Firewall Functions and Types

Questions and Answers

Which OSI layer does a stateful inspection firewall operate on?

• Layer 3 (Network)
• Layer 2 (Data Link)
• Layer 5 (Session) (correct)
• Layer 4 (Transport)

What is the primary function of a firewall?

• Virus detection
• Data encryption
• Traffic filtering (correct)
• Network monitoring

How does a packet filtering firewall operate?

• By analyzing the source and destination MAC addresses
• By comparing packet signatures against a known malware database
• By inspecting the contents of data packets
• By examining the header information of IP packets (correct)

What is a network access control list (ACL)?

A set of rules that define how traffic is filtered (D)

What layer of the OSI model does a packet filtering firewall primarily function at?

Layer 3 (Network) (B)

What is the purpose of controlling outbound traffic with a firewall?

To block applications not allowed to run on the network (D)

Which of the following is NOT a common filtering criterion used by packet filtering firewalls?

Content of data packets (A)

What does it mean for a packet filtering firewall to be "stateless"?

It does not keep track of previous packet interactions (B)

Which of these statements is true about ingress and egress traffic?

They are managed by separate ACLs for inbound and outbound traffic (A)

Flashcards

Stateless Firewall

A firewall that filters packets without tracking connection states.

Stateful Inspection Firewall

A firewall that tracks active connections and their state.

Packet Filtering

A method that inspects packets against predefined rules.

Session Layer (OSI Model)

Layer 5 of the OSI model, responsible for managing sessions.

State Table

A dynamically updated record of active sessions in a stateful firewall.

Firewall

A device or software that filters network traffic based on rules.

Traffic Filtering

The process of allowing or blocking data packets based on specified rules.

Packet Filtering Firewall

A basic type of firewall that checks data packets against a set of rules.

Access Control List (ACL)

A list of rules that defines which traffic can pass through the firewall.

IP Filtering

The process of allowing or denying packets based on IP addresses.

Port Filtering

Analyzing packets based on their transport layer port numbers.

Ingress and Egress

Traffic flowing into (ingress) and out of (egress) a network.

Study Notes

Firewall Functions

• Firewalls filter traffic, blocking traffic that doesn't match defined rules.
• Firewalls can protect entire networks or individual hosts.
• The type of firewall dictates the level of inspection.

Packet Filtering Firewalls

• Packet filtering is a fundamental firewall function.
• Rules are defined in network access control lists (ACLs).
• Rules specify data packet types and actions (deny/accept).
• Packet filtering operates at Layer 3 (OSI model) – inspecting IP packet headers.
• Rules can filter based on:
  • Source/destination IP address
  • Protocol type (TCP, UDP, ICMP, etc.)
  • Source/destination port numbers (within TCP/UDP headers)
• ACLs control inbound and/or outbound traffic (ingress/egress).
• Outbound filtering blocks unauthorized applications and malware.
• Filtering ingress and egress traffic uses separate ACLs.
• Packet filtering is stateless, each packet is analyzed independently.

Stateful Inspection Firewalls

• Stateful inspection maintains session information.
• Sessions are tracked in a dynamically updated table.
• Stateful firewalls operate at Layer 5 (OSI model).
• Incoming packets are checked against existing sessions.
• Allowed traffic passes without further monitoring for efficiency.
• Addresses shortcomings of stateless firewalls.