How is an application layer firewall different from a packet filtering firewall why an application layer firewall is sometimes called a proxy server?

According to chegg policy we answer four, but here I answered five

How is an application layer firewall different from a packet-filtering firewall?

A firewall is a set of rules defined for the network packets to and from the computer.The rules are defined in the firewall.

Normally the traditional firewall is the packet filtering firewall where packets are comming into the firewall, it scans the packets header and check with rules which are being set , according to that it allows or disallows the packet.
In packet filtering firewall I can block packets comming from a specific port or specific ipaddress. Packet filtering firewall are mostly configured with the routers also.

Application layer firewall is a modernized firewall which follows at the application layer of the OSI model. In this firewall it checks the messages which are comming in or out to and from the network. Say for example in application layer firewall we can stop accessing some websites in a network. It checks the whole data of the messages and based on some criteria it can stop that massage in the network.

Why is an application layer firewall sometimes called a proxy server?

Application layer firewall sometimes called a proxy server beacause the Application layer firewall are mainly applied through proxy server. The rules for the Application layer firewall are configured in the proxy. There is no specific hardware used for Application layer firewall rather they are used in the proxy server because the Application layer protocol messages like ftp, http are passed through the proxy server. So whenever a client accessed for a website the request is received by the proxy server from that is is redirected to the Internet and vice versa.

   What is stateful inspection?

In traditional firewall it is stateless firewall means it just check the header of the firewall and follow the rule and allow the packet but statefull firewall or inspection check the whole packet from header to data means upto application layer.It tracks the the tcpip connections and check for encryption, it also follow the path of communication and then decides the rule for the packet.So it can check the authorization of the packets.

In other words we can say stateful inspection controls the series of packets over a time. It checks whether the nature of the packet are same or different from the same server over a time.

What is a VPN? Why is it becoming more widely used?

VPN is Virtual Private Network. In VPN we are extending our private network in the public network. It means that we are connecting computers in Internet by a private network. It is helpful because when we establish a network through VPN other users or hackers are not allowed to access or permitted. It is very secured and data are encrypted. It establishes a private channel in public network.

It is becomming widely used because connecting through VPN is very secure and less expensive and less risk to transfer data from one computer to other.

What is content filtering, and should it be leveraged on a corporate network? Backup your statement with 2 or 3 facts.

Content filtering means the information which are passed through the internet can be filtered. It is mostly used in corporate network because in corporate houses we only do our work not any entainment or any other thing which losses our productivity.

As for example most of corporate houses social networking are not allowed, so when we try to access any socila networking sites they are closed. Or viewing movies using our corporate network which is also not allowable. These type of access can be vlocked by content filtering.

Chapter 6 Review Questions/Answers

1. What is the typical relationship among the untrusted network, the firewall, and the trusted network?

Firewall regulates data between an untrusted and trusted networks. The data enters from an untrusted network to a firewall and the firewall filters the data, preventing suspicion data from entering the network.

1. What is the relationship between a TCP and UDP packet? Will any specific transaction usually involve both types of packets?

A TCP send a data packet and then reports back to the sender about the status of the transfer while UDP is more interested in speed and does not report back to the sender. I don’t think so that there would be any specific transaction usually involving both TCP and UDP. I would personally prefer TCP.

1. How is an application layer firewall different from a packet-filtering firewall? Why is an application layer firewall sometimes called a proxy server?

A packet filtering firewall checks packets for the allowed destination, source and port address information. An application layer firewall may be called a proxy server because it utilizes some software application that act as proxies.

1. How is static filtering different from dynamic filtering of packets? Which is perceived to offer improved security?

Static filtering has are installed with specific rules while dynamic filtering is perceived a more secure as they are intelligent and can amend the rules by themselves.

1. What is stateful inspection? How is state information maintained during a network connection or transaction?

Stateful inspection keeps an eye on external and internal connections to a network. It keeps track of the system by keeping a table of the states.

1. What is a circuit gateway, and how does it differ from the other forms of firewalls?

A circuit gateway operates at the transport layer level. It is used to prevent direct connection between two different networks.

1. What special function does a cache server perform? Why is this useful for larger organizations?

A cache server stores frequently used web pages and returns them on user request from the local computer. It saves internet bandwidth for organization and provides a quick loading of the cached pages.

1. Describe how the various types of firewalls interact with the network traffic at various levels of the OSI model.

These firewalls include packet filtering, dynamic filtering, static filtering and stateful inspection filtering. They work on transport level and prevent the network from external threats.

1. What is a hybrid firewall?

A hybrid firewall is that kind of firewall that is used to combine other kinds of firewall like packet filtering firewall and proxy servers firewalls.

1. List the five generations of firewall technology. Which generations are still in common use?

Five generation for firewall technology are, static packet filtering, application level firewalls, inspection firewalls, dynamic packet filtering firewalls and kernel proxy. Almost all of them are in common use depending on the needs of a network.

1. How does a commercial-grade firewall appliance differ from a commercial-grade firewall system? Why is this difference significant?

Firewall appliances may feature as a general computer and is a standalone combination of computing hardware and software while a commercial grade firewall system is the actual software application that runs on a general purpose computer.

1. Explain the basic technology that makes residential/SOHO firewall appliances effective in protecting a local network. Why is this usually adequate for protection?

Residential/SOHO firewall appliances are commonly known as broadband routers or modems and are used in many homes and offices around the world. They act as a stateful firewall and control traffic from the internet world that is transferred between the host compute and the internet service provider.

1. What key features point up the superiority of residential/SOHO firewall appliances over personal computer-based firewall software?

Residential/SOHO firewall appliances are superior to personal computer based firewalls because they are the first line of defense to external threat. They have the capability to restrict specific MAC addresses.

1. How do screened host architectures for firewalls differ from screened subnet firewall architectures? Which of these offers more security for the information assets that remain on the trusted network?

Screen subnet firewalls are considered more secure than screened host architectures. They provide a DMZ while a screened host architecture provides a kind of dedicated firewall.

1. What a sacrificial host? What is a bastion host?

Both of them function similar. Both are in the front line to an untrusted network. Bastion host has a separate dedicated firewall while a sacrificial host is defending the network on its own.

1. What is a DMZ? Is this really an appropriate name for the technology, considering the function this type of subnet performs?

It is short for Demilitarized Zone. It acts as space is the zone where the fight for the trusted network is conducted.

1. What are the three questions that must be addressed when selecting a firewall for a specific organization?

The three questions are: 1. is it cost effective? 2. What is included in the base price and what is not included? and 3. Will it be able to meet growing organization security requirements?

1. What is RADIUS? What advantage does it have over TACACS?

RADIUS is a check for the identity of anyone who wishes to enter the system. RADIUS is widely supported by a variety of applications as compared to TACACS.

1. What is a content filter? Where is it placed in the network to gain the best result for the organization?

A content filter gives the administrator the power to restrict access to the content on a network. It is based inside the trusted network.

1. What is a VPN? Why is it becoming more widely used?

VPN is a virtual private network which is widely used for network security on the internet with encryption and IPsec techniques.

How is an application layer proxy firewall different from a packet filtering firewall?

Why application layer firewall is called proxy server?

How is an application layer firewall differ?

What is the difference between the packet filter firewall an application firewall and a stateful firewall?