Question

In: Computer Science

What items does a firewall use to decide whether to allow or deny communication traffic. no...

What items does a firewall use to decide whether to allow or deny communication traffic.

no plagarism

Solutions

Expert Solution

FIREWALL :

A firewall is a system that provides network security bt filtering the incoming and outgoing network traffic based on a set of user-defined rules. In general, the purpose of a firewall is to reduse or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely. In most server infrastructures, firewall provide an essential layer of security that, combined with other measures, prevent attackers from accessing the servers in malicious way.

Types of Firewalls :

There were three types of network firewalls. They are as follows:

  1. Packet filtering / stateless firewalls : It work by inspecting individual packets in isolation. As such, they are unaware of connection state and can only allow or deny packets based on individual packet headers.
  2. Stateful firewalls : They are able to determine the connection state of packets, which makes them much more flexible than stateless firewalls. They work by collecting related packets until the connection state can be determined before any firewall rules are applied to the traffic.
  3. Application firewalls : They go one step further by analysing the data being transmitted, which allows network traffic to be matched against firewall rules that are specific to individual services or applications. These are also known as proxy-based firewalls.

In addition to firewall software, which is available on all modern operating systems, firewall functionality can also be provided by hardware devices, such as routers or firewall appliances.

Accept and Deny traffic of firewall :

When constructing a firewall, one of the fundamental decisions that we must make is the default policy. This default policy determines what happens when traffic is not matched by any other rules. By default, a firewall can either accept any traffic unmatched by previous rules, or deny that traffic.

A default policy of “accept” means that any unmatched traffic is allowed to enter the server. This is generally not advised because it means that, effectively, you will be maintaining a black list. Black lists are difficult to manage because you must anticipate and block every type of unwanted traffic explicitly. This can lead to maintenance headaches and is generally prone to mistakes, mis-configurations, and unanticipated holes in the established policy.

The alternative is a default policy of “drop”. This means that any traffic not matched by an explicit rule will not be allowed. This is akin to a white list ACL. Each and every service must be explicitly allowed, which might seem like a significant amount of research and work at first. However, this means that your policy tends towards security and that you know exactly what is permitted to receive traffic on your server.

If the firewall’s built-in policy function is set to “drop” and your firewall rules are ever flushed (reset), or if certain matching rules are removed, your services will instantly become inaccessible remotely. This is often a good idea when setting policy for non-critical services so that your server is not exposed to malicious traffic if the rules are removed.

There are a few different ways of denying a packet passage to its intended destination. The choice between these has an impact on how the client perceives its connection attempt and how quickly they are able to determine that their request will not be served.

The first way that packets can be denied is with “drop”. Drop can be used as a default policy or as a target for match rules. When a packet is dropped, it basically just throws it away. It sends no response back to the client trying to connect and does not give any indication that it has ever even received the packets in question. This means that clients (legitimate or not) will not receive any confirmation of the receipt of their packets.

For TCP connection attempts, the connection will stall until the timeout limit has been reached. Since UDP is a connectionless protocol, the lack of response for clients is even more ambiguous. In fact, not receiving a packet back in this case is often an in indication that the packet was accepted. If the UDP client cares about receipt of its packets, it will have to resend them to try to determine whether they were accepted, lost in transit, or dropped. This can increase the amount of time that a malicious actor will have to spend to get proper information about the state of your server ports, but it could also cause problems with legitimate traffic.

An alternative to dropping traffic is to explicitly reject packets that you do not allow. ICMP, or Internet Control Message Protocol, is a meta-protocol used throughout the internet to send status, diagnostic, and error messages between hosts as an out-of-band channel that does not rely on the conventional communication protocols like TCP or UDP. When you use the “reject” target, the traffic is denied and an ICMP packet is returned to the sender to inform them that their traffic was received but will not be accepted. The status message can hint as to the reason.

This has a number of consequences. Assuming that ICMP traffic is allowed to flow out to the client, they will immediately be informed that their traffic is blocked. For legitimate clients, this means that they can contact the administrator or check their connection options to ensure that they are reaching out to the correct port. For malicious users, this means that they can complete their scans and map out the open, closed, and filtered ports in a shorter period of time.

There is a lot to consider when deciding whether to drop or reject traffic. One important consideration is that most malicious traffic will actually be perpetrated by automated scripts. Since scripts are typically not time-sensitive, dropping illegitimate traffic will not have desired disincentive while it will have the negative effects for legitimate users.


Related Solutions

How does a company decide whether or not to shut down? What is the rule they...
How does a company decide whether or not to shut down? What is the rule they should follow? Explain in your own words what the rule would be.
What role does a Firewall play in an organization. What are the parameters that can be...
What role does a Firewall play in an organization. What are the parameters that can be utilized with Access Control Lists?
in each of these independent situations please decide whether the following items on the fact of...
in each of these independent situations please decide whether the following items on the fact of an OTHERWISE negotiable instrument renders the instrument non-negotiable? a) Note signed in the upper left hand corner b) Draft directing to pay out of next month's sales c) Note promising to pay in accordance with the mortgage terms d) Draft payable in 1000 euros e) Note payable upon your death f) Draft payable whenevr you present it to drawee g) Note promising to "Pay...
What role does a firewall play in a honey pot design?
What role does a firewall play in a honey pot design?
Short case 1 Nah is currently trying to decide whether to allow Tate to be part...
Short case 1 Nah is currently trying to decide whether to allow Tate to be part of a delegation that will represent their company at an international business expo. Apart from allowing the company to market its business to potential clients, the expo will give the members of the delegation a chance to meet and network with various industry professionals and gain valuable industry insights. Question: 1. Which personality traits would most weaken Tate's chances of being selected? 2. Which...
1. On what basis does a firm decide whether or not to shut down? 2. On...
1. On what basis does a firm decide whether or not to shut down? 2. On what basis does it decide whether or not to go out of business?
1. What roles does a firewall perform? 2.Most enterprise networks use both host firewalls, such as...
1. What roles does a firewall perform? 2.Most enterprise networks use both host firewalls, such as Windows Firewall and network firewalls. Why would you want to use both? 3.Which tool should you use to modify firewall rules on a Windows server? 4.In the lab, you enabled a firewall rule that allowed users on an external network to connect to a Web server using HTTP. Which port is used for these connections? 5.Can a host-based firewall help defend against malware and...
What services require auditors to be independent? How does an auditor decide whether to accept or...
What services require auditors to be independent? How does an auditor decide whether to accept or reject a client? What should the auditor consider?
Question 2011 pts What information do bridges use to determine whether to forward traffic? Group of...
Question 2011 pts What information do bridges use to determine whether to forward traffic? Group of answer choices MAC addresses IP addresses traffic conditions at the time nothing because bridges forward all traffic Question 2021 pts A technician is at a small facility that has five computers connected to a central switch and accessing a single server for file and print sharing. One computer becomes unable to connect to the network, while the other four are still connecting properly. Which...
Nonverbal communication is communication that does not involve the use of words. The textbook (International Business...
Nonverbal communication is communication that does not involve the use of words. The textbook (International Business 4th Edition) provide 9 ways of nonverbal communication. Briefly explain them.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT