You
work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network. You
want to use a firewall that can track the state of active connections of the network and then
determine which network packets are allowed to enter through the firewall. Which of the following
firewalls has this feature?
A.
Stateful packet inspection firewall
B.
Proxy-based firewall
C.
Dynamic packet-filtering firewall
D.
Application gateway firewall
Explanation:
A dynamic packet-filtering firewall is a fourth generation firewall technology. It is also
known as a stateful firewall. The dynamic packet-filtering
firewall tracks the state of active connections and then determines which network packets are
allowed to enter through the firewall. It records
session information such as IP addresses and port numbers to implement a more secure network.
The dynamic packet-filtering firewall
operates at Layer3, Layer4, and Layer5.
Answer option D is incorrect. An application gateway firewall applies security mechanisms to
specific applications, such as FTP and Telnet
servers. This is very effective, but can impose performance degradation. It allows customized NAT
traversal filters to be plugged into the
gateway to support address and port translation for certain application layer “control/data”
protocols such as FTP, BitTorrent, SIP, RTSP, file
transfer in IM applications, etc. It works on the application layer.
Answer option A is incorrect. Stateful packet inspection (SPI) is a firewall that keeps track of the
state of network connections (such as TCP
streams, UDP communication) traveling across it. The firewall is programmed to distinguish
legitimate packets for different types of
connections. Only packets matching a known connection state will be allowed by the firewall; others
will be rejected.
Answer option B is incorrect. A proxy-based firewall running either on a dedicated hardware or as
software on a general-purpose machine
responds to input packets in the manner of an application, whilst blocking other packets.
Proxies make tampering with an internal system from the external network more difficult and
misuse of one internal system would not
necessarily cause a security breach exploitable from outside the firewall. Conversely, intruders may
hijack a publicly-reachable system and useit as a proxy for their own purposes; the proxy then masquerades as that system to other internal
machines. While use of internal address
spaces enhances security, attackers may still employ methods such as IP spoofing to attempt to pass
packets to a target network. The proxy
firewall functions by maintaining two separate conversations, which are as follows:
One between the client and the firewall
One between the firewall and the end server
Isn’t Dynamic Packet Filtering just another name for Stateful Packet Inspection?