Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only SGD 41.99/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (49)
What is firewall?
Providing a secured access b/t two networks. Standalone hardware device
What are two types of firewall?
Hardware firewall
and software firewall.
Mode of Operation
A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
General Firewall Features
Port Control
Network Address Translation
Application Monitoring (Program Control)
Packet Filtering
Data
encryption
Reporting/logging
e-mail virus protection
Pop-up ad blocking
Spy ware protection etc.
Negative effects of firewall
Traffic bottlenecks - By forcing all network traffic to pass through the firewall, there is a greater chance that the network will become congested.
Single point of failure - . In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be allowed through.
Increased management responsibilities - A firewall often adds to network management responsibilities and makes network troubleshooting more complex
Viruses and Firewalls
Firewalls cannot protect against viruses, so Anti-Virus software is needed for that purpose.
MacAfee and Norton provide complete protection. Zone Alarm
pro contain limited virus protection features.
what are 2 firewall layers of operation?
Network Layer and Application Layer.
Network Layer
Makes decision based on the source, destination addresses, and ports in individual IP packets.
Based on routers.
Has the ability to perform static and dynamic packet filtering and
stateful inspection.
Filtering is done by the network layer or the transport layer (3rd layer and 4th)
What is the differences b/t static & Dynamic Filtering?
Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports.
Source IP, Destination IP, TCP/UDP
Offers little protection.
Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
What is stateful inspection?
Compares certain key parts of the packet to a database of trusted information.
Incoming information is compared to outgoing information characteristics.
Information is allowed through only If comparison yields a reasonable match.
What is Application Layer?
They
are generally, hosts running proxy servers which perform logging and auditing of traffic through the network.
Logging and access control are done through software components.
What is proxy services?
An application that mediates traffic between a protected network and the Internet.
Able to understand the application protocol being utilized and implement protocol specific security.
Application protocols
include: FTP, HTTP, Telnet etc.
what is a hardware firewall?
It is just a software firewall running on a dedicated piece of hardware or specialized device.
Basically, it is a barrier to keep destructive forces away from your property.
You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
What does hardware firewall do?
It is a hardware device that filters the information coming through the internet connection into your private network or computer system.
An incoming packet of information is flagged by the filters, it is not allowed through.
What do firewalls use?
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
Packet filtering
Proxy service
State-full inspection
What's packet filtering
Packets are analyzed against a set of filters.
Whats proxy service?
Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
Whats state-full inspection?
It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
What does hardware firewall protects you from?
Remote logins
Application backdoors
SMTP session
hijacking
E-mail Addresses
Spam
Denial of service
E-mail bombs
E-mail sent 1000's of times till mailbox is full
Macros
Viruses
What is Software Firewall?
Software firewalls are installed on your computer.
Allowing you some control over protection of your computer.
They only protect the computer they are installed on, not a network.
More ideal for individual users or small
businesses.
what are Advantages of software firewall?
Allow direct connection between client and host.
Ability to report to intrusion detection software.
Make intelligent decisions.
Configured to check for a known vulnerability.
Large amount of logging.
Ability to "understand" applications specific information structure.
what are Disadvantages of software firewall?
Slow down network access dramatically.
More susceptible to distributed denial of service (DDOS) attacks.
Not transparent to end users.
Require manual configuration of each client computer.
What are benefits of firewall?
Prevent intrusion.
Choke point for security audit.
Reduce attacks by hackers.
Hide network behind a single IP
address.
Part of total network security policy.
What are port numbers?
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151.
The Dynamic and/or Private Ports are those from 49152 through 65535.
What are some hardware firewall manufactures?
DLink, Linksys, CISCO
What are some software firewalls?
Zone alarm, Microsoft Windows Firewall, MacAfee Security Suite, Norton Security Suite.
Done with PPT 1
Next is PPT 2
what are Packets?
discrete blocks of data; basic unit of data handled by a network.
what's packet filter?
hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol.
What is filtering?
To control movement of traffic through the network perimeter.
Understanding Packets and Packet Filtering:
Packet filter inspects packet headers before sending packets on to specific locations within the network.
A variety of hardware devices and software programs perform packet filtering:
Routers: probably most common packet filters
Operating systems: some have built-in utilities to filter packets on TCP/IP stack of the server software.
Software firewalls: most enterprise-level programs and personal firewalls filter packets.
Anatomy of a Packet
Header:
Contains IP source and destination addresses.
Not visible to end users.
Data:
Contains the information that it is intending to send (e.g., body of an e-mail message).
Visible to the recipient.
Packet-Filtering Rules
Packet filtering: procedure by which packet headers are inspected by a router or
firewall to make a decision on whether to let the packet pass.
Header information is evaluated and compared to rules that have been set up (Allow or Deny).
Packet filters examine only the header of the packet (application proxies examine data in the packet).
Packet-Filtering Rules (continued)
Drop all inbound connections; allow only outbound connections on Ports 80 (HTTP), 25 (SMTP), and 21
(FTP).
Eliminate packets bound for ports that should not be available to the Internet (e.g., NetBIOS).
Drop packets that use IP header source routing feature.
Packet-Filtering Rules (continued)
Set up an access list that includes all computers in the local network by name or IP address so communications can flow between them.
Allow all traffic between "trusted" hosts.
Set up rules
yourself.
What are 2 packet filtering methods?
Stateless packet filtering
Stateful packet filtering
Stateless Packet Filtering
Determines whether to block or allow packets—based on several criteria—without regard to whether a connection has been established.
Also called static packet filtering.
Useful for completely
blocking traffic from a subnet or other network.
Stateless Packet Filters
A border router configured to pass or reject packets based on information in the header of each individual packet.
-can theoretically be configured to pass/reject based on any field.
but usually done based on:
protocol type
IP address
TCP/UDP port
Fragment number
Source routing information
Filtering by TCP or UDP Port Number
Packet's source IP address.
Destination or target IP address.
Specify a protocol for the hosts to which you want to grant access.
IP protocol ID field in the header.
Problems with Stateless Filters
Effectiveness of stateless filters is limited due to:
They cannot check the payload of the
packets.
-service related filtering can only be done by application level proxies.
They do not retain the state of the connections
Stateful Packet Filtering
Performs packet filtering based on contents of the data part of a packet and the header.
Filter maintains a record of the state of a connection; allows only packets that result from connections that have already been established.
More
sophisticated and secure.
Has a rule base and a state table.
Filtering Based on Packet Content
Stateful inspection
Proxy gateway
Specialty firewall
Setting Specific Packet-Filter Rules
Rules to filter potentially harmful packets.
Rules to pass packets that you want to be passed through.
IP Chains
Stateless packet filter.
optionally built into the Linux kernel.
will pass or deny packets based on a rule set applied against IP header fields.
used in v 2.2 kernels, replaced by IPTables in 2.4 kernels.
IPChains Commands
Command Description
-A Add rule to chain
-D Delete rule from chain
-I Insert rule
-R Replace
rule
-F Flush all rules
-L List all rules
-N Create new chain
-X Delete user defined chain
-P Set default target
IPChains Command Options
Command Option Description
-s Source address of packet
-d Destination address of packet
-i Interface packet is arriving from
-p Protocol
-j Target to send packet to
-y For -p tcp. Packet is SYN packet.
--icmp-type For -p icmp.
-l
Log the packet to syslog.
/var/log/messages Available in Red Hat 6.0+ kernel
IPChains Targets
System targets Description
(policy)
ACCEPT Let packet through
DENY Deny packet
REJECT Deny packet and notify sender
MASQ Forward chain masquerade
REDIRECT Send to different port
RETURN Handled by default targets
IPChains- Chain Types
IP input chain
IP output chain
IP forwarding chain
User defined chains (just give it a new name instead of the built-in names: input, output or forward)
Done PPT 2
Next is PPT 3
Sets with similar termsNetwork+ Chapter 8 Firewalls
30 terms
mike_marino9
Network+ Firewall facts 8.1.2
10 terms
Lee_DevineTEACHER
CP3302 - Chap6
23 terms
Marksy_010
CHP 7,8,9,10,11,12,13 FINAL
124 terms
hnguyen703
Sets found in the same folderChapter 8
33 terms
Twhitman85PLUS
Cryptography
7 terms
debianj
Section 6.2 Network Hardware
9 terms
Lexasaurus
2.5.3 Troubleshooting Overview Practice Questions
12 terms
Robert_Garcia1PLUS
Other sets by this creator(40-60) 100 Core Java
20 terms
tri92
200 java questions
90 terms
tri92
Data Structures
50 terms
tri92
prolog 403
12 terms
tri92
Other Quizlet setsRELIGION EXIT EXAM
87 terms
rhumm13PLUS
BIO 1330 Bergh Exam 1 (Chpt 1-6)
94 terms
Maria_Benavides7
Psyc 110 UL Romero test 4 (ch9 and 12)
48 terms
Veronica-grace
Related questionsQUESTION
. You are setting up a wireless network. Which wireless standards would give the users over 40Mbps throughput? (Choose three.)
3 answers
QUESTION
The seven basic clues for recognizing a Hazardous Materials (HazMat) incident are potential sources, container shapes, marking and colors, labels and placards, shipping papers and facility documents, monitoring and detection equipment, and:
15 answers
QUESTION
75. (029) When using a multimeter, which option should be used if the display is unreadable due to fluctuations?
7 answers
QUESTION
At the beginning of a telephone call placed through a Bluetooth headset with the Hands Free Profile, which device is initially the master? -
15 answers