Homework Assignment I
Define, research and write an overview of the following:
Packet filtering firewalls
OSI layers they work at.
Network location placements
Overview of Packet filtering Firewalls
A packet-filtering firewall is a software or hardware firewall that is router and/or appliance based that is configured to monitor the incoming and outgoing packets. The packet-filtering firewall checks the information contained in the packets' TCP and IP headers based on which it accepts or denies packets. Most packet-filtering firewalls forward or deny a packet based on the packet's full association that consists of the Source address, the Destination address, the Application or protocol, the Source port number and the Destination port number. A packet-filtering firewall primarily operates only at the network layer or layer 3 of the OSI model.
• low cost and low impact on network performance
• By prohibiting connections between specific Internet sources and internal computers, a single rule in packet filtering can help protect an entire network • can be used to shield internal IP addresses from external users when used in conjunction with network address translation Disadvantages:
• Packet filter firewalls are less secure than application level firewalls because the packet filtering firewalls do not understand application layer protocols. • Packet filters do not inspect the payload of the packet. • Packet filtering firewalls cannot restrict access to protocol subsets for even the most basic services such as the PUT and ET commands in FTP • Packet filters are stateless since they do not keep application level information or information about a session • Packet filters have little or no audit event generation and alerting mechanisms
The “stateful” firewall provides protection during a VPN session and protects the computer running the VPN client from Internet attacks while the VPN Client is connected to a VPN Concentrator. When enabled, this feature allows no inbound sessions from all networks, regardless of whether a VPN connection is in effect. This means that if you have checked the “Stateful” Firewall (Always On) option, you have a firewall running on your machine AT ALL TIMES, regardless of whether or not you’re even running the VPN Client at that time. There are also two exceptions to allowing no inbound traffic. (1) DHCP Traffic IS Allowed Inbound: The “stateful” firewall will allow requests to the DHCP server to go out from one port and receive responses through a different port. (2) VPN Data IS Allowed Inbound: The “stateful” firewall allows VPN data traffic from the secure gateway. Generally The stateful firewall spends most of its cycles examining packet information in Layer 4 (transport) and lower. However, it also offers more advanced inspection capabilities by targeting vital packets for Layer 7 (application) examination, such as the packet that initializes a connection.
• More secure than regular packet filtering
• No need to write broad filter rules to allow return traffic. • Shorter rule base (single rule is enough to describe flow) • offers more advanced inspection capabilities by targeting vital packets for Layer 7 (application) examination, such as the packet that initializes a connection • Gain a performance boost by using a hash table vs using a rule based table that takes much more time. • Faster than proxy firewalls
• Performs application layer filtering to a certain degree
• its inability to monitor the content of allowed traffic (does not perform true content filtering) • the standard stateful firewall does not differentiate the type of traffic; it allows the traffic to pass as long as it is using one of the...