1.

What is the typical relationship among the untrusted network, the

rewall, and the trustednetwork?
Answer:
The untrusted network is usually the Internet or another segment of public access
networkwhile the trusted network is typically a privately owned network. The
rewall serves as amechanism to lter trac from the untrusted network that
comes into the trusted networkto gain some assurance that that tra c is legitimate.
2. What is the relationship between a TCP (Transmission Control Protocol)
and UDP (UserDatagram Protocol) packet?Will any specic transaction usually
involve both types of packets?
Answer:
UDP packets are, by design, connectionless. TCP packets usually involve the
creation of aconnection from one host computer to another.It would be unusual for
a single transaction to involve both TCP and UPD ports.
3. How is an application layer rewall dierent from a packet ltering
rewall?Why is an application layer rewall sometimes called a proxy server?
Answer:
The application layer rewall takes into consideration the nature of the applications
that are being run (the type and timing of the network connection requests, the type
and nature of the trac that is generated) whereas the packet ltering rewall
simply looks at the packets as they are transferred. The application rewall is also
known as a proxy server, since it runs special software that acts as a proxy for a
service request.

4. How is static filtering different from dynamic filtering of packets. Which is perceived to

offer improved security?

While static filtering firewalls allow entire sets of one type of packets to entering response to
authorized requests, the dynamic packet filtering firewall allows only particular packet with a
particular source destination, and port address to enter through the firewall .It does this by
opening and closing door in the firewall based on the information contained in the packet header
,which make dynamic packets filters an intermediate form between traditional static packet
filters and applications proxies.
5. What is stateful inspection? How is state information maintained during a network
connection or transaction?
Stateful firewalls keep track of each network connection between
internal and external systems using a state table.
6) What is a circuit gateway and how does it differ from the other forms of firewalls?

Circuit gateways relay TCP connections based on addresses but do not

filter the protocol.
7. What special function does a cache server perform? Why is this useful for larger
organizations?
A cache server is a proxy server that stores the most recently accesses webpages in its internal
cache. The proxy server is setup to be in the DMZ or another unsecured area where it is
exposed directly to the internet so that the actual web server can be placed in a secured area.
Thus the relatively-less-important cache server exposed to threats from the internet, protecting
the more valuable web server. Also, additional filtering routers can be placed between the
proxy server and the web server, increasing the protection for the latter.
8. Describe how the various types of firewalls interact with the network traffic at various
levels of the OSI model.

Proxy Server: also known as an Application-Level Firewall, is used to filter packets in a specific
protocol, such as FTP, SMTP, or HTTP. This falls in the Application, Presentation, or Session
layer of the OSI model.
Circuit Gateway Firewall: this operates at the Transport Level of the OSI model. The Circuit
Gateway allows connection only between certain specific networks, without specifically filte4ring
any data packets.
Packet-Filtering Firewall: Allows the passage of only certain packets between networks. They
operate at the Network Level of OSI.
MAC Layer Firewall: Operate at the Media Access Control sub-layer of the Datalink layer of the
OSI. Packets are filtered according to ACL entries that are assigned to computers according to
their MAC addresses.

9. What is a hybrid firewall?

A hybrid is a firewall that combines features and functions from other types of firewalls. Hybrid
firewalls use a combination of the other three methods, and in practice, most firewalls fall into
this category, since most use multiple approaches within the same device.