Upgrade to remove ads
Chapter 4 - Implementing Firewall Technologies
Terms in this set (22)
In a Standard ACL, what numbered ranges are used?
In an Extended ACL, what numbered ranges are used?
Define a Firewall:
A device resistant to attacks
Acting as the only transit points between networks Enforces access control policy
What Layers Does a Packet Filtering Firewall Operate at?
Filters on Layers 3 and 4
What Layers Do an Application Gateway FW Operate at?
Filters on Layer 3, 4, 5 and 7
What Layers Does a Stateful Firewall Operate at?
Filters on Layer 3, 4 and 5
What Layers Does a NAT Firewall Operate at?
Filters on Layer 3 and 4
List 3 Advantages of a Packet Filtering Firewall:
Easy to implement
Low impact on performance
Provides a good initial degree of security
List 3 Disadvantages of a Packet Filtering Firewall:
Susceptible to IP Spoofing
Don't filter fragmented packets
The ACLs used can be complex & hard to maintain
List 3 Advantages of a Stateful Firewall:
Defends against spoofing & DoS attacks by observing session traffic
Strong packet filtering & security is stringent
Provides more logging info than Packet Filter FW
List 3 Disadvantages of a Stateful Firewall:
Cannot prevent attacks at Layer 7
Difficult to track connections using dynamic port negotiation
Not all protocols are stateful
What is a Zone?
A group of 1 or more interfaces with a similar function
What is True of Zone-to-Zone Traffic by default?
It is is blocked by default
What is the Self Zone?
A zone which is used by the router itself, it covers management and control plane traffic (SSH, SNMP, routing protocols)
What Are The 3 ZPF actions?
What does The Inspect Action of a ZPF do?
Lets traffic through, and return traffic back, but monitors the traffic with stateful packet inspection
If Neither Interface Member is a Zone Member:
Pass the traffic
If 1 Interface is in a Zone, but the other is not:
Drop the traffic
If both Interfaces are in the same Zone:
Pass the traffic
If Both Interfaces are in different Zones:
Inspect associated policy, pass or drop based on policy
What is True of Traffic Between Zones With No Policy?
All traffic moving between the two zones is blocked
True or False: An Interface can only be assigned to 1 Zone?
THIS SET IS OFTEN IN FOLDERS WITH...
CCNA Security Ch. 3
Cisco Securing Network Devices
Chapter 2 - Securing Device Access
Chapter 3 - Authentication, Authorisation, and Acc…
YOU MIGHT ALSO LIKE...
OSI and TCP/IP Model
Networking Chapter 3
The Open Systems Interconnection (O.S.I.) Model
Chapter 4 Test Security
OTHER SETS BY THIS CREATOR
Chapter 7 - Cryptographic Systems
Chapter 1 - RF Signals
Chapter 8 - VPNs (EMPTY)
Chapter 7 - EIGRP Tuning (add from notes)