Module 3 part 2

Question 1

In what layer the filtering of Gateway firewall is done ?

Answer 1

application layer

Question 2

What is the main purpose of Bastion Host(BH) ?

Answer 2

BH sets up proxy for client/sever

eliminates the direct exchange of packets between private and outside network

Question 3

What are the 6 design features of Bastion Hosts ?

Answer 3

1. secure version of OS
2. only essential services are installed(DNS FTP)
3. each proxy is independent program
4. each proxy can be configured (hosts subnets)
5. BH require additional authentication
6. User not allowed to login BH

Question 4

What are the three Gateway firewall configurations ?

Answer 4

• screened host firewall
• Dual-homed gateway firewall
• Screened subnet firewall

Question 5

In which part of screened host firewall the BH is located in ?

Answer 5

BH located in the same network segment as the private network hosts and secure severs.

Question 6

What are the characteristics of screened host gateway firewall ?

Answer 6

• packet filter router have ACL to configure traffic only to BH
  -direct access to outside network or through proxy
  -access info server without using proxies.
  High flexibility
  Low security

Question 7

What are the characteristics of Dual homed gateway firewall ?

Answer 7

• BH two interface between outside and inside
• all traffic from private network is forced set up proxies.
• information server is out side of the BH
• packet filter ACL put traffic to info server or BH
• High security
• low flexibility

Question 8

What are the characteristics of Screened Subnet gateway firewall ?

Answer 8

• two packet filtering routers
• BH and info server placed between two routers
• direct traffic in DMZ is prevented through two router’s ACL
• balanced flexibility and security

Question 9

What is the network segment between two router(private and public network) in screened subnet gateway firewall ?

Answer 9

DMZ(de-militarized zone) network

Question 10

What is the routing rule of the outer router in screened subnet gateway firewall?

Answer 10

1. traffic from outside only to BH or info server

2. outbound traffic only allow from BH.

Question 11

What is the routing rule of the inner router in screened subnet gateway firewall?

Answer 11

1. inbound traffic only allow from BH

2. outbound traffic only to BH or info server.

Question 12

In what network configuration is NAT installed ?

Answer 12

Dual homed gateway network and screened subnet gateway network

Question 13

What does NAL(network address translation) do?

Answer 13

translating private address to public address

Question 14

What are the three block of IP address are assigned to private address ?

Answer 14

A: 10.0.0.0 - 10.255.255.255
B: 172.16.0.0- 172.31.255.255
C: 192.168.0.0-192.168.255.255

Question 15

NAT solves what other problem of IP address ?

Answer 15

short of IP address

not enough IP address.

Question 16

What are the three types of NAT?

Answer 16

1. static (1-1) NAT
2. dynamic many-to-a-pool NAT
3. dynamic many-to-a-1 NAT

Question 17

What is static (1-1) NAT ?

Answer 17

• fixed mapping
• simple
• least efficient of IP address
• good for server

Question 18

What is dynamic many to a pool NAT?

Answer 18

• a private address maps to a public address

- only a group of client can connect to outside server together.

Question 19

What is dynamic many to a 1 NAT ?

Answer 19

• also known as NAT overloading or PAT port address translation
• use map to
• large access to outside server together

Question 20

About how many clients can connect to the network at the same time using 1 public IP address?

Answer 20

15000

Question 21

What information does stateful inspection store?

Answer 21

port number, address, type of request and sequence number

Question 22

What are the limitation of Firewalls?

Answer 22

• cannot filter encrypted traffic

- cannot prevent internal attack