Scribd Logo
Upload

Welcome to Scribd!

  • 28 views

    Answer

    Uploaded by

    VIKRAM KUMAR
    Stateless firewalls make access control decisions based solely on the header information in each packet, without taking into consideration the state of network connections or remembering sessions. They use simple packet filtering rules that do not account for the possibility of spoofed packets. Stateful firewalls track the state of network connections and can detect anomalies in network protocols like TCP that could indicate spoofing or other attacks. Application proxies provide one of the most secure types of firewall access by intercepting and rewriting all application requests, but they can reduce performance and compatibility compared to other firewall technologies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Answer

    Uploaded by

    VIKRAM KUMAR
    28 views5 pages
    Stateless firewalls make access control decisions based solely on the header information in each packet, without taking into consideration the state of network connections or remembering sessions. They use simple packet filtering rules that do not account for the possibility of spoofed packets. Stateful firewalls track the state of network connections and can detect anomalies in network protocols like TCP that could indicate spoofing or other attacks. Application proxies provide one of the most secure types of firewall access by intercepting and rewriting all application requests, but they can reduce performance and compatibility compared to other firewall technologies.

    Original Title

    Answer (2)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Stateless firewalls make access control decisions based solely on the header information in each packet, without taking into consideration the state of network connections or remembering sessions. They use simple packet filtering rules that do not account for the possibility of spoofed packets. Stateful firewalls track the state of network connections and can detect anomalies in network protocols like TCP that could indicate spoofing or other attacks. Application proxies provide one of the most secure types of firewall access by intercepting and rewriting all application requests, but they can reduce performance and compatibility compared to other firewall technologies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    28 views5 pages

    Answer

    Uploaded by

    VIKRAM KUMAR
    Stateless firewalls make access control decisions based solely on the header information in each packet, without taking into consideration the state of network connections or remembering sessions. They use simple packet filtering rules that do not account for the possibility of spoofed packets. Stateful firewalls track the state of network connections and can detect anomalies in network protocols like TCP that could indicate spoofing or other attacks. Application proxies provide one of the most secure types of firewall access by intercepting and rewriting all application requests, but they can reduce performance and compatibility compared to other firewall technologies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 5

    Answer(1):

    Part(a)

    STATELESS Firewalls
    Stateless firewalls watch network traffic and restrict or block packets based on source
    and destination addresses or other static values. They're not 'aware' of traffic patterns or
    data flows. A stateless firewall uses simple rule-sets that do not account for the
    possibility that a packet might be received by the firewall 'pretending' to be something
    you asked for.A stateless firewall filter, also known as an access control list (ACL),
    does not statefully inspect traffic. Instead, it evaluates packet contents statically and
    does not keep track of the state of network connections.

    Firewall rules:

     The basic rule of a stateless firewall filter is to enhance security through the use of
    packet filtering. Packet filtering enables you to inspect the components of incoming or
    outgoing packets and then perform the actions you specify on packets that match the
    criteria you specify.
     The typical use of a stateless firewall filter is to protect the Routing Engine processes
    and resources from malicious or untrusted packets.
     stateless firewalls use packet filtering rules that specify certain match conditions. If
    match conditions are met, stateless firewall filters will then use a set of preapproved
    actions to guide packets into the network. If match conditions are not met,
    unidentified or malicious packets will be blocked.

    Part-b

    Yes, this is possible and its called IP spoofing.

    In computer networking, IP address spoofing or IP spoofing is the creation of Internet


    Protocol (IP) packets with a false source IP address, for the purpose of impersonating
    another computing system.

    The fake packets are:

    Due to the inherent ability to manipulate a packets header in the protocol stack is where the
    ability to perform malicious attacks such as:
    MiTM – Where a malicious user intercepts a legitimate communication between two parties.
    The injected, malicious host then controls the transmission flow and can eliminate or alter the
    information within the data stream without the knowledge of the original sender or recipient.
    In this scenario, the attacker fools the victim into disclosing confidential information by
    “spoofing” the original sender’s address / identity.

    DoS / DDoS – Since some malicious users are only concerned with consuming resources and
    bandwidth, they attempt to “flood” the victim network with large volumes of traffic to
    consume system resources. In order to maintain the effectiveness of the attack, the attacker
    will “spoof” the source IP addresses to make stopping and tracing of the attack as difficult as
    possible. This is amplified when multiple compromised hosts all have “spoofed” addresses
    and are participating in the attack.

    Role of Stateful firewall:

    In the stateful case, we can also identify a third type of anomalies, hereinafter denoted
    as intra-state protocol anomalies, in the sense of misconfiguration that may put in risk
    the inner 5 logic of transport layer protocol states. For instance, in protocols like TCP,
    we may distinguish the following operations for the establishment of a connection
    between a server and a client:

    – the client sends a SYN packet to a server (i.e., a packet with the SYN flag set);

    – the server replies with a SYN+ACK;

    – the client sends an ACK back to the server.

    Then, it comes a phase of data transfer. Finally, the connection ends with a termination
    phase. When the client leads the termination phase, the following handshake takes
    place (still, assuming the case of TCP):

    – the client sends a FIN packet to a server (i.e., a packet with the FIN flag set);

    – the server replies with an ACK, then with a FIN;

    – the client sends an ACK back to the server.

    PART-C

    STATELESS PROTOCOL STATEFUL PROTOCOL

    Stateless Protocol does not Stateful Protocol require server to

    require the server to retain the save the status and session

    server information or session information.


    STATELESS PROTOCOL STATEFUL PROTOCOL

    details.

    The Stateful protocol design makes

    The Stateless protocol design the design of server very complex and

    simplify the server design. heavy.

    Stateless Protocols works better Stateful Protocol does not work better

    at the time of crash because there at the time of crash because stateful

    is no state that must be restored, server have to keep the information of

    a failed server can simply restart the status and session details of the

    after a crash. internal states.

    Stateless Protocols handle the Stateful Protocols handle the

    transaction very fastly. transaction very slowly.

    Stateless Protocols are easy to Stateful protocols are logically heavy

    implement in Internet. to implement in Internet.

    Answer(2):

    Application Proxy

    Application proxies provide one of the most secure types of access you can have in a security
    gateway. An application proxy sits between the protected network and the network you want
    to be protected from. Every time an application makes a request, the application intercepts the
    request to the destination system. The application proxy initiates its own request, as opposed
    to actually passing the client's initial request. 

    Advantage and disadvantage:

    + denote the advantage and – denote disadvantage


    Pros
    For a high level of security, an application proxy is the appliance of choice. The detail of
    control permitted is unmatched by any other device.
    High Security
    An application proxy is generally far more secure than a gateway. By breaking down each
    packet to its basic parts and rewriting it, the firewall discovers and drops hidden malicious
    code. These firewalls can, and have, prevented zero-day attacks.

    Refined Control
    Application proxies also provide the opportunity to fine tune exactly what you will let into
    your protected network, and, depending on the design of the firewall, what you will allow
    out. A reverse proxy handles controlling the outgoing of information. Reverse proxies can
    play a very important role in high security environments by examining the contents of
    outgoing packets for sensitive information.

    Cons:

     Application Proxy firewalls are not compatible with all network protocols. A new
    proxy agent must be developed for each new application or protocol to pass through the
    firewall. If the proxy product you choose does not provide support for a needed protocol,
    you may have to settle for a generic proxy. In some cases, even generic proxies may not
    work if the protocol is nonstandard.
     A reduction of performance occurs due to the additional processing requests required
    for application services. There is no such thing as a free lunch. The extra overhead
    implied by setting up two connections for every conversation, combined with the time
    needed to validate requests at the application layer, adds up to slower performance. In
    some cases, this can be balanced by choosing higher-end servers to run your proxy.
    However, for some extremely high-bandwidth networks, a proxy firewall may become a
    performance bottleneck.
     Virtual Private Networks (VPNs) may not function through a proxy firewall. As will
    be discussed further in Chapter 7, "Virtual Private Networks," VPN packet
    authentication will fail if the IP address of the sender is modified during the
    transmission. Although this is normally thought of as an issue with Network Address
    Translation, the same issue occurs with proxy firewalls. Of course, if the VPN endpoint
    is the firewall, this will not be a problem.
     The configuration of proxy firewalls can be more difficult than other firewall
    technologies. Especially when using older proxies, it can be difficult to properly install
    and configure the set of proxies necessary for your network.

    You might also like