1.

What is the typical relationship between the untrusted network, the

firewall, and the trusted network? 

- The untrusted network refers to the internet. -The trusted network refers to the
privately-owned network. -The firewall filter traffic from the untrusted network to
the trusted network to ensure it is legitimate and not harmful.

2. What is the relationship between a TCP and UDP packet? Will any
specific transaction usually involve both types of packets?

- UDP packets are designed to be connectionless. -TCP packets usually involve

the creation of a connection from one host computer to another. -A single
transaction would not usually involve TCP and UDP ports.

3. How is an application layer firewall different from a packet-filtering

firewall? Why is an application layer firewall sometimes called a proxy
server? 

- The application layer firewall takes into consideration the nature of the
applications being run (the type, timing of the network connection requests, the
type, and nature of the traffic generated) whereas the packet filtering firewall
simply looks at the packets as they are transferred. - The application firewall is
also known as a proxy server since it runs special software that acts as a proxy
for a request.

4. How is static filtering different from dynamic filtering of packets? Which

is perceived to offer improved security? 

- static filtering is where the filtering rules tell the firewall which packets are
allowed and which are denied are developed and installed. - dynamic filtering is
where the firewall reacts to an emergent event and update or create rules to deal
with the event. *while static filtering firewalls allow entire sets of one type of
packet to enter in response to authorized requests, the dynamic packet filtering
firewall allows only a particular packet with a particular source, destination, and
port address to enter through the firewall.

5.  What is a stateful inspection? How is state information maintained

during a network connection or transaction? 

- stateful inspection keeps track of each network connection between internal and
external systems using a state table. Stateful inspection firewalls use packet
filtering to allow or deny packets. It also defaults to its ACL if a packet doesn't
 match in its state table. State information is maintained in a state table that
contains the familiar IP and port source and destination.

6. What is a circuit gateway, and how does it differ from the other forms of
firewalls? 

- It operates at the transport layer. Connections are based on addresses. Like

filtering firewalls, circuit gateways do not usually look at data traffic flowing
between networks, but they prevent direct connections between networks. They
do this by creating tunnels connecting specific processes or systems on each
side of the firewall. A circuit gateway is a firewall component often included in the
category of application gateway but is a separate type of firewall.

7.  What special function does a cache server perform? Why is this useful
for larger organizations? 

- A cache server is a server that makes available frequently used pages. For
example, big corporations use cache servers to make sure pages to market their
products are pre-rendered and ready to send instead of asking for a full request
from a web page host. It also adds layer of protection against attacks as only
portions of a website can be attacked at a time.

8. Describe how the various types of firewalls interact with the network
traffic at various levels of the OSI model. 

- packet filtering firewalls scan network data packets and either accept or deny
them depending on the rules of the firewall's database. Filtering firewalls inspect
packets at the network layer (layer 3 of OSI) MAC layer firewalls are designed to
operate at the media access control layer (layer 2) Application level firewalls
operate above layer 3 using knowledge of protocols and applications.

9. What is a hybrid firewall? 

- A hybrid firewall combines features and functions from other types of firewalls.
Hybrid firewalls use a combination of the other three methods, and in practice,
most firewalls fall into this category, since most use multiple approaches within
the same device.

10.  List the five generations of firewall technology. Which generations are
still in common use? 

- First gen - static firewalls; second-gen - application level/proxy server firewalls;

third-gen - stateful inspection firewalls; fourth-gen - dynamic/packet filtering
 firewalls; fifth-gen - kernel proxy firewall. @Most generations are still in use and
combine features from more than one.

11.  How does a commercial-grade firewall appliance differ from a

commercial-grade firewall system? Why is this difference significant? 

- Firewall appliances are stand-alone, self-contained combinations of computing

hardware and software. A commercial-grade firewall system consists of
application software that is configured for the firewall application and runs on a
general-purpose computer.

12.  Explain the basic technology that makes residential/SOHO firewall

appliances effective in protecting a local network. Why is this usually
adequate for protection? 

- Network Address Translation (NAT) assigns non-routing local addresses to the

computer systems in the local area network and uses the single ISP assigned
address to communicate with the Internet. Since the internal computers are not
visible to the public network, they are much less likely to be scanned or
compromised.

13. What key features point up to the superiority of residential/SOHO firewall

appliances over personal computer-based firewall software? 

- When the protective control fails, the appliance will most often fail in a safe
mode, while the software is likely to stop working, leaving the protected system
vulnerable.

14. How do screen host architectures for firewalls differ from screened
subnet firewall architectures? Which of these offers more security for the
information assets that remain on the trusted network? 

- Screened host firewalls combine the packet filtering router with a separate,
dedicated firewall, such as an application proxy server. This approach allows the
router to prescreen packets to minimize the network traffic and load on the
internal proxy. The architecture of screened subnet firewall provides a DMZ. The
DMZ can be a dedicated port on the firewall device linking a single bastion host,
or it can be connected to a screened subnet. Screened subnet firewalls offer
more security than screen host firewall.

15. What is a sacrificial host? What is a bastion host? 

 a sacrificial host is simply a type of bastion host used as an active bait to lure
potential attackers and learn, or possibly track and find, them. For example, an
FTP server is a typical bastion host that can be used as a sacrificial host. What is
a bastion host? A bastion host is a server whose purpose is to provide access to
a private network from an external network, such as the Internet. Because of its
exposure to potential attack, a bastion host must minimize the chances of
penetration.

16. What is a DMZ? Is this an appropriate name for the technology,

considering the function this type of subnet performs? 

- A demilitarized zone (DMZ) is an intermediate area between a trusted network

and an untrusted network. It is a fitting name because traffic coming into the area
cannot directly access its destination.

17.  What are the three questions that must be addressed when selecting a
firewall for a specific organization? 

- Question 1 - Do you want to have redundancy and scalability? - This is related
to your organization kind - whether you are a small tiny startup or medium to big
enterprise. The first one will do without redundancy and scalability. 
- Question 2 - Do you need a hardware-based firewall, or are you working in the
cloud? - This one is quite essential because cloud providers give you to use
excellent Ingress controllers. They are highly scalable secured firewalls, and
usually, there is no need for an additional software-based firewall. In the other
case, you have to take care of your security and support.
- Question 3 - Do you plan to have intrusion detection and prevention? - This one
is essential if you plan to implement any defensive reaction force in your
organization. For a small organization, usually, system administrators take this
duty, and you could not need such a feature. In bigger ones, such a feature is a
must.

18. What is RADIUS? What advantage does it have over TACACS? 

- RADIUS stands for Remote Authentication Dial-In User Service. In this method,
users dial-up a modem that connects to a centralized user authentication service.
This service then returns a reply of "accept" or "decline," and the access point
either allows or rejects the connection. Its advantage over TACACS (Terminal
Access Controller Access Control System) is that it provides a single centralized
server to authenticate user access and reports directly back to the remote access
server (RAS).
19. What is a content filter? Where is it placed in the network to gain the best
result for the organization? 

- It is a software filter, not a firewall, that allows administrators to restrict content

from within a network, these are written scripts aurora programs. It is placed on
the primary connection which directly connects to the internet.

20. What is a VPN? Why is it becoming more widely used? 

- the term VPN refers to “Virtual Private Networks,” so users can protect networks
while connected to the public network. You can mask your online identity through
a VPN by encrypting your internet traffic. Because of this limitation, it is now
harder for third parties to log on and steal data about you. It is useful due to its
Data privacy and protection are of paramount importance to corporations when
utilizing virtual private networks. As users interact via the Internet instead of face-
to-face, virtual private networks have gained popularity as a means to enhance
privacy, as users’ IP addresses are swapped with those of the VPN.

Exercises (20pts each):

1. Using the Web, search for “software firewalls.” Examine the various
alternatives available and compare their functionality, cost, features, and
type of protection. Create a weighted ranking according to your
evaluation of the features and specifications of each software package. 

- I think the best software firewall programs depend on the type of computer you
have and also how much you use the Internet. The link above lists the top 10
software firewalls. I would pick Avira because it is free and is top-rated and still
receives high scores for protection.

2. Using the Internet, determine what applications are commercially

available to enable secure remote access to a PC.

- Using the Internet, the following applications are commercially available to

enable secure remote access to a PC: (Not listed in any particular order)
- 1.     GoToMyPC
- 2.    LogMeIn
- 3.    TeamViewer
- 4.    PC now
- 5.    Radmin
- 6.    Anyplace Control
Case Exercise (30pts each):
The next morning at 8 o’clock, Kelvin called the meeting to order. 

The first person to address the group was the network design consultant, Susan
Hammer. She
reviewed the critical points from her earlier design report, going over the options it
had presented and outlining the tradeoffs in those design choices. 

When she finished, she sat down and Kelvin addressed the group again: “We
need to break
the logjam on this design issue. We have all the right people in this room to make
the right
the choice for the company. Now here are the questions I want us to consider over
the next three
hours.” Kelvin pressed the key on his PC to show a slide with a list of discussion
questions on
the projector screen. 

Questions: 
1. What questions do you think Kelvin should have included on his slide to
start the discussion? 
- What kind of security protection do we want?
- Do we want it to be the best and most protection possible?
-  Is it in the budget for our company to do this?
-  Are we able to produce a security frame like this?

2. If the questions to be answered were broken down into two categories,

they would be
cost versus maintaining high security while keeping flexibility. Which is
most important for SLS?

-  More importance would have to lean on the higher security maintenance side of
things.  This is because they already been hacked into before and the fact they
will be much more protected in the case of an emergency like this happening
again to them.