1. What is the typical relationship among the untrusted network, the firewall, a

Question

1. What is the typical relationship among the untrusted network, the firewall, and the trusted network?

2. What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?

3. How is an application layer firewall different from a packet-filtering firewall? Why is an application layer firewall sometimes called a proxy server?

4. How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?

5. What is stateful inspection? How is state information maintained during a network connection or transaction?

6. What is a circuit gateway, and how does it differ from the other forms of firewalls?

7. What special function does a cache server perform? Why is this useful for larger organizations?

8. Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.

9. What is a hybrid firewall?

10. List the five generations of firewall technology. Which generations are still in common use?

11. How does a commercial-grade firewall appliance differ from a commercial-grade firewall system? Why is this difference significant?

12. Explain the basic technology that makes residential/SOHO firewall appliances effective in protecting a local network. Why is this usually adequate for protection?

13. What key features point up the superiority of residential/SOHO firewall appliances over personal computer-based firewall software?

14. How do screened host architectures for firewalls differ from screened subnet firewall architectures? Which of these offers more security for the information assets that remain on the trusted network?

15. What a sacrificial host? What is a bastion host?

16. What is a DMZ? Is this really an appropriate name for the technology, considering the function this type of subnet performs?

17. What are the three questions that must be addressed when selecting a firewall for a specific organization?

18. What is RADIUS? What advantage does it have over TACACS?

19. What is a content filter? Where is it placed in the network to gain the best result for the organization?

20. What is a VPN? Why is it becoming more widely used?

Explanation / Answer

1)

Simply put, the untrusted network (IE: the internet) is on the 'outside' of the Firewall, logically separating it from the trusted network, which you want to keep safe. In this way, you can think of the Firewall as the outer gates of your protected network.

2)

TCP and UDP use the same addressing scheme. That is where the simularities end.

In a nutshell - TCP is a connection-oriented protocol that is responsible for reliable communication between two end processes. The unit of data transferred is called a stream, which is simply a sequence of bytes.
.

UDP provides a connectionless host-to-host communication path. UDP has minimal overhead:; each packet on the network is composed of a small header and user data. It is called a UDP datagram. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.

3)

you might be confused because there are so many concurrent/redundant terms used to describe the same things in IT. Terms like "packet filter," state-full firewall," "packet level firewall," network layer firewall," "applications layer firewall," ...etc etc ... but this is also a common question.

Here is a quick breakdown of the difference. First you have to understand what a firewall is. Got that, OK good..moving on...

SO.. a packet level or commonly called network level firewall or packet filter is basically just what it sounds like... a packet filter. There are basically two types of these, state-full or state-less. Without typing too much, generally state-full is more secure and state-less is simpler. State-full packet inspection can determine what type of protocol is being sent over each port, but application-level filters look at what a protocol is being used for. A packet filter firewall analyzes traffic at the TRANSPORT layer. This "packet filtering" type is considered the least secure because it does not inspect the packets APPLICATION LAYER data and DOES NOT track the STATE of connections. (state-full vs state-less) An application level firewall evaluates network packets for valid data at the application layer before allowing a connection. An application level firewall analyzes the complete command set for a single protocol in application space. An applications layer firewall is again, just what it sounds like.. a firewall (filter) that works on the applications layer. Application filtering can be regarded as an extension to state-full packet inspection. State-full packet inspection can determine what type of protocol is being sent over each port, but application-level filters look at what a protocol is being used for. For example, an application-level filter might be able to tell the difference between HTTP traffic used to access a Web page and HTTP traffic used for file sharing, whereas a firewall that is only performing packet filtering would treat all HTTP traffic equally.

4)

The difference between Dynamic filtering and Static filtering is that dynamic filtering means they keep the ports opening and closing for the arriving packet data according to the rule of the site content and protocol. This filtration can be applied to the whole array or at individual level. These filters are configured to follow the rules of the private network and allow the packets that follow the policy and protocol of the IP address they are arriving at.

With Static filters, they are used in very special cases with the help of wizard. These filters are used to allow very specific traffic like mail or specific internet programs and not to the whole array of internet. Static ports once installed will always keep the port open for which they are configured until they are closed manually.

5)

Stateful firewalls keep track of each network connection between
internal and external systems using a state table.

6)

Circuit gateways relay TCP connections based on addresses but does not
filter the protocol.

7)

A cache server is a proxy server that stores the most recently
accesses webpages in its internal cache. The proxy server is setup to
be in the DMZ or another unsecured area where it is exposed directly
to the internet so that the actual web server can be placed in a
secured area. Thus the relatively-less-important cache server exposed
to threats from the internet, protecting the more valuable web server.
Also, additional filtering routers can be placed between the proxy
server and the web server, increasing the protection for the latter.

8)

Proxy Server: also known as an Application-Level Firewall, is used to
filter packets in a specific protocol, such as FTP, SMTP, or HTTP.
This falls in the Application, Presentation, or Session layer of the
OSI model.

Circuit Gateway Firewall: this operates at the Transport Level of the
OSI model. The Circuit Gateway allows connection only between certain
specific networks, without specifically filte4ring any data packets.

Packet-Filtering Firewall: Allows the passage of only certain packets
between networks. They operate at the Network Level of OSI.

MAC Layer Firewall: Operate at the Media Access Control sub-layer of
the Datalink layer of the OSI. Packets are filtered according to ACL
entries that are assigned to computers according to their MAC
addresses.

9)

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.