Fundamentals of Firewalls

Flashcards about firewalls and network security.

What is the primary function of a firewall?

To act as a barrier between a network and the outside world.

Name four methods firewalls use to provide security.

Packet filtering, stateful packet filtering, user authentication, and client application authentication.

How does a packet filter firewall work?

By monitoring incoming and outgoing packets, examining source/destination IP addresses, protocols, and ports, and dropping packets that don't fit the defined criteria.

What does a circuit level gateway monitor?

TCP and other network protocols to determine if a remote system/communication can be trusted.

What is the main advantage of a circuit level gateway in terms of security?

It helps prevent man-in-the-middle attacks and session hijacking.

How does stateful inspection work?

It keeps track of active network connections, analyzes incoming traffic, and looks for potential traffic and data risks at Layers 3 and 4 of the OSI model.

Match the firewall to description: Filters packets according to their intended use such as an HTTP request string.

Application Gateway

What capabilities does a Next-Generation Firewall (NGFW) offer?

Deep packet inspection, intrusion detection and prevention systems (IDPS), malware filtering, and antivirus.

What are the common packet filtering products?

Firestarter, Avast Internet Security, ZoneAlarm Firewall, and Comodo Firewall

Name three limitations or vulnerabilities of packet filtering firewalls.

No packet comparison, no authentication, and susceptibility to SYN and Ping flood attacks.

What are the three aspects that stateful packet inspection considers to protect from flood attacks?

If a packet is part of a larger stream, whether the source IP is within the firewall, and the content of the packet.

What is the primary function of an application gateway?

To examine the connection between the client and server applications, enabling administrators to specify allowed applications and provide user authentication.

What is a key security feature of a circuit level gateway?

Authenticating the user first before establishing a virtual circuit and hiding the internal client IP address from external users.

How do hybrid firewalls enhance security?

By combining multiple firewall approaches, such as SPI and circuit level gateways.

What are the common firewall implementations?

Network host-based, dual-homed host, router-based firewall, and screened host.

Name three ways to harden an OS for a network host-based firewall.

Ensure all patches are updated, uninstall unneeded applications/utilities, close unused ports, and turn off all unused services.

What is the purpose of a DMZ (Demilitarized Zone)?

To house web, email, and FTP servers between two firewalls, one facing the outside world and one facing the internal network.

What is a key advantage of using a router-based firewall?

Ease of setup and configuration, making it ideal for novice administrators.

What are the key functions of proxy servers?

Prevent the outside world from gathering information about the internal network, provides valuable log information, and can redirect certain traffic based on configuration.

What is the purpose of Network Address Translation (NAT)?

Translates internal IP addresses to public IP addresses.