Create New Article

Wiki Search

Personal tools


From Proprofs


You are here: Home > Schools > Comptia > Security+ Certification > Wiki Home > Study Guide

Security+ Study Guide


Table Of Contents


[edit section] Firewalls

As we continue to skip about in our lesson plans, we have now arrived at the subject of firewalls. Firewalls are one of the most thoroughly misunderstood concepts around in networking and security today. It is your duty to dispel some of the most common misconceptions about firewalls not just for the purpose of passing the Security+ exam but also for the sake of the information security community!

[edit section] What is a Firewall?

A firewall is any hardware or software designed to prevent unwanted network traffic. Some firewalls are simplistic in nature; in fact, many people use NAT devices as firewalls as they do effectively prevent direct incoming connections to hosts behind the NAT. Other firewalls are intricate operations, based on whitelists and blacklists, rules, and alerts. What all firewalls have in common, however, is an ability to block incoming traffic that may be deemed harmful.

Image:Gateway firewall2.png

Simple diagram of a firewall

[edit section] Types of Firewalls

Because the definition of a firewall (at least as given above) is somewhat generalized, it is hard to define the general actions and methods of firewalls. Instead, we look at the ways different types of firewalls work. Each type of firewall has abilities, advantages, and drawbacks; to do well on the Security+ exam, you should understand these.

[edit section] Packet Filtering Firewall

A packet filtering firewall polices traffic on the basis of packet headers. IP, UDP, TCP, and even ICMP have enough header information for a packet filtering firewall to make an informed decision as to whether to accept or reject that packet. You can think of a packet filtering firewall as a bouncer at a party. The bouncer may have a list of people that are allowed to come in (a whitelist) or a list of people to specifically exclude (a blacklist). The bouncer may even check a guest’s identification to assure that the guest is above 18. Similarly, a packet filtering firewall simply inspects the source and destination of traffic in making a decision on whether to allow the packet to pass through. For example, some traffic may be addressed to a sensitive recipient and would therefore be blocked.

A packet filtering firewall can also filter traffic on the basis of port numbers. For example, many companies now block traffic on port 27374 because it is well-known to be a port used by the Trojan horse “SubSeven.”

Note that a packet filtering firewall basically operates through a special ACL (access control list) in which both the white and black list of IP addresses and port numbers are listed. In essence, this firewall operates at the Network and Transport layers of the OSI Model. This model is notable for its simplicity, speed, and transparency – however, traffic is not inspected for malicious content. In addition, IP addresses and DNS addresses can be hidden or “spoofed,” as discussed in the Attacks lesson.

[edit section] Circuit-Level Gateway

A circuit-level gateway is a type of firewall that operates on the Session layer of the OSI model. Instead of inspecting packets by header/source or port information, it instead maintains a connection between two hosts that is approved to be safe. This is something akin to a parent who approves the people that their children can speak with on the phone once they trust those people. In this scenario, the parent does not have to listen into the conversation because they know they can trust the two communicating children. Similarly, a circuit-level gateway establishes a secure connection between two hosts that have been authenticated and trust each other.

[edit section] Application-Level Gateway

As the name suggests, an application-level gateway operates in the Application layer of the OSI model and actively inspects the contents of packets that are passed through to the gateway. It is for this reason that application-level gateways are considered the most secure as they can actively scan for malformed packets or malicious content. Think of an application-level gateway as the eavesdropping parent. An eavesdropping parent has the most complete knowledge of his or her child’s activities because he or she can listen into all of the child’s conversations. An application-level gateway does have drawbacks, however, including speed and routing problems. Application-level gateways are notorious for the amount of time it can take to inspect packets.

A special kind of application-level gateway is a proxy server, which is a server that serves as the “middle man” between two hosts that wish to communicate. In the proxy server model, the host wishing to communicate sends a packet to the application-level gateway (proxy server), which then makes the decision whether to forward the packet to the intended recipient or to deny the request to send the packet.

[edit section] Quick Review

1. Your manager wishes to implement some kind of device that would reject traffic from online gambling sites and other distractions. Which of the following devices would be most effective in achieving this solution?

a. Packet Filtering Firewall with NAT

b. Circuit-Level Gateway with ESP

c. Application-Level Gateway in the form of a Proxy Server

d. Circuit-Level Gateway with TLS

2. Which of the following is not a reason to implement a firewall?

a. To limit the number of malicious packets sent to the network

b. To reduce extraneous traffic that is deemed undesirable

c. To limit a particular host’s access to the Internet

d. To improve network throughput

3. Which of the following is true of a packet filtering firewall?

a. It implements an ACL

b. It inspects the contents of packets being filtered

c. It does not read the headers

d. None of the above

[edit section] Answers

1. Only an application-level gateway can actually inspect the contents of individual packets, so the answer must be C.

2. Although network throughput could ostensibly improve as a result of implementing a firewall, it would not typically be reason to implement one and in most cases, a firewall acts as a bottleneck to network traffic. The answer is D.

3. In order for a packet filtering firewall to operate, it must have a list of all of the allowable or disallowable hosts to evaluate based on header information. The answer is A.

<<                              Table Of Contents                               Next Page>>>

Top 5 Contributors to this article

UsersArticle Contributions
Proprofs 5 contribs
Jbrown 1 contribs
cornelius 1 contribs

Home  |  Site Map  |  Contact
Copyright © 2005-2014 - Privacy & Terms