Download End of Chapter Solutions Template

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Hacker wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Denial-of-service attack wikipedia , lookup

Unix security wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Deep packet inspection wikipedia , lookup

Transcript 
Guide to Firewalls and Network Security
Chapter 4 Solutions
Review Questions
1.
True or false: Application proxies do packet filtering, not just routers.
Answer: True
2.
What’s the primary difference between the way routers treat packets and the way application proxies
handle packets?
Answer: C
3.
How do content-based filtering programs decide whether or not to allow packets into the protected
network?
Answer: D
4.
Which of the following parts of a packet header can potentially be used to attack a network?
Answer: D
5.
What tells a firewall how to reassemble a data stream that has been divided into packets?
Answer: B
6.
Why is it important to be familiar with the fields in an IP packet header?
Answer: Packet filtering works by examining the header fields. Knowing which fields can be filled by
a hacker with false information can help you set up packet filtering rules to block unauthorized traffic.
7.
What does stateful packet filtering do that stateless packet filtering does not do?
Answer: It examines the state of communications between source and destination computers and only
allows traffic to flow through the filter if a connection has successfully been established.
8.
Which of the following is a function of an IP packet footer? (Choose all that apply.)
Answer: A, C
9.
While it’s true that stateless packet filters aren’t as sophisticated as stateful ones, they are useful in a
particular situation. What is it?
Answer: C
10. Which of the following is information that a hacker can insert into a TCP header and that can fool a
stateless packet filter?
Answer: B. The other three are all parts of an IP header.
11. What is the most effective security approach for a stateless packet filter?
Answer: A
12. Why isn’t it practical to filter by the protocol ID field in an IP header?
Answer: C. B is incorrect because you could block all UDP traffic on a server that does not use UDP,
for instance.
13. How can ICMP packets be misused by a hacker to gain access to internal network resources? What
weakness of ICMP packets enables such attacks?
Answer: ICMP does not provide for authentication to verify the destination address, which enables a
hacker to insert a false destination IP in the header. If a hacker sends a flood of ICMP Echo requests to
a host that does not exist, some hosts may crash. If the host is one that performs important services
such as DNS, the hacker can gain access to internal hosts and redirect them to his own computer,
where he can then attempt to gather private information such as passwords.
Guide to Firewalls and Network Security
Chapter 4 Solutions
14. How would you configure a firewall/packet filter to prevent ICMP attacks?
Answer: Drop all ICMP Echo requests from external hosts. In addition, drop all ICMP Redirect
requests from external hosts.
15. Which fragment numbers could be security risks because a packet filter might let them through?
Answer: B
16. What kinds of packets can cause problems for even a stateful packet filter?
Answer: B
17. State three legitimate reasons why internal clients need to be able to receive inbound ICMP packets
from hosts on the Internet.
Possible answers:
1. They need to be able to ping external hosts and then receive a response in order to check
connectivity;
2. They need to know if a host is unavailable
3. They need to know if the network is saturated
4. They need to know if a destination is unreachable
18. Where should a packet be directed when it doesn’t match any host in the interior LAN?
Answer: C
19. Which two ICMP messages are directly involved in blocking hack attempts? (Choose all that apply.)
Answers: A, D
20. What is the difference between active and passive FTP that makes stateful packet filtering a good
choice?
Answer: Passive FTP uses a port that is determined on the fly, while active FTP uses two ports, one
for data and one for control.
21. What is the purpose of blocking all ICMP packets after specifying a group of ICMP rules?
It provides extra security for a firewall that has a “Deny-All” approach to filtering—all ICMP packets
not specifically covered in the rules will be dropped.
Hands-on Projects
Project 1
“Any application” appears in the application column. Choosing TCP or UDP in the Protocol drop-down list
lets you choose an application for this rule.
Project 2
N/A
Project 3
The author received four alert messages about UDP packets attempting to access port 67.
Project 4
Binary data about the packet is listed at the bottom of the detailed information about the attempted
connection.
Project 5
N/A
Guide to Firewalls and Network Security
Chapter 4 Solutions
Project 6
The exact IP address will vary by network. The default gateway’s address also appears in the Gateway
column in the routing list.
Case Projects
Case Project 1
The request has probably timed out because the site has set up a packet filtering rule blocking echo requests
(Pings) from external clients like yourself—one of the ICMP rules that this chapter suggested you set up.
You would add a rule prohibiting any outbound HTTP traffic to the destination IP 197.34.5.56 on port 80.
Case Project 2
You can two one of two things (or both). First, you can add your computer to the firewall’s list of “trusted”
machines. The exact method varies depending on the firewall program you are using. (See Hands-On
Project 4-4). Alternatively, you could simply set up a rule enabling TCP, UDP, and ICMP communication
between the two machines on all ports.
Case Project 3
You have several options. You could set up a rule that blocks all connection attempts from this particular
host, but as stated in the chapter, this is unreliable because the hacker will simply move to a new host (or
insert a new false source IP address in packet headers). A better option is to block all ICMP packets from
external hosts. You should, additionally, block all ICMP Redirect packets in case any have already
managed to get through your firewall.
Case Project 4
First, you could attempt to filter out recurring messages—unsolicited messages that are sent to recipients
regularly the same host or sender. You would need to review your mail server’s logs or review individual email inboxes to determine the IP address from which the message originated. You could then set up rules
that would block packets from those IP addresses specifically. This would block only a small proportion of
spam e-mail messages, however. A second, more effective strategy would be to install a special e-mail
filtering program called MailMarshal which can be configured to filter messages based on content rather
than IP address.
Guide to Firewalls and Network Security
Chapter 4 Solutions
Related documents
Impact of Computers on Society
Impact of Computers on Society
Lecture5_IP_NAT
Lecture5_IP_NAT
p4 - Describe What Data Elements Are and why they are important
p4 - Describe What Data Elements Are and why they are important
Application Control
Application Control
Network Measurement
Network Measurement
1. Application layer, Transport layer, Internet layer, Link layer 2
1. Application layer, Transport layer, Internet layer, Link layer 2
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
McGill University Monday, Sept 21 st 2009
McGill University Monday, Sept 21 st 2009
Packet Filtering
Packet Filtering
H37-R38 - Uplift Mighty Prep
H37-R38 - Uplift Mighty Prep
Computer Networks (CSC 345)
Computer Networks (CSC 345)
Powerpoint
Powerpoint