ISC2 ISSAP Exam - Topic 5 Question 32 Discussion

manner of an application, whilst blocking other packets.

Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not

necessarily cause a security breach exploitable from outside the firewall. Conversely, intruders may hijack a publicly-reachable system and use

it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address

spaces enhances security, attackers may still employ methods such as IP spoofing to attempt to pass packets to a target network. The proxy

firewall functions by maintaining two separate conversations, which are as follows:

One between the client and the firewall

One between the firewall and the end server

Answer options C, A, and B are incorrect. These firewalls do not function by creating two different communications.

A packet filter firewall is the basic system first generation firewall, which is a highly evolved and technical internet security feature now a days.

Packet filters act by inspecting the 'packets' which represent the basic unit of data transfer between computers on the Internet. If a packet

matches the packet filter's set of rules, the packet filter will drop the packet, or reject it (discard it, and send 'error responses' to the source).

This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (it stores no information on

connection 'state'). Instead, it filters each packet based only on information contained in the packet itself (most commonly using a

combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number).

A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across

it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection

state will be allowed by the firewall; others will be rejected.

The Endian Firewall is an open source Linux distribution that specializes on Routing/Firewalling and Unified Threat Management. It is being

developed by the Italian Endian Srl and the community. Endian is originally based on IPCop, which itself was a fork of Smoothwall, but is now

based on Linux From Scratch.