Network Intrusion Detection and Prevention
- Firewall is a system or group of systems used to control access between two networks - A trusted network and an untrusted network- using preconfigured rules or filters.
- A firewall is a device that provides secure connectivity between networks (internal/external).
- It is used to implement and enforce a security policy for communication between networks.
- A firewall may be a hardware, software or a combination of both that is used to prevent unauthorized program or internet users from accessing a private network or a single computer.
- All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
- Hardware firewall is a physical device, that is installed between the modem and the computer. It protects entire network. It is more expensive and harder to configure, (Cisco pix, Netscreen, etc
- Software firewall is a software application that is installed onto the computer system to be protected. It protects a single computer. This is usually the computer with modem attached to it. Usually less expensive and easier to configure, such as Norton internet security, McAfee internet security.
Types of Firewall techniques
- Packet filter: It looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules.Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
- Application gateway: In such type of firewall, remote host or network can interact only with proxy server, proxy server is responsible for hiding the details of the internal network i.e. intranet. Users uses TCP/IP application, such as FTP and Telnet servers. It is very effective, but can impose a performance degradation.
- Circuit level gateway: This can be a stand-alone system or can be a specialized functions performed by an application-level gateway for certain applications. It does not permit and end-to-end TCP connection, rather, the gateway sets two TCP connections. A typical use of the circuit- level gateway is a situation in which the system administrator trusts the internal users.
- Bastion host: It is a special purpose computer on a network specifically designed and configured to withstand attacks. it generally hosts a single application provides platform for application gateway and circuit level gateway. It supports limited/specific applications to reduce the threat to computer. Includes application such as Telnet, SMTP, FTP.
Solved Example: 9982-01
In computing, ________ is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. (SSC CHSL July 2019 Shift II)
Correct Answer: D
Solved Example: 9982-02
A layer-4 firewall (a device that can look at all protocol headers up to the transport layer) CANNOT: (GATE CS 2011)
A. Block entire HTTP traffic during 9:00 PM and 5:00 AM
B. Block all ICMP traffic
C. Stop incoming traffic from a specific IP address but allow outgoing traffic to the same IP address
D. Block TCP traffic from a specific user on a multi-user system during 9:00 PM and 5:00 AM
Correct Answer: D
Solved Example: 9982-03
Firewall is used in communication network/system for protection from: (MPPSC General Studies 2014)
A. Unauthorized attack
B. Data driven attack
C. Fire attack
D. Virus attack
Correct Answer: A
Solved Example: 9982-04
What is a firewall? (MP Patwari Dec 2017 Shift II)
A. A system that scans and removes viruses from a computer
B. A system that prevents unauthorized access to a private network
C. A system that allows users to make secure online money transfer
D. A system in which multiple computers are connected to one another
Correct Answer: B