Question

I am working on these questions but I would like someone to review them before I submit and add any addition information I may have missed or worse gotten wrong! I provided the questions and then my answers to them.

1) Explain what is blacklisting and whitelisting?

2) iptables:

Compare -j DROP vs -j REJECT. Which option would you use to implement a firewall rule that blocks incoming packets and why?

3) State the iptables command you would use to add a firewall rule where outgoing packets(connections) to ports 20, 21 (ftp) were blocked.

4) ICMP is a protocol for sending various messages to report network conditions. Ping is the sends ICMP Echo request packets to the target host and waits for ICMP echo reply from the host.

Your Task: State a firewall rule that will block other systems from pinging your system.

My answers.

1.    Explain what is blacklisting and whitelisting?

White lists and black lists are two ways of filtering data. If you have a white list then you will filter in only data on the white list; if you have a black list you will filter out only data on that list.

2.    iptables:

Compare -j DROP vs -j REJECT. Which option would you use to implement a firewall rule that blocks incoming packets and why?

Since DROP silently drops without a response, and REJECT denies and send an ICMP message to indicate the denial I think you would want to reject and never receive them to drop them using sudo ufw reject ssh

3.    State the iptables command you would use to add a firewall rule where outgoing packets(connections) to ports 20, 21 (ftp) were blocked.

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p tcp --dport 20,22 -j ACCEPT

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -j REJECT

4.    ICMP is a protocol for sending various messages to report network conditions. Ping is the sends ICMP Echo request packets to the target host and waits for ICMP echo reply from the host.

Your Task: State a firewall rule that will block other systems from pinging your system.

sudo iptables -A INPUT -p tcp --dport 110 -j DROP

This doesn't not allow and connection to ping the system.

Answer 1

All of you rnaswer are correct and are explained enough , but in the first question you can add more imformation to explain more to the reader , explanation is as follow :

Blacklisting is probably the most seasoned calculation in PC security, and it's utilized by most antivirus programming to impede undesirable elements. The way toward boycotting applications includes the formation of a rundown containing all the applications or executables that may represent a danger to the organization, either as malware assaults or essentially by hampering its condition of profitability. Blacklisting can be viewed as a danger driven technique. Similarly as the name recommends, whitelisting is something contrary to Blacklisting, where a rundown of confided in elements, for example, applications and sites are made and only permitted to work in the organization. Whitelisting takes all the more a trust-driven methodology and is viewed as safer. This technique for application control can either be founded on strategies like document name, item, and merchant, or it tends to be applied on an executable level, where the advanced endorsement or cryptographic hash of an executable is checked.

Rest of the command and explain are detailed enough to explain their fucntionality