Uploaded by Bob Marley

Firewall QA (1)

advertisement
1.Using Outbound NAT
A. How secure are the hosts on a site with outbound (many to one) NAT?
No inbound NAT
Answer: very security attacks attacks initiated from the Internet to the site
B. Are the hosts on a site secure from attacks on the internet?
Answer: No. The can visit a site and be susceptible to XSS and other
attacks. Clients can also be phished and many other attacks
C. If you want to protect users from XSS, would you exchange the firewall
for a proxy firewall or WAF?
Answer: Proxy firewall. Firewall is typically for outbound connections. WAFs
are typically intended to protect a particular web site
1, T/F stateful inspection dependent upon user authentication and identity?
Answer: False, stateful inspection is based on 5 tuple, on the client side
use source IP and source port. User authentication is used for some, but
not all, firewalls.
2. T/F IP spoofing is defined as the creation of IP packets with forged
destination addresses, in order to conceal the identity of the sender?
False, spoofing is forged source addresses
3. In terms of Linux iptables filtering, what is the difference between
packets destined to local host and packets forwarded by local host
Answer
Incoming packets destined to local host: Pre Routing -> Input
Incoming packets destined to other host (i.e. forwarding, routing) Pre
Routing -> Forward -> Post Routing
Both are firewalls, host is protecting the local host, forwarding is protecting
another host
4. T/F. Forward is only used when linux host is performing router functions
Answer True
5. Which are iptables tables:
A. Filter
B. NAT
C. Mangle
D. Forward
Answer: all but forward
6. If you are using a Linux server as a L3 firewall (router firewall) which
chains will you use?
Answer: Incoming packets destined to other host (i.e. forwarding, routing)
Pre Routing -> Forward -> Post Routing
7. Review names and types of firewalls
Host-resident firewall or host-based firewall - Includes personal firewall
software and firewall software on servers
Screening router - Single router between internal and external networks
with stateless or full packet filtering
Single bastion inline - Single firewall device between an internal and
external router. This is Stallings definition.
Single bastion T - Has a third network interface on bastion to a DMZ where
externally visible servers are placed
Double bastion inline - DMZ is sandwiched between bastion firewalls
Double bastion T - DMZ is on a separate network interface on the bastion
firewall
Distributed firewall configuration - Used by large businesses and
government organizations
8. If you are using a Linux server to restrict access based on MAC layer
addresses, which command might you use?
A. iptables,
B. ip6tables
C. ebtables
D. arptables
E. ipset
F. nftables
Answer: ebtables
9. What is IP spoofing and how can it be prevented?
Answer: IP spoofing is a practice where an attacker illicitly impersonates
another machine by manipulating IP packets.
Most common way to prevent is to write bogon filters (block private IP
addresses) and block the organization’s IP address from coming into the
network.
Spoofing source IP addresses versus crafting packets for exfiltration
Source IP routing.
Intent is to by pass filtering rules
Easily blocked
Typically blocked
IP Fragment
Intent is to by pass filtering rules
Easily blocked
Typically blocked
10. Can a firewall that only filters on the 5 tuple, block selected pages in a
given web site? Assume, all all pages are sources from the same server
Answer: No, not with just 5 tuple.
Can an IPS blocked selected pages?
Answer: Yes, if you can define a signature correctly
Can a WAF block selected pages?
Answer: Yes, if you can define a ModSecurity rule
11. Stateful versus Stateless
Both operate at Layer 3 and Layer 4 of the Open Systems Interconnection
(OSI) model.
Proxy retrieves data from an online resource on your behalf.
Firewalls monitor and evaluate the traffic passed to the end user.
Stateful packet filtering firewalls:
Keeps track of the state of network connections.
This firewall adds the traffic into a stable table once it is approved.
Stateful firewalls are able to detect fake messaging and unauthorized
access.
They have a powerful memory as they remember the main aspects of
network connections.
They have stronger attack mitigation.
More resource intensive
Computationally expensive to setup and maintain the connection table.
Stateless packet filtering firewalls: Access Control Lists (ACLs).
Not aware of the current state of connection/incoming traffic.
The device accepts or rejects an incoming packer by checking if it matches
the ACL rules or not.
Stateless firewalls are faster than stateful firewalls.
They perform better in heavy traffic as they do not dive deep into the
information of a packet as stateful firewalls do.
12. Advantages of NAT
1. Help conserve public IP space by using private IP address space
2. Improve security by spearing Intern and public (Internet) ip address
space and hosts
3. Improves flexibility to assign IP addresses
4. Improves standardization by allowing the assignment of IP
addresses
13. Disadvantages of NAT
1. Can impact performance and scalability
- nat’ing table requires setup and maintenance
- Many to one NAT’ing can result in using all availBVLE TCP
source ports - 100k connections per second, have 64k ports available
2. NAT cannot be used with some protocols: IPSEC, TACACS
3. Can consume CPU and memory
14. Pros of proxy firewalls
Provides anonymity and enhanced security as it abstracts your IP address
from external sources
Allows for private browsing
Allows you to access location-specific content
Prevents your employees from accessing harmful, malicious, or
inappropriate content
Enhances your network performance and also provides an extra layer of
security
Acts as a part of firewall implementation and can also be set up via web
filters
15. Proxy Server
Works on the application layer of the OSI model
Connects to an external server and communicates on the behalf of the
client
Provides anonymity and bypass restrictions
Can be set up on both sides with public networks
Involves less administrative overhead usually as it serves as a mediator for
the request/response cycle
Works on the application protocol level
Filters client-side requests for the connection
16. Firewall
Monitors and filters all the incoming and outgoing traffic on a given network
Works on the network and transport layer of an OSI model
Protects an internal private network against cyberattacks
Is an interface between the public and the private network
Involves more overhead due to its configuration and filtering rules
Filters web/data packets
Works on data packet level
Download