Shared Flashcard Set

Details

07.02.02 Firewall Facts
A firewall is a device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules.
5
Computer Science
Graduate
10/11/2012
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term

Firewall Facts

firewall is a device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules.

 Definition
  • network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the Internet to protect against attacks from Internet hosts. A network firewall is created by installing two interfaces on a central network device: one interface connects to the private network, and the other interface connects to the external network.
  • host-based firewall inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the Internet from a public location.
Term
Firewalls use filtering rules, sometimes called access control lists (ACLs), to identify allowed and blocked traffic. A rule identifies characteristics of the traffic, such as:
 Definition
  • The interface the rule applies to
  • The direction of traffic (inbound or outbound)
  • Packet information such as the source or destination IP address or port number
  • The action to take when the traffic matches the filter criteria
Term
Windows includes a host-based firewall that you can configure to protect your system from network attacks.
 Definition

 

  • By default, the firewall allows all outgoing Web traffic and responses but blocks all incoming traffic.
  • Configure exceptions to allow incoming traffic. In Windows Firewall you can configure two exception types:
Exception Description
Program Configuring an exception for a program automatically opens the ports required by the application only while the application is running.
  • You can select from a list of known applications or browse and select another application.
  • You do not need to know the port number used; the firewall automatically identifies the ports used by the application when it starts.
  • After the application is stopped, the required ports are closed.
Port Configuring an exception for a port and protocol (either TCP or UDP) keeps the port open all the time.
  • You must know both the port number and the protocol.
  • Many services require multiple ports, so you must identify all necessary ports and open them.
  • Ports stay open until you remove the exception.
  • When you turn on the firewall, you can block all incoming connections or allow exceptions. If all incoming connections are blocked, any defined exceptions are ignored.

 
Term
When you configure a network-based firewall, you identify the traffic type that is allowed both into and out of your private network.
 Definition
  • Most SOHO routers and access points include a firewall to protect your private network.
  • By default, most SOHO routers allow all traffic initiated on the private network to pass through the firewall. Responses to those outbound requests are typically also allowed. For example, a user browsing a Web site will receive the Web pages back from the Internet server.
  • You can configure individual port rules or exceptions to allow or deny specific ports. A common approach is to block all ports, then open only the necessary ports.
  • Configure port triggering to allow the firewall to dynamically open incoming ports based on outgoing traffic from a specific private IP address and port.
    • On the firewall you identify a private IP address and port, then associate one or more public ports.
    • When the router sees traffic sent from the private network from that host and port number, the corresponding incoming ports are opened.
    • The incoming ports remain open as long as the outgoing ports show activity. When the outgoing traffic stops for a period of time, the incoming ports are automatically closed.
    • Use port triggering to open incoming ports required for applications (such as online games).
  • Some applications identify incoming ports dynamically once a session is established with the destination device. The ports that the application might use are typically within a certain range.
    • For some applications, you can configure the application to use a specific port instead of a dynamic port. You can then open only that port in the firewall.
    • If you are unable to configure the application, you will need to open the entire range of possible ports in the firewall.
    • Use port triggering to dynamically open the ports when the application runs instead of permanently opening all required ports.
  • Configure port forwarding to allow incoming traffic directed to a specific port to be allowed through the firewall and sent to a specific device on the private network.
    • Inbound requests are directed to the public IP address on the router to the port number used by the service (such as port 80 for a Web server). The port number is often called the public port.
    • Port forwarding associates the inbound port number with the IP address and port of a host on the private network. This port number is often called the private port.
    • Incoming traffic sent to the public port is redirected to the private port.
Term
Port
 Definition
  • FTP, uses port 21 for connection requests and port 20 for data transfers
  • Telnet uses port 23
  • SSL uses port 443
  • HTTP uses port 80 (notes: Ports 80 and 443 are used by HTTP to retrieve all Web content.

 
Supporting users have an ad free experience!