Q17 Firewall Deployment Choices Flashcards
(4 cards)
What are the fire wall types?
Firewall Types:
◦ Packet Filter: Filters based on Layer 3 (IP) and Layer 4 (Transport) headers (IP addresses, ports, protocol). Fast but simple.
◦ Stateful: Tracks the state of connections (Layer 4 and above implicitly). More sophisticated filtering than packet filters.
◦ Proxy (Application Gateway): Acts as a proxy for specific applications (Layer 7), inspecting application-layer content and commands. Provides deep inspection but can add latency.
Explain what types of firewall(s) you would choose to deploy on the following network devices. Justify your answer. (a) border router
▪ Choice: A Packet Filter Firewall or a high-performance Stateful Firewall.
▪ Justification: The border router is the first point of entry to the network from the Internet. It handles the highest volume of traffic and needs to process packets very quickly. A packet filter firewall provides fast, coarse-grained inspection based on IP addresses and ports, suitable for blocking traffic from known malicious sources or ranges, or enforcing basic access policies at the network edge without significant performance impact. A high-performance stateful firewall could also be used to offer more advanced connection tracking (like preventing SYN floods) if the router has sufficient processing power, but stateless filtering is simpler and faster for initial high-volume drops.
Explain what types of firewall(s) you would choose to deploy on the following network devices. Justify your answer. (b) demarcation router protecting the internal network
▪ Choice: A Stateful Firewall.
▪ Justification: A demarcation router segments internal networks or protects specific sensitive internal zones (like servers) from other internal networks or a DMZ. This requires a more granular and context-aware policy than the border. A stateful firewall is ideal here because it tracks the state of connections, allowing more sophisticated rules like permitting only established connections or protecting against attacks targeting connection states. It provides a good balance between security depth and performance for filtering traffic within or entering a segment of the internal network. Packet filters are too basic, and application proxies are too specific for general network segment protection.
Explain what types of firewall(s) you would choose to deploy on the following network devices. Justify your answer. (c) email proxy server for SMTP.
▪ Choice: A Proxy Firewall (Application Gateway) specifically designed for SMTP.
▪ Justification: An email proxy server’s role is to process email traffic (SMTP) at the application layer. A proxy firewall is designed for this exact purpose – inspecting and controlling traffic based on the specifics of an application protocol. An SMTP proxy firewall can examine email content, headers, and commands to filter spam, scan for viruses, enforce email policies (e.g., content restrictions), and detect protocol-specific attacks that lower-layer firewalls would miss.
