Firewalls

1.     List three design goals for a firewall.

Ans: 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible, as explained later in this section. 2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of security policies, as explained later in this section. 3. The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating system.

2.     List four techniques used by firewalls to control access and enforce a security policy.

Ans: Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address and TCP port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service. Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. User control: Controls access to a service according to which user is attempting to access it. This feature is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic from external users; the latter requires some form of secure authentication technology, such as is provided in IPSec. Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam, or it may enable external access to only a portion of the information on a local Web server.

3.     What information is used by a typical packet filtering firewall?

Ans: Source IP address: The IP address of the system that originated the IP packet. Destination IP address: The IP address of the system the IP packet is trying to reach. Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET. IP protocol field: Defines the transport protocol. Interface: For a router with three or more ports, which interface of the router the packet came from or which interface of the router the packet is destined for.

4.     What are some weaknesses of a packet filtering firewall?

5.     What is the difference between a packet filtering firewall and a stateful inspection 
firewall?

Ans: A traditional packet filter makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context. A stateful inspection packet filter tightens up the rules for TCP traffic by creating a directory of outbound TCP connections. There is an entry for each currently established connection. The packet filter will now allow incoming traffic to high-numbered ports only for those packets that fit the profile of one of the entries in this directory