What are the 2 main types of firewall?

Home

Subjects

Expert solutions

Create

Log in

Sign up

Upgrade to remove ads

Only SGD 41.99/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Terms in this set (49)

What is firewall?

Providing a secured access b/t two networks. Standalone hardware device

What are two types of firewall?

Hardware firewall
and software firewall.

Mode of Operation

A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate

General Firewall Features

Port Control
Network Address Translation
Application Monitoring (Program Control)
Packet Filtering
Data encryption
Reporting/logging
e-mail virus protection
Pop-up ad blocking
Spy ware protection etc.

Negative effects of firewall

Traffic bottlenecks - By forcing all network traffic to pass through the firewall, there is a greater chance that the network will become congested.

Single point of failure - . In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be allowed through.

Increased management responsibilities - A firewall often adds to network management responsibilities and makes network troubleshooting more complex

Viruses and Firewalls

Firewalls cannot protect against viruses, so Anti-Virus software is needed for that purpose.
MacAfee and Norton provide complete protection. Zone Alarm pro contain limited virus protection features.

what are 2 firewall layers of operation?

Network Layer and Application Layer.

Network Layer

Makes decision based on the source, destination addresses, and ports in individual IP packets.
Based on routers.
Has the ability to perform static and dynamic packet filtering and stateful inspection.
Filtering is done by the network layer or the transport layer (3rd layer and 4th)

What is the differences b/t static & Dynamic Filtering?

Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports.
Source IP, Destination IP, TCP/UDP
Offers little protection.

Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.

What is stateful inspection?

Compares certain key parts of the packet to a database of trusted information.
Incoming information is compared to outgoing information characteristics.
Information is allowed through only If comparison yields a reasonable match.

What is Application Layer?

They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network.
Logging and access control are done through software components.

What is proxy services?

An application that mediates traffic between a protected network and the Internet.
Able to understand the application protocol being utilized and implement protocol specific security.
Application protocols include: FTP, HTTP, Telnet etc.

what is a hardware firewall?

It is just a software firewall running on a dedicated piece of hardware or specialized device.
Basically, it is a barrier to keep destructive forces away from your property.
You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.

What does hardware firewall do?

It is a hardware device that filters the information coming through the internet connection into your private network or computer system.
An incoming packet of information is flagged by the filters, it is not allowed through.

What do firewalls use?

Firewalls use one or more of three methods to control traffic flowing in and out of the network:
Packet filtering
Proxy service
State-full inspection

What's packet filtering

Packets are analyzed against a set of filters.

Whats proxy service?

Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Whats state-full inspection?

It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.

What does hardware firewall protects you from?

Remote logins
Application backdoors
SMTP session hijacking
E-mail Addresses
Spam
Denial of service
E-mail bombs
E-mail sent 1000's of times till mailbox is full
Macros
Viruses

What is Software Firewall?

Software firewalls are installed on your computer.
Allowing you some control over protection of your computer.
They only protect the computer they are installed on, not a network.
More ideal for individual users or small businesses.

what are Advantages of software firewall?

Allow direct connection between client and host.
Ability to report to intrusion detection software.
Make intelligent decisions.
Configured to check for a known vulnerability.
Large amount of logging.
Ability to "understand" applications specific information structure.

what are Disadvantages of software firewall?

Slow down network access dramatically.
More susceptible to distributed denial of service (DDOS) attacks.
Not transparent to end users.
Require manual configuration of each client computer.

What are benefits of firewall?

Prevent intrusion.
Choke point for security audit.
Reduce attacks by hackers.
Hide network behind a single IP address.
Part of total network security policy.

What are port numbers?

The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151.
The Dynamic and/or Private Ports are those from 49152 through 65535.

What are some hardware firewall manufactures?

DLink, Linksys, CISCO

What are some software firewalls?

Zone alarm, Microsoft Windows Firewall, MacAfee Security Suite, Norton Security Suite.

Done with PPT 1

Next is PPT 2

what are Packets?

discrete blocks of data; basic unit of data handled by a network.

what's packet filter?

hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol.

What is filtering?

To control movement of traffic through the network perimeter.

Understanding Packets and Packet Filtering:

Packet filter inspects packet headers before sending packets on to specific locations within the network.
A variety of hardware devices and software programs perform packet filtering:
Routers: probably most common packet filters
Operating systems: some have built-in utilities to filter packets on TCP/IP stack of the server software.
Software firewalls: most enterprise-level programs and personal firewalls filter packets.

Anatomy of a Packet

Header:
Contains IP source and destination addresses.
Not visible to end users.
Data:
Contains the information that it is intending to send (e.g., body of an e-mail message).
Visible to the recipient.

Packet-Filtering Rules

Packet filtering: procedure by which packet headers are inspected by a router or firewall to make a decision on whether to let the packet pass.
Header information is evaluated and compared to rules that have been set up (Allow or Deny).
Packet filters examine only the header of the packet (application proxies examine data in the packet).

Packet-Filtering Rules (continued)

Drop all inbound connections; allow only outbound connections on Ports 80 (HTTP), 25 (SMTP), and 21 (FTP).
Eliminate packets bound for ports that should not be available to the Internet (e.g., NetBIOS).
Drop packets that use IP header source routing feature.

Packet-Filtering Rules (continued)

Set up an access list that includes all computers in the local network by name or IP address so communications can flow between them.
Allow all traffic between "trusted" hosts.
Set up rules yourself.

What are 2 packet filtering methods?

Stateless packet filtering
Stateful packet filtering

Stateless Packet Filtering

Determines whether to block or allow packets—based on several criteria—without regard to whether a connection has been established.
Also called static packet filtering.
Useful for completely blocking traffic from a subnet or other network.

Stateless Packet Filters

A border router configured to pass or reject packets based on information in the header of each individual packet.
-can theoretically be configured to pass/reject based on any field.
but usually done based on:
protocol type
IP address
TCP/UDP port
Fragment number
Source routing information

Filtering by TCP or UDP Port Number

Packet's source IP address.
Destination or target IP address.
Specify a protocol for the hosts to which you want to grant access.
IP protocol ID field in the header.

Problems with Stateless Filters

Effectiveness of stateless filters is limited due to:
They cannot check the payload of the packets.
-service related filtering can only be done by application level proxies.
They do not retain the state of the connections

Stateful Packet Filtering

Performs packet filtering based on contents of the data part of a packet and the header.
Filter maintains a record of the state of a connection; allows only packets that result from connections that have already been established.
More sophisticated and secure.
Has a rule base and a state table.

Filtering Based on Packet Content

Stateful inspection
Proxy gateway
Specialty firewall

Setting Specific Packet-Filter Rules

Rules to filter potentially harmful packets.
Rules to pass packets that you want to be passed through.

IP Chains

Stateless packet filter.
optionally built into the Linux kernel.
will pass or deny packets based on a rule set applied against IP header fields.
used in v 2.2 kernels, replaced by IPTables in 2.4 kernels.

IPChains Commands

Command Description

-A Add rule to chain
-D Delete rule from chain
-I Insert rule
-R Replace rule
-F Flush all rules
-L List all rules
-N Create new chain
-X Delete user defined chain
-P Set default target

IPChains Command Options

Command Option Description

-s Source address of packet
-d Destination address of packet
-i Interface packet is arriving from
-p Protocol
-j Target to send packet to
-y For -p tcp. Packet is SYN packet.
--icmp-type For -p icmp.
-l Log the packet to syslog.
/var/log/messages Available in Red Hat 6.0+ kernel

IPChains Targets

System targets Description
(policy)

ACCEPT Let packet through
DENY Deny packet
REJECT Deny packet and notify sender
MASQ Forward chain masquerade
REDIRECT Send to different port
RETURN Handled by default targets

IPChains- Chain Types

IP input chain
IP output chain
IP forwarding chain
User defined chains (just give it a new name instead of the built-in names: input, output or forward)

Done PPT 2

Next is PPT 3

Sets with similar terms

Network+ Chapter 8 Firewalls

30 terms

mike_marino9

Network+ Firewall facts 8.1.2

10 terms

Lee_DevineTEACHER

CP3302 - Chap6

23 terms

Marksy_010

CHP 7,8,9,10,11,12,13 FINAL

124 terms

hnguyen703

Sets found in the same folder

Chapter 8

33 terms

Twhitman85PLUS

Cryptography

7 terms

debianj

Section 6.2 Network Hardware

9 terms

Lexasaurus

2.5.3 Troubleshooting Overview Practice Questions

12 terms

Robert_Garcia1PLUS

Other sets by this creator

(40-60) 100 Core Java

20 terms

tri92

200 java questions

90 terms

tri92

Data Structures

50 terms

tri92

prolog 403

12 terms

tri92

Other Quizlet sets

RELIGION EXIT EXAM

87 terms

rhumm13PLUS

BIO 1330 Bergh Exam 1 (Chpt 1-6)

94 terms

Maria_Benavides7

Psyc 110 UL Romero test 4 (ch9 and 12)

48 terms

Veronica-grace

Related questions

QUESTION

. You are setting up a wireless network. Which wireless standards would give the users over 40Mbps throughput? (Choose three.)

3 answers

QUESTION

The seven basic clues for recognizing a Hazardous Materials (HazMat) incident are potential sources, container shapes, marking and colors, labels and placards, shipping papers and facility documents, monitoring and detection equipment, and:

15 answers

QUESTION

75. (029) When using a multimeter, which option should be used if the display is unreadable due to fluctuations?

7 answers

QUESTION

At the beginning of a telephone call placed through a Bluetooth headset with the Hands Free Profile, which device is initially the master? -

15 answers