Firewall Flashcards Preview

UCT - Phase 2, Block 2 (DCO) > Firewall > Flashcards

Flashcards in Firewall Deck (20)
Loading flashcards...

What is a computer program or hardware device that is designed to block unauthorized access while permitting authorized communications based on a set of rules and other criteria



Firewalls emerged in the 1980's as a result of several high-profile breaches. What device did they evolve from?

From simple ACLs on Routers


Whats are the four basic firewall security designs?

- Packet
- Stateful Inspection
- Application Layer
- Hybrid


Which type of firewall is used on modern networks?



Which type of firewall is the simplest and filters packets based on a comparison of packet contents with filters in its rules?

Packet Filtering


Which type of firewall is essentially a packet-filtering design except that the system creates and maintains a session table to ensure every packet is part of a valid connection.

Stateful Inspection


Which type of firewall acts as a server to the internal client, but acts like a client to the external server? It is commonly referred to as a proxy firewall.

Application Layer


Hybrid firewalls can analyze traffic that is passed/dropped at what layers of the OSI model?

Layer 3 – Network Layer
Layer 4 – Transport Layer
Layer 7 – Application Layer


Whats is the Air Force's enterprise firewall solution?

McAfee Sidewinder (appliance-based firewall)


What does Sidewinder call logical network partitions or zones? These are used by Type Enforcement to isolate networks of different regions of trust or security.

Burbs (they allow assignment to any interface on the firewall without modifying multiple rules)


What is the implementation of Mandatory Access Controls and is based on the principle of least privilege?

Type Enforcement


DNS can be handled in three different ways on Sidewinder, what are they?

- Transparent
- Single Server
- Split Server


In what DNS function does Sidewinder not act upon DNS queries, instead it passes DNS from internal to external if there is a rule for it. The system does not cache any queries nor participate in the DNS stream.



In what Sidewinder DNS function are all DNS records on the firewall handled by a single server for all interfaces (not entirely secure)

Single Server


In what DNS function does Sidewinder have two separate servers on the firewall. The Internet server is only for the Internet burb and its queries. The Unbound server is for all other burbs. (The most secure method)

Split Server


(T/F) Sidewinder does not have the ability to perform time synchronization.

False. Sidewinder can function as an NTP server on any interface.


Sidewinder can be managed with a GUI or a command line interface. What are the advantages of using CLI?

- More powerful
- Direct interface
- Can affect multiple things at once
- Less steps/effective immediately


In what order are rules stored and processed in Sidewinder?

Rules are stored numerically ("First match, not "Best match")


What are the 7 types of objects that can be created in Sidewinder?

- Domain
- Geo-location
- Host
- IP Address
- IP Range
- Netmap
- Subnet


TCPDump output: Which is the Source IP and which is the Destination IP in the SYN/ACK packet?

13:02:52.538242 > S 1770561188:1770561188(0) win 16384 (DF)

13:02:52.639065 > S 2757318732:2757318732(0) ack 1770561189 win 64240 (DF)

13:02:52.639086 > . ack 1 win 16560 (DF)