CHAPTER 12: FIREWALLS
TRUE OR FALSE
T F 1. A firewall may be designed to operate as a filter at the level of IP
packets or may operate at a higher protocol layer.
T F 2. The packet filter is typically set up as a list of rules based on
matches to fields in the IP or TCP header
T F 3. The direction control determines the types of Internet services
that can be accessed, inbound or outbound
T F 4. The firewall cannot fully protect against internal threats.
T F 5. A firewall may not act as a packet filter.
T F 6. A stateful packet inspection firewall reviews the same packet
information as a packet filtering firewall but also records
information about TCP connections.
T F 7. One advantage of a packet filtering firewall is its simplicity.
T F 8. Packet filter firewalls examine upper layer data therefore they can
prevent attacks that employ application specific vulnerabilities or
functions.
T F 9. Due to the small number of variables used in access control
decisions packet filter firewalls are susceptible to security
breaches caused by improper configurations.
T F 10. Packet filters tend to be more secure than application level
gateways.
T F 11. A circuit level proxy can be a stand alone system or it can be a
specialized function performed by an application level gateway
for certain applications.
T F 12. An example of application level gateway implementation is the
SOCKS package.
T F 13. Firewall functionality can also be implemented as a software
module in a router or LAN switch.
T F 14. The primary role of the personal firewall is to deny unauthorized
remote access to the computer.
T F 15. The external firewall adds more stringent filtering capability in
order to protect enterprise servers and workstations from
external attack.
MULTIPLE CHOICE
1. _________ can be an effective means of protecting a local system or network of
systems from network based security threats while at the same time affording
access to the outside world via wide area networks and the Internet.
A. VPNs B. Proxys
C. Firewalls D. SOCKS
2. The _________ is the address of the system that originated the IP packet.
A. Interface
B. Source and destination transport level address
C. IP protocol field
D. Source IP address
3. The technique that controls how particular services are used is the _________ control.
The firewall may filter e-mail to eliminate spam, or it may enable external access to
only a portion of the information on a local Web server.
A. direction B. user
C. behavior D. service
4. The _________ is the transport level port number which defines applications such as
SNMP or TELNET.
A. Source IP address B. IP protocol field
C. Source and destination transport level address D. Interface
5. A _________ firewall applies a set of rules to each incoming and outgoing IP packet and
then forwards or discards the packet.
A. host-based B. packet filtering
C. distributed D. stateful inspection
6. The __________ defines the transport protocol.
A. source IP address B. destination IP address
C. interface D. IP protocol field
7. The _________ attack is designed to circumvent filtering rules that depend on TCP
header information.
A. source routing B. IP address spoofing
C. network layer address spoofing D. tiny fragment
8. A typical use of a _________ is a situation in which the system administrator trusts the
internal users.
A. packet filtering firewall B. circuit level gateway
C. application level gateway D. stateful inspection firewall
9. SOCKS is defined in _________ as “a framework for client server applications in both
the TCP and UDP domains to conveniently and securely use the services of a
network firewall”.
A. RFC 1935 B. RFC 1928
C. RFC 1046 D. RFC 1024
10. Available in many operating systems or provided as an add on package, a ________ is a
software module used to secure an individual host and also filters and restricts the
flow of packets.
A. application level gateway B. circuit level gateway
C. host based firewall D. DMZ
11. An important aspect of a distributed firewall configuration is _________ .
A. change control B. network frame locking
C. security monitoring D. configuration alerting
12. A ________ is a single router between internal and external networks with stateless or
full packet filtering. This arrangement is typical for SOHO applications.
A. DMZ B. screening router
C. single bastion T D. host resident firewall
13. Common for large businesses and government organizations, the ________
configuration is required for Australian government use.
A. Double bastion inline B. Double bastion T
C. Single bastion inline D. Single bastion T
14. ________ has a third network interface on bastion to a DMZ where externally visible
servers are placed. This is a common appliance configuration for medium to large
organizations.
A. Double bastion inline B. Double bastion T
C. Single bastion inline D. Single bastion T
15. The iTunes Music Sharing inbound service is port number ________ .
A. 5297 B. 3031
C. 3869 D. 5298
SHORT ANSWER
1. A _________ forms a barrier through which the traffic going in each direction must
pass and dictates which traffic is authorized to pass.
2. The four general techniques that firewalls use to control access and enforce the
site’s security policy are: service control, direction control, user control, and
__________ control.
3. Common for large businesses and government organizations, the _________
configuration sandwiches the DMZ between bastion firewalls.
4. The default _________ policy increases ease of use for end users but provides reduced
security because the security administrator must, in essence, react to each new
security threat as it becomes known.
5. A __________ attack is where the source station specifies the route that a packet should
take as it crosses the Internet in the hopes that this will bypass security measures
that do not analyze the source routing information.
6. A _________ firewall configuration involves stand alone firewall devices plus host
based firewalls working together under a central administrative control.
7. Four types of firewalls are: Packet filtering, stateful inspection, circuit level proxy
and _________ .
8. A _________ packet firewall tightens up the rules for TCP traffic by creating a
directory of outbound TCP connections. There is an entry for each currently
established connection and the packet filter will now allow incoming traffic to high
numbered ports only for those packets that fit the profile of one of the entries in this
directory.
9. A _________ sets up two TCP connections, one between itself and a TCP user on an
inner host and one between itself and a TCP user on an outside host. Once the two
connections are established TCP segments from one connection are relayed to the
other without examining the contents.
10. Typically serving as a platform for an application level or circuit level gateway, a
________ is a system identified by the firewall administrator as a critical strong point
in the network’s security.
11. A ________ firewall controls the traffic between a personal computer or workstation
on one side and the Internet or enterprise network on the other side.
12. Between an internal firewall and an external firewall are one or more networked
devices in a region referred to as a _________ . Systems that are externally accessible
but need some protection are usually located in this area.
13. A _________ consists of a set of computers that interconnect by means of a relatively
unsecure network and that make use of encryption and special protocols to provide
security.
14. _________ firewalls include personal firewall software and firewall software on
servers. Such firewalls can be used alone or as part of an in-depth firewall
deployment.
15. A ________ is a single firewall device between an internal and external router. The
firewall may implement stateful filters and/or application proxies. This is the
typical firewall appliance configuration for small to medium sized organizations.
TRUE OR FALSE
MULTIPLE CHOICE
SHORT ANSWER
