPN)

Answer 18

uses encryption and authentication (provided by Ipsec as an example) to provide a secure connection through an otherwise insecure network, typically the internet

Question 19

benefit and drawback of VPNs

Answer 19

+ can be used to bypass firewalls and other restrictions, and to increase privacy and security
-may result in a lower connection speed, blocks certain internet services, resale of your data to third parties.