1.When shopping for a firewall, what 3 pieces of documentation should you bring
ID: 3823052 • Letter: 1
Question
1.When shopping for a firewall, what 3 pieces of documentation should you bring to a meeting with a vendor or consultant on the purchase
2. Complete the following statement: Access control lists or rules are created for each ______________ on the firewall
3. How many sets of rules do you need for this network diagram?
4.Traffic from the untrusted network to the trusted network is called _____________ traffic.
For the next section, you will 5 -19
List the seven best practices for firewalls we discussed. (A)
For each one, briefly describe why it is a best practice, that is, explain how this best practice protects the trusted network. (B)
20. What is NAT?
21.What does NAT do to protect the network?
22.Why is the order of firewall rules important?
23.What must a VPN that proposes to offer a secure and reliable capability while relying on public networks accomplish?
24.Explain the NAT table on the diagram
Untrusted network Web Server Proxy Server SMTP Server 10.10.10.5 10.10. 10.6 10.10.10.4 Demilitarized zone (DMZ) External Filtering Switch nternal Filtering Router Router Ext IP-10, 10.10.1 Ext IP 10.10.10.3 Int IP 10.10.10.2 Int IP 192.168.2.1 Trusted network Internal Server Firewall Admin IP: 192.168.2.2 IP: 192.168.2.3 NAT Table NT Address EXT Address 192.168.2.1 10.10.10.7 192.168.2.2 10.10.10.8 192.168.2.3 0.10.10.10Explanation / Answer
20)NAT:
A NAT (Network Address Translation or Network Address Translator) is the virtualization of Internet Protocol (IP) addresses. NAT helps improve security and decrease the number of IP addresses an organization needs.
Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
21)NAT do to protect the network:
When computers and servers within a network communicate, they need to be identified to each other by a unique address, in which resulted in the creation of a 32 bit number, and the combinations of these 32 bits would accommodate for over 4 billion unique addresses, known as IP address. This was named IPv4, and although over 4 billion addresses sounds a lot, it really is not considering how fast the world of computers and the internet has grown.
To circumvent this problem, a temporary solution was produced known as NAT. NAT resulted in two types of IP addresses, public and private. A range of private addresses were introduced, which anyone could use, as long as these were kept private within the network and not routed on the internet. The range of private addresses known as RFC 1918 are;
Class A 10.0.0.0 - 10.255.255.255
Class B 172.16.0.0 - 172.31.255.255
Class C 192.168.0.0 - 192.168.255.255
NAT allows you to use these private IP address on the internal network. So within your private network you would assign a unique IP address to all your computers, servers and other IP driven resources, usually done via DHCP. Another company can use the same private IP addresses as well, as long as they are kept internal to their network. So two companies maybe using the same range of IP addresses but because they are private to their network, they are not conflicting with each other.
However when internal hosts do need to communicate to the public network (Internet) then this is where a public address comes into the equation. This address usually purchased from an ISP is a routable public address everyone can see, which would represent your network gateway. This public address would be unique, no one else would use this address.
Now getting to the point; When a host on the internal network with an internal IP address does need to communicate outside it's private network, it would use the public IP address on the network's gateway to identify itself to the rest of the world, and this translation of converting a private IP address to public is done by NAT. For example a computer on an internal address of 192.168.1.10 wanted to communicate with a web server somewhere on the internet, NAT would translate the address 192.168.1.10 to the company's public address, lets call this 1.1.1.1 for example. so that the internal address is identified as the public address when communicating with the outside world. This has to be done because when the web server somewhere on the internet was to reply to this internal computer, it needs to send this to a unique and routable address on the internet, the public address. It can not use the original address of 192.168.1.10, as this is private, none routable and hidden from the outside world. This address, of 1.1.1.1 would be the address of the public address for that company and can be seen by everyone. Now the web server would reply to that public address, 1.1.1.1. NAT would then use its records to translate the packets received from the web server that was destined to 1.1.1.1 back to the internal network address of 192.168.1.10, and though the computer who requested the original info, will receive the requested packets.
Now you can obviously see the two benefits of NAT. Firstly it would save on the IP addresses we use, as every single computer does not need a public address, and also it would hide these private computers from the outside world. Everyone can only see the public address, the rest is hidden behind this public address. So from the internet only the public address on the external interface of the firewall or router can be seen, and nothing beyond it.
22) order of firewall rules important:
You create firewall rules to allow this computer to send traffic to, or receive traffic from, programs, system services, computers, or users. Firewall rules can be created to take one of three actions for all connections that match the rule's criteria:
Rules can be created for either inbound traffic or outbound traffic. The rule can be configured to specify the computers or users, program, service, or port and protocol. You can specify which type of network adapter the rule will be applied to: local area network (LAN), wireless, remote access, such as a virtual private network (VPN) connection, or all types. You can also configure the rule to be applied when any profile is being used or only when a specified profile is being used.
Because you can make firewall rules that have apparent conflicts, it is important to understand the order in which the rules are processed:
As soon as a network packet matches a rule, that rule is applied, and processing stops. For example, an arriving network packet is first compared to the authenticated bypass rules. If it matches one, that rule is applied and processing stops. The packet is not compared to the block, allow, or default profile rules. If the packet does not match an authenticated bypass rule, then it is compared to the block rules. If it matches one, the packet is blocked, and processing stops, and so on.
23).What must a VPN that proposes to offer a secure and reliable capability while relying on public networks accomplish?
Encapsulation of incoming and outgoing data, wherein the native protocol of the client is embeddedwithin the frames of a protocol that can be routed over the public network as well as be usable by theserver network environment.- Encryption of incoming and outgoing data to keep the data contents private while in transit over thepublic network but usable by the client and server computers and/or the local networks on both ends ofthe VPN connection.- Authentication of the remote computer and, perhaps, the remote user as well. Authentication and thesubsequent authorization of the user to perform specific actions are predicated on accurate and reliableidentification of the remote system and/or user.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.