What is a Firewall? Contrast each of the following: Packet Filtering, Application Level/Proxy, Stateful Inspection, and Dynamic Packet Filtering Firewalls
A firewall is software used to maintain the security of a private network. Firewalls block unauthorized access to or from private networks and are often employed to prevent unauthorized Web users or illicit software from gaining access to private networks connected to the Internet. A firewall may be implemented using hardware, software, or a combination of both.
A firewall is recognized as the first line of defense in securing sensitive information. For better safety, the data can be encrypted.
1. Packet Filtering Firewalls:
Packet Filtering mechanisms work in the network layer of the OSI model. In packet filtering, each packet passing through a firewall is compared to a set of rules before it is allowed to pass through. Depending on the packet and the rule, the packet can be either dropped, sent through or a message can be forwarded to the originator. The rules which determine which packets to be sent, and which not to be sent can be based on the source and destination IP address, source and destination port number or the protocol used. Packet filtering can also be done at the router level, providing an additional layer of security. For example, if a certain destination IP address is found in a packet, it could be dropped or if the packet confirms to a certain protocol (eg. http), it could be dropped for companies which do not allow internet access to their employees.
3. Application level gateway Firewalls:
Application level firewalls decide whether to drop a packet or send them through based on the application information (available in the packet). They do this by setting up various proxies on a single firewall for different applications. Both the client and the server connect to these proxies instead of connecting directly to each other. So, any suspicious data or connections are dropped by these proxies. And since they are application aware, they can handle more complex protocols like H.323, SIP, SQL Net etc.
Application level firewalls ensure protocol conformance. For example, attacks over http that violates the protocol policies like sending Non-ASCII data in the header fields or overly long string along with Non-ASCII characters in the host field would be dropped because they have been tampered with, by the intruders.
Application level firewalls can look in to individual sessions and decide to drop a packet based on information in the application protocol headers or in the application payload. For example, SMTP application proxies can be configured to allow only certain commands like helo, mail from:, rcpt to: etc. to pass through the firewall and block other commands like expn, vrfy etc. which tries to expand a list or verify if that account exists, and are used by attackers and spammers for their vested self interests.
4. Stateful multilayer inspection firewalls:
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, transport layer and the application layer. And allow the packets to pass though if they pass all of them, individually. Some of them allows direct connection between the client and the server, as they rely on algorithms to recognize and process application layer data instead of relying on application specific proxies.
5. Dynamic Packet Filtering Firewall
A dynamic packet filter is a firewall facility that can monitor the state of active connections and use this information to determine which network packets to allow through the firewall. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter.
For example, assume that you wish to configure your firewall so that all users in your company are allowed out to the Internet, but only replies to users' data requests are let back in. With a static packet filter, you would need to permanently allow in replies from all external addresses, assuming that users were free to visit any site on the Internet. This kind of filter would allow an attacker to sneak information past the filter by making the packet look like a reply (which can be done by indicating "reply" in the packet header).
What is a Firewall? Contrast each of the following: Packet Filtering, Application Level/Proxy, Stateful Inspection, and...
Suppose that incoming packets are encrypted with a symmetric key that only the sender and receiver know. Which type(s) of firewall will work with such packets and which will not? Why? Note: Some specific answer related to this question for these 3 firewalls: packet filtering, stateful packet filtering, and application proxy.
What is the difference between a stateful firewall and a proxy firewall?
1. a. Upon a risk analysis on a company's site network, some threats are identified. These include threats from malicious code (i.e. virus, worms and Trojan horse) and threats from denial of service (DoS) attacks. To address these threats, an administrator in the company, Bob, has suggested using a firewall to control the access of the site network from the Internet. i. Contrast the three types of malicious code, virus, worms and Trojan horse. ii. There are three types of...
Discuss in detail on IPSEC tunneling and transport mode mechanisms. Discuss the various AAA based hardening techniques in routers. Discuss basic router hardening techniques. What are Application layer firewalls Circuit based Packet filtering Stateful firewall
Question 38 [6] Which of the following is not true about Packet-filtering firewall ? Answers: (A) Permits or denies traffic based on packet header (B) Source and destination IP address/port number (C) Looks at all packet at a time (D) None
What are some of the rules you should follow with packet filtering firewalls?
Which of the following service set security requirements are addressed by IEEE 802.11i security protocols? none of the above Basic Service Set (BSS) Extended Service Set (ESS) Basic Service Set (BSS) & Extended Service Set (ESS) ОО What type of firewall only passes or rejects traffic based on factors such as IP address and port number? O Proxy-type firewall Packet-filtering firewall Stateful firewall none An attack that uses a detailed listing of common passwords and words in general to gain...
You are given the following "informal firewall policy" details to be implemented using the firewall topology illustrated in slide # 22 (Chapter 9) Present the rules for the external and internal firewalll in a table format. a) Email may be sent using SMTP in both directions through the firewall, but it must be relayed via the DMZ mail gateway. External email must be destined for the DMZ mail server. b) Users inside may retrieve their e-mail from the DMZ mail...
14) The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as A) access control list. B) deep packet inspection. C) intrusion filtering. D) packet filtering. 15) The process that allows a firewall to be more effective by examining the data in the body of an IP packet, instead of just the header, is known as A) deep packet inspection. B) stateful packet filtering. C) static...
36. What kind of virus runs in place of the computer's normal system files? A. Worms B. Macro viruses C. File-infector viruses D. Boot sector viruses 37. What of the following features does not distinguish an NGFW from traditional firewalls? A. Application Control B. IDS and/or IPS C. User awareness D. UTM (Unified Threat Management) 38. The act of taking advantage of vulnerability is known as which of the following? a. hacker b. poisoning c. snooping d. exploit 39. What...