You
work as a Network Administrator for company Inc. The company has deployed an ASA at the
network perimeter. Which of the following types of firewall will you use to create two different
communications, one between the client and the firewall, and the other between the firewall and
the end server?
A.
Stateful firewall
B.
Endian firewall
C.
Packet filter firewall
D.
Proxy-based firewall
Explanation:
A proxy-based firewall running either on a dedicated hardware or as software on a
general-purpose machine responds to input packets in the
manner of an application, whilst blocking other packets.
Proxies make tampering with an internal system from the external network more difficult and
misuse of one internal system would not
necessarily cause a security breach exploitable from outside the firewall. Conversely, intruders may
hijack a publicly-reachable system and useit as a proxy for their own purposes; the proxy then masquerades as that system to other internal
machines. While use of internal address
spaces enhances security, attackers may still employ methods such as IP spoofing to attempt to pass
packets to a target network. The proxy
firewall functions by maintaining two separate conversations, which are as follows:
One between the client and the firewall
One between the firewall and the end server
Answer options C, A, and B are incorrect. These firewalls do not function by creating two different
communications.
A packet filter firewall is the basic system first generation firewall, which is a highly evolved and
technical internet security feature now a days.
Packet filters act by inspecting the “packets” which represent the basic unit of data transfer between
computers on the Internet. If a packet
matches the packet filter’s set of rules, the packet filter will drop the packet, or reject it (discard it,
and send “error responses” to the source).
This type of packet filtering pays no attention to whether a packet is part of an existing stream of
traffic (it stores no information on
connection “state”). Instead, it filters each packet based only on information contained in the packet
itself (most commonly using a
combination of the packet’s source and destination address, its protocol, and, for TCP and UDP
traffic, the port number).
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP
streams, UDP communication) traveling across
it. The firewall is programmed to distinguish legitimate packets for different types of connections.
Only packets matching a known connection
state will be allowed by the firewall; others will be rejected.
The Endian Firewall is an open source Linux distribution that specializes on Routing/Firewalling and
Unified Threat Management. It is being
developed by the Italian Endian Srl and the community. Endian is originally based on IPCop, which
itself was a fork of Smoothwall, but is now
based on Linux From Scratch.