Get 30% off ITprotv.com with PROMO CODE CCNADT https://www.itpro.tv/
Follow me on Twitter: https://twitter.com/CCNADailyTIPS
Previous Video: CCNA Security | Control Plane Policing and PVLAN: https://youtu.be/6DtarP4RJKE
5.1 Describe operational strengths and weaknesses of the different firewall technologies
5.1.a Proxy firewalls Proxy Firewall
It is when the firewall sends traffic on behalf of the host.If a host is trying to connect to a webpage, the firewall gets that traffic and sends it to the webpage like it is the firewall asking for it. After the firewall gets the webpage, it inspects it and then, sends it to the host. Proxy adds an extra step to the process. Proxy servers are powerful defense against a Cross-Site Scripting XSS attacks. To carry out this attack type, a malicious script is injected into the webpages.
5.1.b Application firewall
An application firewall is a type of firewall that controls network access to, from or by an application or service. Such products monitor the use of applications and block any activities that don’t meet the configured policy of the firewall. Application firewalls protect application communications in a similar manner that network firewalls secure network communications. Because they are aware of the languages applications use to transmit information, they can deny or modify invalid or suspicious activities—protecting organizations against attacks.
5.1.c Personal firewall
A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall. A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Personal Firewall you can take it anywhere. If you go to a coffee shop, you can take the personal firewall, and be secured because Coffee shop network are unsecured networks.
5.2 Compare stateful vs. stateless firewalls
Stateless firewalls watch network traffic and restrict or block packets based on source and destination addresses or other static values. They’re not ‘aware’ of traffic patterns or data flows. A stateless firewall uses simple rule-sets that do not account for the possibility that a packet might be received by the firewall ‘pretending’ to be something you asked for. A stateless firewall filter, also known as an access control list (ACL), does not statefully inspect traffic. Instead, it evaluates packet contents statically and does not keep track of the state of network connections. Therefore, it has with protocols that use dynamic protocols like FTP. Also, it does not protect against IP Spoofing because it does not save anything that was previously learned.
Stateful firewalls can watch traffic streams from end to end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. In technical terms, this means that stateful firewalls can tell what stage a TCP connection is in (open, open sent, synchronized, synchronization acknowledge or established). It can tell if the MTU has changed and whether packets have fragmented. Stateful lets an inside host start a conversation, but they do not let an outside host start a conversation. This is accomplish by their session table. Also known as the state table. Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful firewalls are better at identifying unauthorized and forged communications.
5.2.b Function of the state table
Given an understanding of TCP session rules (three-way handshake, SYN, SYN/ACK, ACK) along with the existence of the state table, stateful firewalls can ensure that those rules are followed. Network attacks often break rules, confusing systems and causing them to behave in unintended fashions. When stateful firewalls recognize that rules are being broken, they will drop offending packets and mitigate the attack. Take for example TCP connections. The connection must begin with a SYN packet. If the policy on the firewall allows the session, the SYN packet is allowed and a new entry in the state table is created. The state table stores information such as the source and destination IP addresses and TCP ports, TCP flags, and sequence numbers. At this point, there is only one valid packet that can follow in this session. It is the server’s SYN ACK packet in response to the client’s SYN, and it needs to be acknowledging the actual sequence number that was originally presented by the client.