Explain why an organization\'s firewall should block outgoing packets the source

Question

Explain why an organization's firewall should block outgoing packets the source addresses of which are not in the organization's address space.

An organization has a network architecture similar to that discussed in class, with a DMZ and an internal network. Should the organization's Active Directory server go in the DMZ or the internal network. Explain your answer in about a paragraph. (If you're not familiar with Active Directory, do some research!)

Distinguish among packet filtering firewalls, stateful inspection firewalls, and proxy firewalls. A thorough answer will require at least a paragraph for each type of firewall.

Acme Corporation wants to be sure employees surfing the web aren't victimized through drive-by downloads. Which type of firewall should Acme use? Explain why your answer is correct.

Explanation / Answer

Blocking outbound traffic is usually of benefit in limiting what an attacker can do once they've compromised a system on your network.

So for example if they've managed to get malware onto a system (via an infected e-mail or browser page), the malware might try to "call home" to a command and control system on the Internet to get additional code

downloaded or to accept tasks from a control system (e.g. sending spam)

Blocking outbound traffic can help stop this from happening, so it's not so much stopping you getting infected as making it less bad when it's happened.

Could be overkill for a home network tho' as there's a lot of programs which make connections outbound and you'd need to spend a bit of time setting up all the exceptions.

In computing, a stateful firewall (any firewall that performs stateful packet inspection or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.

PACKET FILTERING FIREWALLS

Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set.

PROXY FIREWALLS

Proxy firewalls are the most secure types of firewalls, but this comes at the expense of speed and functionality, as they can limit which applications your network can support.

The enhanced security of a proxy firewall is because, unlike with other types of firewall, information packets don’t pass through a proxy. Instead the proxy acts as an intermediary - computers make a connection to the proxy which then initiates a new network connection based on the request; effectively a mirror of the information transfer. This prevents direct connections and packet transfer between either sides of the firewall, which makes it harder for intruders to discover where the location of the network is from packet information.

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.