You are on page 1of 4

Answer to Tutorial 8 Information Security

1. What is the typical relationship among the untrusted network, the rewall, and the trusted network? Answer: The untrusted network is usually the Internet or another segment of public access network while the trusted network is typically a privately owned network. The rewall serves as a mechanism to lter trac from the untrusted network that comes into the trusted network to gain some assurance that that trac is legitimate. 2. What is the relationship between a TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) packet? Will any specic transaction usually involve both types of packets? Answer: UDP packets are, by design, connectionless. TCP packets usually involve the creation of a connection from one host computer to another. It would be unusual for a single transaction to involve both TCP and UPD ports. 3. How is an application layer rewall dierent from a packet ltering rewall? Why is an application layer rewall sometimes called a proxy server? Answer: The application layer rewall takes into consideration the nature of the applications that are being run (the type and timing of the network connection requests, the type and nature of the trac that is generated) whereas the packet ltering rewall simply looks at the packets as they are transferred. The application rewall is also known as a proxy server, since it runs special software that acts as a proxy for a service request. 4. How is static ltering dierent from dynamic ltering of packets? Which is perceived to oer improved security? Answer:

Static ltering requires that the ltering rules governing how the rewall decides which packets are allowed and which are denied are developed and installed. This type of ltering is common in network routers and gateways. Dynamic ltering allows the rewall to react to an emergent event and update or create rules to deal with the event. This reaction could be positive, as in allowing an internal user to engage in a specic activity upon request, or negative, as in dropping all packets from a particular address when an increase in the presence of a particular type of malformed packet is detected. While static ltering rewalls allow entire sets of one type of packet to enter in response to authorized requests, the dynamic packet ltering rewall allows only a particular packet with a particular source, destination, and port address to enter through the rewall. 5. What is stateful inspection? How is state information maintained during a network connection or transaction? Answer: Stateful inspection rewalls, also called stateful rewalls, keep track of each network connection between internal and external systems using a state table. A state table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. Like rst generation rewalls, stateful inspection rewalls perform packet ltering, but they take it a step further. Whereas simple packet ltering rewalls only allow or deny certain packets based on their address, a stateful rewall can block incoming packets that are not responses to internal requests. If the stateful rewall receives an incoming packet that it cannot match in its state table, it defaults to its ACL to determine whether to allow the packet to pass. The primary disadvantage of this type of rewall is the additional processing required to manage and verify packets against the state table, which can leave the system vulnerable to a DoS or DDoS attack. State information is preserved using a state table that looks similar to a rewall rule set but has additional information. The state table contains the familiar source IP and port, and destination IP and port, but adds information on the protocol used (i.e., UDP or TCP), total time in seconds, and time remaining in seconds. 6. Describe how the various types of rewalls interact with the network trac at various levels of the OSI (Open System Interconnection) model. Answer: Packet ltering rewalls scan network data packets looking for compliance with or violation of the rules of the rewalls database. Filtering rewalls inspect packets at the network layer, or Layer 3, of the OSI model. MAC layer rewalls are designed to operate at the media access control layer (layer 2) of the OSI network mode.

Application level rewalls will operate at OSI layers above layer 3, using specic knowledge of various protocols and applications to make more informed decisions about packet forwarding. 7. List the ve generations of rewall technology. Which generations are still in common use? Answer: At the present time, there are ve generally recognized generations of rewalls, and these generations can be implemented in a wide variety of architectures. First Generation. First generation rewalls are static packet ltering rewalls that is, simple networking devices that lter packets according to their headers as the packets travel to and from the organizations networks. Second Generation. Second generation rewalls are application-level rewalls or proxy servers that is, dedicated systems that are separate from the ltering router and that provide intermediate services for requestors. Third Generation. Third generation rewalls are stateful inspection rewalls, which, as you may recall, monitor network connections between internal and external systems using state tables. Fourth Generation. While static ltering rewalls, such as rst and third generation rewalls, allow entire sets of one type of packet to enter in response to authorized requests, the fourth generation rewalls, which are also known as dynamic packet ltering rewalls, allow only a particular packet with a particular source, destination, and port address to enter. Fifth Generation. The fth generation rewall is the kernel proxy, a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. Most modern rewalls combine features from more than one generation. 8. What is a sacricial host? What is a bastion host? Answer: They are synonyms. Since the bastion host stands as a sole defender on the network perimeter, it is also commonly referred to as the sacricial host. To its advantage, this conguration requires the external attack to compromise two separate systems, before the attack can access

internal data. 9. What is a content lter? Where is it placed in the network to gain the best result for the organization? Answer: A content lter is a software lter technically not a rewall that allows administrators to restrict access to content from within a network. It is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations, or restricts users from receiving general types or specic examples of Internet content. Some refer to content lters as reverse rewalls, as their primary focus is to restrict internal access to external material. To gain the best result, it should be placed on the primary connection used to gain access to the Internet. 10. What is a VPN? What are some reasons it is widely popular in many organizations? Answer: A Virtual Private Network (VPN) is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. VPNs are popular since they are simple to set up and maintain and usually require only that the tunneling points be dual-homed that is, connecting a private network to the Internet or to another outside connection point. There is VPN support built into most Microsoft server software, including NT and 2000, as well as client support for VPN services built into XP. While true private network services connections can cost hundreds of thousands of dollars to lease, congure, and maintain, a VPN can cost next to nothing.