Firewall rule sets use source IP addresses, destination addresses, ports, and pr

Question

Firewall rule sets use source IP addresses, destination addresses, ports, and protocols. Describe the function of each. What is the purpose of the following rule? Allow Src= 10.1.23.54 dest=85.75.32.200 Proto=tcp 21 What is the purpose of the following rule? Deny Src=ANY dest=ANY Proto=tcp 23 Determine input validation. Describe the type of attack that is related to poor input validation. In the following scenario, what should the input validation parameters be? A class registration web form requires that students enter their current year. The entry options are numbers from 1 to 4 that represent the following: freshmen=l. sophomores=2. juniors=3, and seniors=4. What is the difference between Intrusion detection systems (IDSs) and Intrusion prevention systems (IPSs)? What are the main criteria used by content filtering to restrict access to the system? What are the benefits of having a practiced incident response capability? Describe the three incident severity levels

Explanation / Answer

Question 1

1.1

A packet filtering firewall apply a set of rules to every incoming and leaving IP packet and then sends or limits it i.e., forward or discards the packet

The firewall is typically configured to filter packet going in both directions (from and to the internal network)

So we need some parameters such as source address and destination address and the port numbers guided by set of rules termed as protocols

Source IP address: The IP address of the system that originated the IP packet (e.g., 198.156.1.2)

Destination IP address: The IP address of the system the IP packet is trying to reach (e.g., 198.168.2.1)

Ports: Source and destination transport-level address. At the transport-level which uses TCP or UDP port number, are used which defines applications such as SNMP or TELNET?

Protocol field: It Defines the transport protocol either TCP, Transmission Control Protocol or UDP, Unit Datagram Protocol means the set of rules needed to send or receive a packet

If present is a competition to one of the rules, based on the match to the fields in the IP or TCP header, that rule is invoke to decide whether to ahead or toss away the packet.

If there is no counterpart to any rule, then a defaulting act is taken.

Two default policies are possible:

Default = discard

Default = forward

1.2)

rule

Allow Src=10.1.23.54 dest=85.75.32.200 Proto=tcp 21

means Allow the packet whose source IP address is 10.1.23.54 and Destination IP address is 85.75.32.200 and the Transport protocol used is TCP,Transport Control Protocol and the port address is 21

This firewall rules initiates the allowance of the packet

1.3)

rule

Deny Src=ANY dest=ANY Proto=tcp 23

signifies not to allow any IP packets at port 23

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.