Review Questions Chapter 6
- What is the typical relationship among the untrusted network, the firewall, and the trusted network?
Firewall acts as a barrier or a filter between the trusted and untrusted networks. The system administrators put a filter to let it check the data from untrusted networks and stop suspicious data from entering the trusted network.
- What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?
TCP and UDP perform two different functions. TCP is a transport protocol keeping records of the data transferred and notifying the sender about its status while. UDP in involved with the speed of the data and does not care about reporting back. I would prefer TCP personally. There is not transaction involved.
- How is an application layer firewall different from a packet-filtering firewall? Why an application layer firewall is sometimes called a proxy server?
Both are different because of the unique quality of the packet filtering firewall as it notices data packets for the destination, generated source etc. information. The application layer firewall may be incorporating software applications. These applications are incorporated to function as proxies which gives application layer firewall a name of proxy servers as well.
- How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?
Dynamic filtering has the capability to change its rules according to the packet transfer patterns while static filters has fixed rules. The ability of dynamic filtering to change with the changing circumstances make it more secure.
- What is stateful inspection? How is state information maintained during a network connection or transaction?
The stateful inspection is a tabular form of system connections information that is responsible for keeping track of external and internal network connections.
- What is a circuit gateway, and how does it differ from the other forms of firewalls?
Circuit gateway, unlike a firewall functions at the transport layer level which is used to prevent a direct connectivity between two different networks.
- What special function does a cache server perform? Why is this useful for larger organizations?
Cache servers are an important resource that saves precious bandwidth by storing the frequently used information that uses network bandwidth on the local cash server. When the user requires this information again, the cache server provides this information without a need to use the network resources to communicate with the actual source.
- Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.
In the OSI model, different firewalls act as the transport level to confront any external threats to the trusted network.
- What is a hybrid firewall?
Different firewalls can also be utilized to function in collaboration with each other, this kind of setup is called a hybrid firewall.
- List the five generations of firewall technology. Which generations are still in common use?
Static packet filtering, application level firewalls, inspection firewalls, dynamic packet filtering firewalls and kernel proxy are the five generations of firewall technology. In my opinion most of them are in the common use even today but depends on the situation and needs of the system security.
- How does a commercial-grade firewall appliance differ from a commercial-grade firewall system? Why is this difference significant?
Commercial grade firewall appliance is the hardware like a standalone computer and the software application. On the other hand a commercial grade firewall is referred to the actual software application.
- Explain the basic technology that makes Residential/SOHO firewall appliances effective in protecting a local network. Why is this usually adequate for protection?
The routers that connect computers to the internet are referred to as Residential/SOHO appliances. Their function is to get data from the internet network and filter the data. They are just like stateful firewalls.
- What key features point up the superiority of Residential/SOHO firewall appliances over personal computer-based firewall software?
When internet data hits the computer the first line of defense are the Residential/SOHO firewalls. The firewall computers are the second line of defense.
- How do screened host architectures for firewalls differ from screened subnet firewall architectures? Which of these offers more security for the information assets that remain on the trusted network?
Screened host architectures provide a dedicated firewall while screen subnet architectures provides a DMZ which is more secure.
- What is a sacrificial host? What is a bastion host?
A sacrificial host is defending the network without firewall while a bastion has a firewall. Both are in the frontline to the outer data entering the trusted network.
- What is a DMZ? Is this really an appropriate name for the technology, considering the function this type of subnet performs?
This is a military term incorporated into network security. It stands for demilitarized zone and is a space where the existence of a trusted network is decided.
- What are the three questions that must be addressed when selecting a firewall for a specific organization?
The effectiveness of the firewall compared to its cost, its future reliability in accordance to growing network demands and what is not included in the firewall package are the three fundamental enquiries to be made.
- What is RADIUS? What advantage does it have over TACACS?
It is a kind of identity assurance check for the users who want to become involved with a network. It is a widely supported identity check strategy as compared to TACACS.
- What is a content filter? Where is it placed in the network to gain the best result for the organization?
A content filter should be placed between the trusted and untrusted network. This filter empowers the administrator to limit access to the content of a specific network.
- What is a VPN? Why is it becoming more widely used?
Virtual Private Network or VPN is a security tool that is used on internet to connect to a private network and make a virtual network. It is becoming more widely used due to the fact that companies can make a virtual network between different of its distinct networks physically away from each other.