Deck 12: Firewalls

Packet filters tend to be more secure than application level gateways.

The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header.

A firewall may not act as a packet filter.

_________ can be an effective means of protecting a local system or network of systems from network based security threats while at the same time affording access to the outside world via wide area networks and the Internet.

The firewall cannot fully protect against internal threats.

Firewall functionality can also be implemented as a software module in a router or LAN switch.

A circuit level proxy can be a stand alone system or it can be a specialized function performed by an application level gateway for certain applications.

A stateful packet inspection firewall reviews the same packet information as a packet filtering firewall but also records information about TCP connections.

A firewall may be designed to operate as a filter at the level of IP packets or may operate at a higher protocol layer.

An example of application level gateway implementation is the SOCKS package.

Packet filter firewalls examine upper layer data therefore they can prevent attacks that employ application specific vulnerabilities or functions.

The external firewall adds more stringent filtering capability in order to protect enterprise servers and workstations from external attack.

Due to the small number of variables used in access control decisions packet filter firewalls are susceptible to security breaches caused by improper configurations.

The direction control determines the types of Internet services that can be accessed, inbound or outbound.

A _________ sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.Once the two connections are established TCP segments from one connection are relayed to the other without examining the contents.

A _________ packet firewall tightens up the rules for TCP traffic by creating a directory of outbound TCP connections.There is an entry for each currently established connection and the packet filter will now allow incoming traffic to high numbered ports only for those packets that fit the profile of one of the entries in this directory.

Four types of firewalls are: Packet filtering, stateful inspection, circuit level proxy and _________ .

A _________ forms a barrier through which the traffic going in each direction must pass and dictates which traffic is authorized to pass.

A __________ attack is where the source station specifies the route that a packet should take as it crosses the Internet in the hopes that this will bypass security measures that do not analyze the source routing information.

Common for large businesses and government organizations, the _________ configuration sandwiches the DMZ between bastion firewalls.

A _________ firewall configuration involves stand alone firewall devices plus host based firewalls working together under a central administrative control.

The four general techniques that firewalls use to control access and enforce the site's security policy are: service control, direction control, user control, and __________ control.

The default _________ policy increases ease of use for end users but provides reduced security because the security administrator must, in essence, react to each new security threat as it becomes known.

Typically serving as a platform for an application level or circuit level gateway, a ________ is a system identified by the firewall administrator as a critical strong point in the network's security.

Between an internal firewall and an external firewall are one or more networked devices in a region referred to as a _________ .Systems that are externally accessible but need some protection are usually located in this area.

A ________ is a single firewall device between an internal and external router.The firewall may implement stateful filters and/or application proxies.This is the typical firewall appliance configuration for small to medium sized organizations.

_________ firewalls include personal firewall software and firewall software on servers.Such firewalls can be used alone or as part of an in-depth firewall deployment.

A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and that make use of encryption and special protocols to provide security.

A ________ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.