Module 3 part 2 Flashcards
gateway firewalls
In what layer the filtering of Gateway firewall is done ?
application layer
What is the main purpose of Bastion Host(BH) ?
BH sets up proxy for client/sever
eliminates the direct exchange of packets between private and outside network
What are the 6 design features of Bastion Hosts ?
- secure version of OS
- only essential services are installed(DNS FTP)
- each proxy is independent program
- each proxy can be configured (hosts subnets)
- BH require additional authentication
- User not allowed to login BH
What are the three Gateway firewall configurations ?
- screened host firewall
- Dual-homed gateway firewall
- Screened subnet firewall
In which part of screened host firewall the BH is located in ?
BH located in the same network segment as the private network hosts and secure severs.
What are the characteristics of screened host gateway firewall ?
- packet filter router have ACL to configure traffic only to BH
-direct access to outside network or through proxy
-access info server without using proxies.
High flexibility
Low security
What are the characteristics of Dual homed gateway firewall ?
- BH two interface between outside and inside
- all traffic from private network is forced set up proxies.
- information server is out side of the BH
- packet filter ACL put traffic to info server or BH
- High security
- low flexibility
What are the characteristics of Screened Subnet gateway firewall ?
- two packet filtering routers
- BH and info server placed between two routers
- direct traffic in DMZ is prevented through two router’s ACL
- balanced flexibility and security
What is the network segment between two router(private and public network) in screened subnet gateway firewall ?
DMZ(de-militarized zone) network
What is the routing rule of the outer router in screened subnet gateway firewall?
- traffic from outside only to BH or info server
2. outbound traffic only allow from BH.
What is the routing rule of the inner router in screened subnet gateway firewall?
- inbound traffic only allow from BH
2. outbound traffic only to BH or info server.
In what network configuration is NAT installed ?
Dual homed gateway network and screened subnet gateway network
What does NAL(network address translation) do?
translating private address to public address
What are the three block of IP address are assigned to private address ?
A: 10.0.0.0 - 10.255.255.255
B: 172.16.0.0- 172.31.255.255
C: 192.168.0.0-192.168.255.255
NAT solves what other problem of IP address ?
short of IP address
not enough IP address.