Chapter 6 Review Questions/Answers
- What is the typical relationship among the untrusted network, the firewall, and the trusted network?
Firewall regulates data between an untrusted and trusted networks. The data enters from an untrusted network to a firewall and the firewall filters the data, preventing suspicion data from entering the network.
- What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?
A TCP send a data packet and then reports back to the sender about the status of the transfer while UDP is more interested in speed and does not report back to the sender. I don’t think so that there would be any specific transaction usually involving both TCP and UDP. I would personally prefer TCP.
- How is an application layer firewall different from a packet-filtering firewall? Why is an application layer firewall sometimes called a proxy server?
A packet filtering firewall checks packets for the allowed destination, source and port address information. An application layer firewall may be called a proxy server because it utilizes some software application that act as proxies.
- How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?
Static filtering has are installed with specific rules while dynamic filtering is perceived a more secure as they are intelligent and can amend the rules by themselves.
- What is stateful inspection? How is state information maintained during a network connection or transaction?
Stateful inspection keeps an eye on external and internal connections to a network. It keeps track of the system by keeping a table of the states.
- What is a circuit gateway, and how does it differ from the other forms of firewalls?
A circuit gateway operates at the transport layer level. It is used to prevent direct connection between two different networks.
- What special function does a cache server perform? Why is this useful for larger organizations?
A cache server stores frequently used web pages and returns them on user request from the local computer. It saves internet bandwidth for organization and provides a quick loading of the cached pages.
- Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.
These firewalls include packet filtering, dynamic filtering, static filtering and stateful inspection filtering. They work on transport level and prevent the network from external threats.
- What is a hybrid firewall?
A hybrid firewall is that kind of firewall that is used to combine other kinds of firewall like packet filtering firewall and proxy servers firewalls.
- List the five generations of firewall technology. Which generations are still in common use?
Five generation for firewall technology are, static packet filtering, application level firewalls, inspection firewalls, dynamic packet filtering firewalls and kernel proxy. Almost all of them are in common use depending on the needs of a network.
- How does a commercial-grade firewall appliance differ from a commercial-grade firewall system? Why is this difference significant?
Firewall appliances may feature as a general computer and is a standalone combination of computing hardware and software while a commercial grade firewall system is the actual software application that runs on a general purpose computer.
- Explain the basic technology that makes residential/SOHO firewall appliances effective in protecting a local network. Why is this usually adequate for protection?
Residential/SOHO firewall appliances are commonly known as broadband routers or modems and are used in many homes and offices around the world. They act as a stateful firewall and control traffic from the internet world that is transferred between the host compute and the internet service provider.
- What key features point up the superiority of residential/SOHO firewall appliances over personal computer-based firewall software?
Residential/SOHO firewall appliances are superior to personal computer based firewalls because they are the first line of defense to external threat. They have the capability to restrict specific MAC addresses.
- How do screened host architectures for firewalls differ from screened subnet firewall architectures? Which of these offers more security for the information assets that remain on the trusted network?
Screen subnet firewalls are considered more secure than screened host architectures. They provide a DMZ while a screened host architecture provides a kind of dedicated firewall.
- What a sacrificial host? What is a bastion host?
Both of them function similar. Both are in the front line to an untrusted network. Bastion host has a separate dedicated firewall while a sacrificial host is defending the network on its own.
- What is a DMZ? Is this really an appropriate name for the technology, considering the function this type of subnet performs?
It is short for Demilitarized Zone. It acts as space is the zone where the fight for the trusted network is conducted.
- What are the three questions that must be addressed when selecting a firewall for a specific organization?
The three questions are: 1. is it cost effective? 2. What is included in the base price and what is not included? and 3. Will it be able to meet growing organization security requirements?
- What is RADIUS? What advantage does it have over TACACS?
RADIUS is a check for the identity of anyone who wishes to enter the system. RADIUS is widely supported by a variety of applications as compared to TACACS.
- What is a content filter? Where is it placed in the network to gain the best result for the organization?
A content filter gives the administrator the power to restrict access to the content on a network. It is based inside the trusted network.
- What is a VPN? Why is it becoming more widely used?
VPN is a virtual private network which is widely used for network security on the internet with encryption and IPsec techniques.