Documente Academic
Documente Profesional
Documente Cultură
Firewalls
Name: ________________________________________________
E-Mail: _______________________________________________
8. a) What is an ACL?
i) rsh?
j) SSH?
Page 2
Chapter 5: Firewalls
14. a) What rules based on IP addresses are included in Figure 5-7? Why?
e) Why?
16. a) Does NAT tend to be used alone or in concert with another type of
firewall?
Page 3
Chapter 5: Firewalls
18. a) Briefly explain the core protections offered by all application firewalls.
19. a) If you will proxy four applications, how many proxy programs will you
need?
b) Should the last rule of a screening firewall be Deny All or Permit All?
Explain.
23. Why are computer-based main firewalls better to work with than router-
based firewalls?
b) What is a DMZ?
Page 4
Chapter 5: Firewalls
27. Compare and contrast individual home computer firewall architectures and
SOHO firewall architectures.
i) What is the basic PIX rule for creating connections, based on security
levels?
Page 5
Chapter 5: Firewalls
Thought Questions
1. In Figure 5-6 and Figure 5-7, some statements are redundant given the
final Deny All rule in each ACL. List the numbers of rules that can be
deleted without reducing protection.
2. Create policy statements that would be used to guide the ACLs shown in
Figure 5-6 and Figure 5-7.
3. Change the ACLs in Figure 5-6 and Figure 5-7 to add policies that
incoming DNS requests should be permitted at a particular DNS host,
60.47.3.4., and that SSH traffic should be allowed because it is needed to
manage firewalls.
4. Change the ACLs in Figure 5-6 and Figure 5-7 to add a policy that all
SMTP traffic (TCP Port 25) should pass through an SMTP application
proxy, 60.47.3.10.
5. Create a simple ACL for a packet filter firewall that serves a single
Windows client PC at home.
6. Change the ACLs in Figure 5-6 and Figure 5-7 to drop rules that would
not be needed for stateful inspection firewalls.
7. In the firewall architecture shown in Figure 5-17, what hosts should not be
protected by NAT?
Troubleshooting Question
1. You have a rule in your ACL to block a particular type of traffic.
However, when you do an audit, you find that the firewall is not blocking
this traffic. What is the problem likely to be?
Page 6