Week 12 - Firewalls, Honeypots, IDS & IPS

Question 1

What is a Firewall?

Answer 1

First line of defense against attacks
* Protects internal network users from external threats
* Composed of software, hardware and both
* Resides between two or more networks
* Controls the traffic between networks: block or allow traffic access
* Helps prevent unauthorized access
* Types: Host-based and network-based
* Popular: Palo Alto, Juniper, CISCO

Question 2

Firewalls benefits

Answer 2

Defines a single choke point
* Provides a location for monitoring security events
* Can serve as platform for VPN end point

Question 3

Firewalls cons

Answer 3

Attacks at the application layer may sneak through
* May not protect fully against internal threats
* Improperly secured wireless LAN can be accessed from outside the organization
* Laptop, phone, or USB drive may be infected outside the corporate network then
used internally

Question 4

Firewall operations

Answer 4

List of Firewall rules is called Access Control List
* Rules can allow/block traffic based on:
* Source IP address
* Destination IP address
* Source Port
* Destination Port
* Protocol

Question 5

Firewall types

Answer 5

• Packet Filtering accepts/rejects packets based on protocol headers
• Application Proxy relay for application traffic
• Circuit-level Proxy relay for transport connections
• Stateful Packet Inspection adds state information on what happened previously to packet filtering firewall

Question 6

Packet filtering Firewalls advantages

Answer 6

Simplicity
Transparent to users
Very fast

Question 7

Packet filtering Firewalls advantages

Answer 7

Simplicity
Transparent to users
Very fast

Question 8

Packet filtering firewall disadvantages

Answer 8

Limited logging functionality

Does not support advanced user authentication

Vulnerable to attacks on TCP/IP protocol bugs

Question 9

Where are firewalls located?

Answer 9

Can be located on hosts: end users computers and servers