Principals of Information Security 4th Edition Questions
Chapter 6 Questions
1. What is the typical relationship among the untrusted network, the firewall, and the trusted network? The relationship is that data is only limited to what firewalls allow via specific places called “ports”. There is the untrusted network on the outside, then the firewall which prevents unwanted or suspicious connections, and the trusted network is what lies within the bounds of the firewall. 2. What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets? A TCP Packet sends information, and reports back to the sender on progress to assure that information has been sent and received. UDP on the other hand is designed more for speed after establishing a connection and is used to strive for the fastest data retrieval rate as possible, but for this type of packet, it’s less important that it reports back. I don’t believe there will be specific transactions that involve both types of packets. But TCP is better for assuring that data is being received completely, but UDP focuses on assuring data is retrieved as quickly as possible. 3. How is an application layer firewall different from a packet-filtering firewall? Why is an application layer firewall sometimes called a proxy server? A packet-filtering firewall only allows “a particular packet with a particular source, destination, and port address to enter”. (POIS P.253) An application layer firewall is sometimes called a proxy server because it “runs special software that acts as a proxy for a service request” It is more to deal with outgoing connections and making connections within the DMZ zone of an organization. 4. How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security? Static filtering works with rules that are already designated or “developed and installed with the firewall” and only a person can change it, as software isn’t smart enough to determine if those connecting is authorized or not. However dynamic filtering of packets recognizes unauthorized patterns or connections that are unusual and immediately begins to block them or filter them. I believe that dynamic filtering is perceived to offer improved security, but unfortunately, if an attack is made to that firewall using a DDOS attack, the firewall would probably be overloaded and not be able to handle requests as it would keep having to add temporary IP restrictions and therefore limiting others from connecting. (POIS P.253) 5. What is stateful inspection? How is state information maintained during a network connection or transaction? Stateful inspection keeps “track of each network connection between internal and external systems on a state table.” This basically means any kind of traffic that goes through a stateful inspection firewall is monitored to where it came from and who used it. State information is maintained by looking at its state table, then refers to its access control logic to see whether it’s ok to let traffic occur. 6. What is a circuit gateway, and how does it differ from the other forms of firewalls? After reading this portion on Circuit Gateways several times, it isn’t exactly clear to me what a circuit gateway is, but it seems that it’s much like setting up a VPN within a network to transfer data between different portions of a company. It differs from other form of firewalls because it does no extra processing and scanning to make sure the information is ok to let through. There’s already a secure connection being established between an application on the outside of the network and the inside. 7. What special function does a cache server perform? Why is this useful for larger organizations? A cache server is a server that basically makes available frequently used pages. For example, big corporations use cache servers to make sure pages that they use to market their products are basically...
Please join StudyMode to read the full document