Brian Ghilliotti

Introduction to TCP/IP

Tunxis Community College

Ch 12 Case Projects

“Guide to TCP/IP”, page 691

12/2/18

Question 1

One type of security control that can be used are packet filters. These filters analyze bits
moving across the internet at OSI levels 3 and 4, and permit traffic to go through as long as
destination information matches with the configured OSI rules. This information includes
source and destination IP addresses, source and matching ports, and protocol types. Packet
filters are integrated on Cisco IOS routers.

Proxy filets provide security by examine information from layers 4-7. They sit between the client
and destination as middlemen between the two nodes. The client establishes a session with
the proxy server, which then creates another session between itself and the destination after it
has authenticated the clients access credentials.

Stateful packet filters combine the speed of packet filters with the added security of stored
session data established by proxies. As traffic flows through the firewall, stateful inspection
packets establish slots in session flow tables. These tables retain destination IP addresses,
port numbers, and TCP protocol data. Before traffic flows back out of the firewall, stateful
inspections of packets are cross referenced to session flow tables for an existing connection
slot. If a match is found, packets get forwarded, otherwise they are rejected.

As for testing filters, network administrators will have to recognize that all systems are
breakable, and the only fool proof way to ensure 100% security is through active monitoring.
Other controls that can be implemented are implementing of ACL's (Access control Lists) for
IP ranges or any unknown source. These can help determine what traffic is blocked and what
traffic is forwarded at router interfaces, allowing for filtering based on source and destination
addresses, with inbound and outbound traffic to specific interfaces. We could also implement i
Application layer filters to stop Denial of Service (DoS) and buffer-overflow attacks when data
itself is used initiate exploits.

Question 2

One firewall system that can be considered are packet filtering firewalls, which can scan
network data packets and look for network compliances, violation of rules, and database
violations.Restrictions options for in packet filtering firewalls are based on IP sources,
Destination addresses, TCP and UDP sources and destination ports.

With Stateless pocket filtering, the Firewalls inspects packet headers without paying attention to
connection states between server and clients. Packets are blocked based on information in the
header.In Statefull packet Filtering, data contained in packet is examined, and is superior to
stateless inspection. This method keeps in memory the state of the connection between client
and server in cache memory. It detects and drops packets that overload server.

One thing to consider is that when you have a network that consists of equipment from a single
vendor, administrators will better understand the strong and weak points their systems and learn
to adapt to them much faster, allowing for faster solutions to VPN problems. Complex VPN
architectures in a multi-vendor platform will for engineers to take more time to resolve issues as
they must debug them and gain enough information to find correct solutions. Each vendor has
its own troubleshooting method, and there is great difficultly learning several different trouble
shooting methodologies.