Home
Browse
Create
Search
Log in
Sign up
Upgrade to remove ads
Only $2.99/month
Chapter 4 - Implementing Firewall Technologies
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (22)
In a Standard ACL, what numbered ranges are used?
1-99, 1300-1999
In an Extended ACL, what numbered ranges are used?
100-199, 2000-2699
Define a Firewall:
A device resistant to attacks
Acting as the only transit points between networks Enforces access control policy
What Layers Does a Packet Filtering Firewall Operate at?
Filters on Layers 3 and 4
What Layers Do an Application Gateway FW Operate at?
Filters on Layer 3, 4, 5 and 7
What Layers Does a Stateful Firewall Operate at?
Filters on Layer 3, 4 and 5
What Layers Does a NAT Firewall Operate at?
Filters on Layer 3 and 4
List 3 Advantages of a Packet Filtering Firewall:
Easy to implement
Low impact on performance
Provides a good initial degree of security
List 3 Disadvantages of a Packet Filtering Firewall:
Susceptible to IP Spoofing
Don't filter fragmented packets
The ACLs used can be complex & hard to maintain
List 3 Advantages of a Stateful Firewall:
Defends against spoofing & DoS attacks by observing session traffic
Strong packet filtering & security is stringent
Provides more logging info than Packet Filter FW
List 3 Disadvantages of a Stateful Firewall:
Cannot prevent attacks at Layer 7
Difficult to track connections using dynamic port negotiation
Not all protocols are stateful
What is a Zone?
A group of 1 or more interfaces with a similar function
What is True of Zone-to-Zone Traffic by default?
It is is blocked by default
What is the Self Zone?
A zone which is used by the router itself, it covers management and control plane traffic (SSH, SNMP, routing protocols)
What Are The 3 ZPF actions?
Inspect
Drop
Pass
What does The Inspect Action of a ZPF do?
Lets traffic through, and return traffic back, but monitors the traffic with stateful packet inspection
If Neither Interface Member is a Zone Member:
Pass the traffic
If 1 Interface is in a Zone, but the other is not:
Drop the traffic
If both Interfaces are in the same Zone:
Pass the traffic
If Both Interfaces are in different Zones:
Inspect associated policy, pass or drop based on policy
What is True of Traffic Between Zones With No Policy?
All traffic moving between the two zones is blocked
True or False: An Interface can only be assigned to 1 Zone?
True
THIS SET IS OFTEN IN FOLDERS WITH...
CCNA Security Ch. 3
25 terms
Cisco Securing Network Devices
68 terms
Chapter 2 - Securing Device Access
23 terms
Chapter 3 - Authentication, Authorisation, and Acc…
11 terms
YOU MIGHT ALSO LIKE...
OSI and TCP/IP Model
23 terms
Networking Chapter 3
10 terms
The Open Systems Interconnection (O.S.I.) Model
64 terms
Chapter 4 Test Security
43 terms
OTHER SETS BY THIS CREATOR
Chapter 7 - Cryptographic Systems
8 terms
Chapter 1 - RF Signals
5 terms
Chapter 8 - VPNs (EMPTY)
2 terms
Chapter 7 - EIGRP Tuning (add from notes)
8 terms