CIS 3700 Lab 1 - EIU



Questions

Student Name: _____________________________________ Computer #: ____

Exhibit 1

Figure 1: Access Control List (ACL) for Ingress Filtering at a border firewall

[pic]

|1 |If Source IP Address = 10.*.*.*, DENY [Private IP Address Range] |

|2 |If Source IP Address = 172.16.*.* to 172.31.*.*, DENY [Private IP Address Range] |

|3 |If Source IP Address = 192.168.*.*, DENY [Private IP Address Range] |

|4 |If source IP address = 60.47.*.*, DENY [internal address range] |

|5 |If TCP SYN=1 AND FIN=1, DENY [crafted attack packet] |

|6 |If Destination IP Address = 60.47.3.9 AND TCP Destination Port = 80 or 443, PASS |

|7 |If TCP SYN = 1 and ACK = 0, DENY [Attempt to open connection from the outside] |

|8 |If TCP Destination Port = 20, DENY |

|9 |If TCP Destination Port = 135 Through 139, DENY |

|10 |If TCP destination port = 513, DENY [UNIX rlogin without password] |

|11 |If UDP Destination Port = 69, DENY [Trivial FTP; no login necessary] |

|12 |DENY ALL |

The following questions are not related.

1. As the system administrator in charge of configuring the company’s firewall, you have to change the ACL in Figure 1 to add a rule that permits incoming requests to a particular computer (IP address 60.47.23.41) that hosts trivial file transfer service. (Note: the Appendix contains a list of TCP/UDP ports for common services).

a. Write down the rule: _____________________________________________________

b. Where should that rule be inserted? Why? ______________________________________

_______________________________________________________________________

2. What would be the possible consequences of making the rule you created when answering Question 1 (above) the very first rule of the ACL?

a. This may allow attackers spoofing internal IP addresses to succeed

b. This may allow an attacker using IP spoofing with a Class A IP address in the private range to get to the corporate web server.

c. This may allow an attacker using IP spoofing with a Class A IP address in the private range to target the file transfer server.

d. None of the above

The following questions do not refer to the exhibit above.

3. Create an ACL (i.e. write down the rules) for Ingress Filtering in a case where the only messages allowed are those coming from external web servers, external email servers, or external file transfer servers. (Note: the Appendix contains a list of TCP/UDP ports for common services).

4. Create an ACL (i.e. write down the rules) for Egress Filtering in a case where the only messages allowed are those destined to external web servers, external email servers, or external file transfer servers. (Note: the Appendix contains a list of TCP/UDP ports for common services).

5. What does a firewall use to ensure that each packet is part of an established TCP (Transmission Control Protocol) session?

a. a packet filter.

b. a static filtering.

c. a stateful filtering.

d. a circuit level gateway.

6. Ingress filtering is used to filter packets...

a. coming into the network from an external network

b. going out of the network to an external network

c. Both a. and b.

7. If a firewall is overloaded with more traffic than it can handle, what does it do with packets it cannot filter?

a. It quarantines them.

b. It drops them.

c. It passes them without filtering.

d. It passes them but copies them into the log file.

8. Static packet filter firewalls examine...

a. headers (IP header, TCP header)

b. application messages

c. connections

d. All of the above.

9. What type of firewall examines packets one at a time in isolation?

a. static packet filtering firewall

b. stateful packet filtering firewall

c. both of the above.

10. In an ACL, I have two rules: A (to deny access to all mail servers) and B (to permit access to a particular mail server that will receive e-mail from the outside). Which rule will come first?

a. A.

b. B.

c. It does not matter.

d. Having these two rules is contradictory and should not be done.

11. Proxies are used to filter ________ layer messages.

a. application

b. transport

c. internet

d. data link

e. Both b. and c.

12. Which of the following are usually found in a DMZ?

a. public web servers

b. DNS servers

c. All of the above.

d. Neither a nor b

**********************************************************************************************************

Appendix

Common TCP/UDP ports

|Port |Primary |Application |

|Number |Protocol | |

|20 |TCP |FTP Data Traffic |

|21 |TCP |FTP Supervisory Connection. Passwords sent in the clear |

|22 |TCP |SSH (Secure Shell). Used for secure logins and file transfers (sftp) |

|23 |TCP |Telnet. Passwords sent in the clear |

|25 |TCP |Used for SMTP email transfer between email servers |

|53 |TCP/UDP |Domain Name System (DNS) |

|69 |UDP |Trivial File Transfer Protocol (TFTP). No login necessary |

|80 |TCP |Hypertext Transfer Protocol (HTTP). Used for transferring web pages b/w clients and non secure web servers. |

|110 |TCP |POP3 (Post Office Protocol Ver. 3). Used for retrieving emails b/w clients and mailservers |

|137-139 |TCP |NETBIOS service for P2P file sharing in older versions of Windows |

|443 |TCP |HTTP over SSL/TLS. Used for secured transfer of web pages b/w clients and web servers. |

-----------------------

Untrusted network

Trusted network

Firewall

60.47.3.1

60.47.3.5

60.47.3.9

60.47.3.2

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download