Home
11.
What is the difference between router ACLs and Firewall ACLs?
Fundamental purpose:
  1. Routers are designed to route traffic, not stop it.
  2. Firewalls are designed to examine and accept/reject traffic. But the both ACL are do the same job. Depending upon our requirements we do our ACL configuration on it.
12.
A trace route command work across the firewall? why?

Trace route is based on ICMP type 30 under Windows and UDP under NIX; trace route packets that would hit the firewall should be dropped similarly any echo replay coming from inside the firewall should be restricted outbound.

13.
Can you define Packet filtering ?

Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT).

14.
Can you explain circuit level gateway?

The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway, to the internet, appears to have come from the circuit level gateway. So, there is no way for a remote computer or a host to determine the internal private ip addresses of an organization, for example. This technique is also called Network Address Translation where the private IP addresses originating from the different clients inside the network are all mapped to the public IP address available through the internet service provider and then sent to the outside world (Internet). This way, the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders.

15.
Can you explain stateful inspection?

Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Stateful inspection has largely replaced an older technology, static packet filtering. In static packet filtering, only the headers of packets are checked -- which means that an attacker can sometimes get information through the firewall simply by indicating "reply" in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can.