Module 3 part 2 Flashcards
gateway firewalls (22 cards)
In what layer the filtering of Gateway firewall is done ?
application layer
What is the main purpose of Bastion Host(BH) ?
BH sets up proxy for client/sever
eliminates the direct exchange of packets between private and outside network
What are the 6 design features of Bastion Hosts ?
- secure version of OS
- only essential services are installed(DNS FTP)
- each proxy is independent program
- each proxy can be configured (hosts subnets)
- BH require additional authentication
- User not allowed to login BH
What are the three Gateway firewall configurations ?
- screened host firewall
- Dual-homed gateway firewall
- Screened subnet firewall
In which part of screened host firewall the BH is located in ?
BH located in the same network segment as the private network hosts and secure severs.
What are the characteristics of screened host gateway firewall ?
- packet filter router have ACL to configure traffic only to BH
-direct access to outside network or through proxy
-access info server without using proxies.
High flexibility
Low security
What are the characteristics of Dual homed gateway firewall ?
- BH two interface between outside and inside
- all traffic from private network is forced set up proxies.
- information server is out side of the BH
- packet filter ACL put traffic to info server or BH
- High security
- low flexibility
What are the characteristics of Screened Subnet gateway firewall ?
- two packet filtering routers
- BH and info server placed between two routers
- direct traffic in DMZ is prevented through two router’s ACL
- balanced flexibility and security
What is the network segment between two router(private and public network) in screened subnet gateway firewall ?
DMZ(de-militarized zone) network
What is the routing rule of the outer router in screened subnet gateway firewall?
- traffic from outside only to BH or info server
2. outbound traffic only allow from BH.
What is the routing rule of the inner router in screened subnet gateway firewall?
- inbound traffic only allow from BH
2. outbound traffic only to BH or info server.
In what network configuration is NAT installed ?
Dual homed gateway network and screened subnet gateway network
What does NAL(network address translation) do?
translating private address to public address
What are the three block of IP address are assigned to private address ?
A: 10.0.0.0 - 10.255.255.255
B: 172.16.0.0- 172.31.255.255
C: 192.168.0.0-192.168.255.255
NAT solves what other problem of IP address ?
short of IP address
not enough IP address.
What are the three types of NAT?
- static (1-1) NAT
- dynamic many-to-a-pool NAT
- dynamic many-to-a-1 NAT
What is static (1-1) NAT ?
- fixed mapping
- simple
- least efficient of IP address
- good for server
What is dynamic many to a pool NAT?
- a private address maps to a public address
- only a group of client can connect to outside server together.
What is dynamic many to a 1 NAT ?
- also known as NAT overloading or PAT port address translation
- use map to
- large access to outside server together
About how many clients can connect to the network at the same time using 1 public IP address?
15000
What information does stateful inspection store?
port number, address, type of request and sequence number
What are the limitation of Firewalls?
- cannot filter encrypted traffic
- cannot prevent internal attack
