Lesson 3 Flashcards
A Cisco firewall maintains a translation or _______ for each protected host that can participate in connections
xlate table
Each entry in the xlate table contains the following
–Protocol used (ICMP, UDP, or TCP) –Local and global interfaces, IP addresses, and port numbers – Flags (type of xlate) –Connections –Timers – Uauth bindings
Initial checking provides protection against address spoofing by using unicast __________
Reverse Path Forwarding ( RPF )
RPF essentially verifies that an incoming packet would take the same path in reverse to reach the source.
RPF can detect ___________ only if spoofed between interfaces.
If a host on the outside interface spoofs the address of another outside host, the firewall can’t detect it, because the spoofing occurs on a single interface.
spoofed addresses
When the first packet in a series of packets arrives at the security appliance from the inside interface, the appliance creates a _____________ . Each translation uses one _________
translation slot
For example, a client could connect to a server via telnet, FTP, and HTTP simultaneously, creating three separate TCP connections between the two devices.
When this happens, a single _________ slot and three _____ slots are created. Each ____
slot is bound to a _____ slot.
translation - connection
connection - translation
As soon as a connection initiates and a ___________ entry is created, traffic from the source to the destination is allowed to pass.
Also, the _____ or ____ traffic for that connection is allowed back through the firewall toward the source automatically for TCP and UDP connections.
conn table
return or reply
An access list is _________ to allow returning traffic, because the ASA allows ____________________________
not required
all returning traffic for established, bidirectional connections.
For connectionless protocols such as ICMP, however, the security appliance establishes __________ sessions.
unidirectional
For authentication users, the firewall acts as a _____________________ so that no further authentication is needed.
cut - through authentication proxy
The firewall inspects each connection and applies rules according to the protocol being used. This process is referred to as an __________________ .
inspection engine
If NAT is used, the ICMP connection is open for ________. after the ICMP reply.
2 sec
UDP Inspection If no packets have passed through the connection before the UDP idle connection timer expires, the UDP connection is closed by being deleted from the conn table after _______
2 minutes.
For TCP:
– A FIN and FIN/ ACK are in the TCP header control field.
– An RST is in the TCP header control field (from client or server). – The TCP connection is idle for more than __________ by default.
– The connection is removed with the clear ___ command.
1 hour
xlate
____________ Translates host addresses on more secure interfaces to a range or pool of IP addresses on a less secure interface.
Dynamic translation
