Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

a) In Figure 4-18 , explain why Rule 1 brings more security than Rule 2. b) Expl

ID: 3906504 • Letter: A

Question

a) In Figure 4-18, explain why Rule 1 brings more security than Rule 2. b) Explain why the last rule in an ACL should deny anything not previously approved by earlier rules. c) Why do you think authentication is sometimes required before accepting a connection? d) When a packet addressed to 60.1.232.89 arrives, what rule will the SPI firewall look at first? e) Why must Rule 2 come after Rule 1?

Rule Source IP Destination IP Server Port Action on Remark Address Address Number Connection 60.3.47.138 80 Open access to this webserver ANY 80 Allow Open access to any webserver Any Interna 60.1.232.89 80 Authenticate, Open access for internal hosts to this webserver then allow following authentication. Finance Finance Authenticate, Any connection between Finance hosts with then allow Any Intemal 60.44.2.17 25 Allow Open access for internal hosts to this mail server. Any Deny any connection not permitted by a previous ule Figure 4-18 Access Control List (ACL) for a Stateful Inspection Firewall to Apply to Packets Attempting to Create a Connection

Explanation / Answer

a) In Figure 4-18, explain why Rule 1 brings more security than Rule 2.

Rule 1 handles a specific Destination IP address from the routing and then allows the connection to the webserver. Rule 2 allows any destination IP address to connect to the webserver. Thus Rule 1 has specifics and is thus more secure as only the Destination IP Address with port number can access the webserver.

b) Explain why the last rule in an ACL should deny anything not previously approved by earlier rules.

For security reasons, it is always recommended that whatever is not authorized or authenticated, should be rejected by default. Thus Rule 6 Denies any request that comes to the webserver if the previous rules did not authenticate it.

c) Why do you think authentication is sometimes required before accepting a connection?

Authentication is always required before accepting a connection in order to understand the access control for the user and whether the user is authorized to view the data and what kind or level of authorization does the user have, her in the case of accessing the webserver.

d) When a packet addressed to 60.1.232.89 arrives, what rule will the SPI firewall look at first?

When a packet addressed to 60.1.232.89 arrives the SPI firewall look at whether the IP address is internal or not. If it is internal it will look at the Rule #3 which is programmed for the Destination IP Address 60.1.232.89 which will authenticate the packet and service and then allow connection to the webserver.

e) Why must Rule 2 come after Rule 1?

Rule 2 should come after Rule 1 as Rule 2 is the general criteria, i.e if Rule 1 fails for a criteria , then the Rule 2 will come into action. Thus the Rule 2 must come after Rule 1.

Related Questions

a) If a child is born with the blood type AB+, and one of its parents is A-, wha
Question #258714
a) If a first-order reaction has an activation energy of 104.6 kJ/mol and, in th
Question #916255
a) If a household uses an average of 1500 kWh of electrical energy every 30 days
Question #1775147
a) If a mutant grows well on YPD but fails to grow on the YPD+H2O2 plate, what c
Question #63047
a) If a ray of light travels along the normal, the angle of incidence is 30 o 60
Question #1465955
a) If a salt containing the conjugate base of a weak acid is dissolved in water,
Question #524682
a) If a sample of NaBH_4 is 70% pure by mass (the remaining 30% is incapable of
Question #509880
a) If a sample of gas occupies 7.8 L at 325 C what will be itsvolume at 25 C is
Question #681731

Navigate

Previous
a) In Example 16.8, find the charge on the 8.0F capacitor in Figure 16.21a and t
Next
a) In Figure 5A above, in which direction is the induced current in the resistor

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.