Internet Security Chapter Six
Internet Security Chapter Six
Internet Security Chapter Six
CHAPTER 6
CHAPTER 7
1. What is the typical relationship among the untrusted network, the firewall, and the
trusted network?
Firewall regulates data between an untrusted and trusted networks. The data enters from an
untrusted network to a firewall and the firewall filters the data, preventing suspicion data from
entering the network.
2. What is the relationship between a TCP and UDP packet? Will any specific
transaction usually involve both types of packets?
A TCP send a data packet and then reports back to the sender about the status of the transfer
while UDP is more interested in speed and does not report back to the sender. I dont think so
that there would be any specific transaction usually involving both TCP and UDP. I would
personally prefer TCP.
A packet filtering firewall checks packets for the allowed destination, source and port address
information. An application layer firewall may be called a proxy server because it utilizes some
software application that act as proxies.
Static filtering has are installed with specific rules while dynamic filtering is perceived a more
secure as they are intelligent and can amend the rules by themselves.
Stateful inspection keeps an eye on external and internal connections to a network. It keeps track
of the system by keeping a table of the states.
6. What is a circuit gateway, and how does it differ from the other forms of firewalls?
A circuit gateway operates at the transport layer level. It is used to prevent direct connection
between two different networks.
7. What special function does a cache server perform? Why is this useful for larger
organizations?
A cache server stores frequently used web pages and returns them on user request from the local
computer. It saves internet bandwidth for organization and provides a quick loading of the
cached pages.
8. Describe how the various types of firewalls interact with the network traffic at
various levels of the OSI model.
These firewalls include packet filtering, dynamic filtering, static filtering and stateful inspection
filtering. They work on transport level and prevent the network from external threats.
A hybrid firewall is that kind of firewall that is used to combine other kinds of firewall like
packet filtering firewall and proxy servers firewalls.
10. List the five generations of firewall technology. Which generations are still in
common use?
Five generation for firewall technology are, static packet filtering, application level firewalls,
inspection firewalls, dynamic packet filtering firewalls and kernel proxy. Almost all of them are
in common use depending on the needs of a network.
12. Explain the basic technology that makes residential/SOHO firewall appliances
effective in protecting a local network. Why is this usually adequate for protection?
13. What key features point up the superiority of residential/SOHO firewall appliances
over personal computer-based firewall software?
Residential/SOHO firewall appliances are superior to personal computer based firewalls because
they are the first line of defense to external threat. They have the capability to restrict specific
MAC addresses.
14. How do screened host architectures for firewalls differ from screened subnet
firewall architectures? Which of these offers more security for the information
assets that remain on the trusted network?
Screen subnet firewalls are considered more secure than screened host architectures. They
provide a DMZ while screened host architecture provides a kind of dedicated firewall.
Both of them function similar. Both are in the front line to an untrusted network. Bastion host has
a separate dedicated firewall while a sacrificial host is defending the network on its own.
16. What is a DMZ? Is this really an appropriate name for the technology, considering
the function this type of subnet performs?
It is short for Demilitarized Zone. It acts as space is the zone where the fight for the trusted
network is conducted.
17. What are the three questions that must be addressed when selecting a firewall for a
specific organization?
The three questions are: 1. is it cost effective? 2. What is included in the base price and what is
not included? and 3. Will it be able to meet growing organization security requirements?
RADIUS is a check for the identity of anyone who wishes to enter the system. RADIUS is
widely supported by a variety of applications as compared to TACACS.
19. What is a content filter? Where is it placed in the network to gain the best result for
the organization?
A content filter gives the administrator the power to restrict access to the content on a network. It
is based inside the trusted network.
VPN is a virtual private network which is widely used for network security on the internet with
encryption and IPsec techniques
Review Questions Chapter 7
1. *What common security system is an IDPS most like? In what ways are
these systems similar?*
We have home security alarms that are set with instructions to go off
when a thief enter the home. The same mechanism is incorporated in IDPS.
2. *How does a false positive alarm differ from a false negative one?
From a security perspective, which is least desirable?*
These two differ in the range of their responsibility i.e. network based
IDPS protects a network while a host based IDPS secures a specific
device or host.
6. *List and describe the three control strategies proposed for IDPS
Control.*
IDPS has different strategies for its control mechanisms including fully
Distributed, partially and centralized control strategies.
11. *Why would ISPs ban outbound port scanning by their customers?*
Customers might want to carry out attacks by port scanning. This is why
ISPs might ban it.
15. *What kind of data and information can be found using a packet sniffer?*
19. *What is a false reject rate? What is a false accept rate? What is
their relationship to the crossover error rate?*
False reject rate is the rate at which authentic users are denied access
while false accept rate is the rate at which non authentic users are
granted access and identified as authentic. These both measures are used
on cross over error rate to configure system sensitivity.