Flashcards in Firewall Deck (20)
What is a computer program or hardware device that is designed to block unauthorized access while permitting authorized communications based on a set of rules and other criteria
Firewalls emerged in the 1980's as a result of several high-profile breaches. What device did they evolve from?
From simple ACLs on Routers
Whats are the four basic firewall security designs?
- Stateful Inspection
- Application Layer
Which type of firewall is used on modern networks?
Which type of firewall is the simplest and filters packets based on a comparison of packet contents with filters in its rules?
Which type of firewall is essentially a packet-filtering design except that the system creates and maintains a session table to ensure every packet is part of a valid connection.
Which type of firewall acts as a server to the internal client, but acts like a client to the external server? It is commonly referred to as a proxy firewall.
Hybrid firewalls can analyze traffic that is passed/dropped at what layers of the OSI model?
Layer 3 – Network Layer
Layer 4 – Transport Layer
Layer 7 – Application Layer
Whats is the Air Force's enterprise firewall solution?
McAfee Sidewinder (appliance-based firewall)
What does Sidewinder call logical network partitions or zones? These are used by Type Enforcement to isolate networks of different regions of trust or security.
Burbs (they allow assignment to any interface on the firewall without modifying multiple rules)
What is the implementation of Mandatory Access Controls and is based on the principle of least privilege?
DNS can be handled in three different ways on Sidewinder, what are they?
- Single Server
- Split Server
In what DNS function does Sidewinder not act upon DNS queries, instead it passes DNS from internal to external if there is a rule for it. The system does not cache any queries nor participate in the DNS stream.
In what Sidewinder DNS function are all DNS records on the firewall handled by a single server for all interfaces (not entirely secure)
In what DNS function does Sidewinder have two separate servers on the firewall. The Internet server is only for the Internet burb and its queries. The Unbound server is for all other burbs. (The most secure method)
(T/F) Sidewinder does not have the ability to perform time synchronization.
False. Sidewinder can function as an NTP server on any interface.
Sidewinder can be managed with a GUI or a command line interface. What are the advantages of using CLI?
- More powerful
- Direct interface
- Can affect multiple things at once
- Less steps/effective immediately
In what order are rules stored and processed in Sidewinder?
Rules are stored numerically ("First match, not "Best match")
What are the 7 types of objects that can be created in Sidewinder?
- IP Address
- IP Range