Please provide answer for the below question
12.1
Firewall has three goals namely;
Any traffic going in the system or outside the system must pass through the firewall
Only local security authorized traffic will be allowed to pass through the firewall
Internal threats are often set aside since firewall provides alert of any possible malware alert.
12.2
Firewalls apply four techniques to control access and enforce security policies. These techniques are;
· Service control this determines the type of service allowed to access from the network
· Direction control this determines the exact direction within which requests over the network are allowed to flow in the firewall.
· User control controls the service in which a user is trying to access.
· Behavior control this controls the use of particular services over the firewall.
12.3
Typical packet filtering firewall uses the following information
· Source and destination IP address.
· Source and destination level transport address
· IP protocol field
· Interface.
12.4
Packet filtering firewall has various weaknesses some of which include:
· They cannot prevent attacks that utilize application specific vulnerabilities
· Their logging in functionality is limited
· They are open to attacks which take advantage of problems associated with TCP/IP specification and protocol stack.
· They are susceptible to security breaches caused by improper configuration
12.5
A stateful inspection firewall takes a higher layer context into consideration tightening up the rules for TCP connection a packet filter will therefore allow incoming traffic only for those packets which fit the profile of one of the entries in this directory. A stateful inspection firewall will again review the same packet information as packet filtering firewall but also records the information about TCP connections.
12.6
Application level gateway acts as relay of application level traffic. In this the user contacts the gateway which prompts the user for the name of the remote host to be accessed. After getting the name the gateway contacts the application on the remote host and relays the TCP segments containing the application data between the two endpoints.
12.7
Circuit level gateway does not allow end to end TCP connections but instead the gateway sets up two TCP connections one between itself and the inner host and one between itself and the outside host relaying the segments without confirming or counters checking their details.
12.8
The following are the common characteristics of a bastion host
· Only the services considered to be essential by the network administrator are installed in the bastion host.
· Bastion host may require authentication before any user is allowed to access the proxy services.
· Each proxy is configured to allow access only to specific host systems.
· Each proxy logs all traffic, each connection and its duration.
· Each proxy is independent of other proxies in the bastion host and runs in a private secured directory (Thubert, Yang, Klecka III, Wetterwald, & Levy-Abegnoli 2017).
12.9.
Host based firewall refers to a software designed to secure individual host. This software is characterized with the following benefits
· Individuals are able to tailor filtering rules to the host environment.
· It provides protection independently from each topology
· It provides an additional protection layer.
12.10
This refers to network inside the external firewall but outside the internal firewall whereby the external firewall basically provides basic protection to the DMZ network. This type of network is found in systems such as web servers, the email application systems and the DNS servers.
12.11