Nt1310 Unit 1

1. The two limitations are checking packets one at a time, and checking only some fields of the internet and transport headers. Checking packets one at a time is bad because packets will be examined one at a time, and cannot stop attacks such as DoS. Checking only some fields of the internet and transport headers is bad because will not examine all field of the internet and transport header fields, and cannot stop all attacks such as utilized attack.

2. As mentioned in the book the two roles are:

• “The first role is to protect internal clients from malicious external servers. All client connections to external servers are proxied through a single application proxy firewall.” (p.339)

• “The second role for application proxy firewalls today is to sit between an internal

firewall appliances: is a firewall appliance automatically operate that installed within a firm between the internal network and internet access router. vendor-provided systems: is a firewall for sell by vendors has low rate of hardening mistakes the operating system which has per-hardened versions of Windows or UNIX. general-purpose computers: is a firewall that required strong actions with hardening.

5. As mentioned in the book the steps as followed:

• ” First, only certain people should be allowed to request changes, and fewer people should be allowed to authorize changes. Most importantly, the change requester should always be different from the change authorizer.” (p.361)

• “Second, the firewall administrator should implement the change in the most restrictive way—the way that will pass the smallest number of packets. “(p.362)

• “Third, the firewall administrator should document the change carefully.” (p.362)

• “Fourth, the firewall should be vulnerability tested after every change to make sure that the change works and that all of the previous behaviors still work.” (p.362)

• “Fifth, the company should audit the whole process frequently to ensure compli- ance with these procedures.”