You
work as a Network Administrator for Net Perfect Inc. The company has a Linux-based network. You
need to configure a firewall for the company. The firewall should be able to keep track of the state
of network connections traveling across the network. Which of the following types of firewalls will
you configure to accomplish the task?
A.
Stateful firewall
B.
Host-based application firewall
C.
A network-based application layer firewall
D.
An application firewall
Explanation:
A stateful firewall is a firewall that keeps track of the state of network connections
(such as TCP streams, UDP communication) traveling across
it. The firewall is programmed to distinguish legitimate packets for different types of connections.
Only packets matching a known connection
state will be allowed by the firewall; others will be rejected.
Answer option B is incorrect. A host-based application firewall can monitor any application input,
output, and/or system service calls made
from, to, or by an application. This is done by examining information passed through system calls
instead of, or in addition to, a network stack.
A host-based application firewall can only provide protection to the applications running on the
same host.
An example of a host-based application firewall that controls system service calls by an application
is AppArmor or the Mac OS X application
firewall. Host-based application firewalls may also provide network-based application firewalling.
Answer option C is incorrect. A network-based application layer firewall, also known as a proxybased or reverse-proxy firewall, is a computer
networking firewall that operates at the application layer of a protocol stack. Application firewalls
specific to a particular kind of network trafficmay be titled with the service name, such as a Web application firewall. They may be implemented
through software running on a host or a
stand-alone piece of network hardware. Often, it is a host using various forms of proxy servers to
proxy traffic before passing it on to the
client or server. Because it acts on the application layer, it may inspect the contents of the traffic,
blocking specified content, such as certain
websites, viruses, and attempts to exploit known logical flaws in client software.
Answer option D is incorrect. An application firewall is a form of firewall that controls input, output,
and/or access from, to, or by an application
or service. It operates by monitoring and potentially blocking the input, output, or system service
calls that do not meet the configured policy
of the firewall. The application firewall is typically built to monitor one or more specific applications
or services (such as a web or database
service), unlike a stateful network firewall, which can provide some access controls for nearly any
kind of network traffic. There are two
primary categories of application firewalls:
Network-based application firewalls
Host-based application firewalls