Best Firewall Interview Questions Part – 2
1.What is firewall?
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software,or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
2.What are the types of firewalls?
1. Packet Filtering Firewall:
This type of Firewall detects packets and block unnecessary packets and makes network traffic release.
2. Screening Router Firewalls:
It’s a software base firewall available in Router provides only light filtering.
3. Computer-based Firewall :
It’s a firewall stored in server with an existing Operating System like Windows and UNIX.
4. Hardware base Firewall:
Its device like box allows strong security from public network. Mostly used by big networks.
5. Proxy Server:
Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.
3.What is Pix Firewall Security?How does it differ from a firewall?
CISCO pix firewall security is stateful firewall. It uses ASA Technology.
4.What can’t a firewall protect against?
Firewalls can’t protect against attacks that don’t go through the firewall. Many corporations that connect to the Internet are very concerned about proprietary data leaking out of the company through that route.
Unfortunately for those concerned,a magnetic tape can just as effectively be used to export data. Many organizations that are terrified (at a management level) of Internet connections have no coherent policy about how dial-in access via modems should be protected.
5.Will IPSEC make firewalls obsolete?
IPSEC (IP Security) refers to a set of standards developed by the Internet Engineering Task Force (IETF). There are many documents that collectively define what is known as “IPSEC” [4].
IPSEC solves two problems which have plagued the IP protocol suite for years: host-to-host authentication (which will let hosts know that they’re talking to the hosts they think they are) and encryption (which will prevent attackers from being able to watch the traffic going between machines).
6.What is a network firewall?
A firewall is a system or group of systems that enforces an access control policy between two networks. The actual means by which this is accomplished varies widely,but in principle,the firewall can be thought of as a pair of mechanisms: one which exists to block traffic,and the other which exists to permit traffic.
Some firewalls place a greater emphasis on blocking traffic,while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don’t have a good idea of what kind of access you want to allow or to deny,a firewall really won’t help you.
It’s also important to recognize that the firewall’s configuration,because it is a mechanism for enforcing policy,imposes its policy on everything behind it. Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility.
7.What is synchronization and why is it important?
With respect to multithreading,synchronization is the capability to control the access of multiple threads to shared resources. Without synchronization,it is possible for one thread to modify a shared object while another thread is in the process of using or updating that object’s value. This often leads to significant errors.
8.What are the critical resources in a firewall?
1. Service Critical Resource
2. Email
3. Disk I/O
4. Netnews Disk I/O
5. Web Host
6. OS Socket Performance
7. IP Routing Host OS Socket Performance
8. Web Cache
9. Host OS Socket Performance,Disk I/O
9.What are some common attacks,and how can I protect my system against them?
Each site is a little different from every other in terms of what attacks are likely to be used against it. Some recurring themes do arise,though.
10.What is the difference between gateway and firewall?
A network gateway joins two networks together through a combination of hardware and software. A network firewall guards a computer network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
11.What is the difference between router ACLs and Firewall ACLs?
Fundamental purpose:
1. Routers are designed to route traffic,not stop it.
2. Firewalls are designed to examine and accept/reject traffic. But the both ACL are do the same job. Depending upon our requirements we do our ACL configuration on it.
12.A trace route command work across the firewall?why?
Trace route is based on ICMP type 30 under Windows and UDP under NIX; trace route packets that would hit the firewall should be dropped similarly any echo replay coming from inside the firewall should be restricted outbound.
13.Can you define Packet filtering?
Packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses,ports,or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT).
Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. The packet filter examines the header of each packet based on a specific set of rules,and on that basis,decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT).
14.Can you explain circuit level gateway?
The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway,to the internet,appears to have come from the circuit level gateway.
So,there is no way for a remote computer or a host to determine the internal private ip addresses of an organization,for example. This technique is also called Network Address Translation where the private IP addresses originating from the different clients inside the network are all mapped to the public IP address available through the internet service provider and then sent to the outside world (Internet).
This way,the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders.
15.Can you explain stateful inspection?
Stateful inspection,also known as dynamic packet filtering,is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Stateful inspection has largely replaced an older technology,static packet filtering.
In static packet filtering,only the headers of packets are checked — which means that an attacker can sometimes get information through the firewall simply by indicating “reply” in the header. Stateful inspection,on the other hand,analyzes packets down to the application layer.
By recording session information such as IP addresses and port numbers,a dynamic packet filter can implement a much tighter security posture than a static packet filter can.