CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Firewalls

Firewalls

Packet Filtering Firewall – First Generation

• Screening router
• Operates at Network and Transport Level
• Examines Source and Destination IP address
• Can deny based on ACLs
• Can specify port

You may also want to consider these CISSP resources from Amazon.com

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Application Level Firewall – Second Generation

• Proxy server
• Copies each packet from one network to the other
• Masks the origin of the data
• Operates at layer 7 (application Layer)
• Reduces network performance since it has to analyze each packet and decide what to do with it
• Also called Application Layer Gateway

Stateful Inspection Firewalls – Third Generation

• Packets analyzed at all OSI Layers
• Queued at the network level
• Faster than the Application Layer Gateway

Dynamic Packet Filtering Firewalls- Fourth Generation

• Allows modification of security rules
• Mostly used for UDP
• Remembers all of the UDP packets that have crossed the network’s perimeter, and it decides whether to enable packets to pass through the firewall

Kernel Proxy – Fifth Generation

• Runs on NT Kernel
• Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies

You may also want to consider these CISSP resources from Amazon.com

Thought you should know, etc... Update

Comments

• Join Me On Facebook

  Trehb101 - Got Geek?
  
  Promote Your Page Too

• Entry Categories

  • All Other Items (1)
  • Biz Mgt & Dev (8)
  • Blog-keeping (1)
  • Bum-A-Post (3)
  • Don's eBook Report (22)
  • eBooks, etc… (9)
  • eCommerce / eBiz (22)
  • Entrepreneurship (21)
  • Geek Mail (4)
  • Information Security (49)
  • Information Systems (46)
  • Information Technology (34)
  • InfoSec Docs (11)
  • Internet Docs (3)
  • Internet Marketing (44)
  • IT Docs (4)
  • Life Happens (22)
  • Project Management (28)
  • Random Stuff (13)
  • The Demondaynizer (4)
  • The Internet (75)
  • Web Design / Development (34)
  • Yeah Boy! Yah Suck! (5)

• Recent Posts

  • What we are up against…
  • Why Information Security: D-UH!
  • From the Geek Mail: Facebook Pushes the Privacy Envelope with Data Sharing
  • From the Geek Mail: 2011 Top Tech Jobs
  • Information Security Management in the Wild Wide Web
  • Simple Math: Maybe the Difference in your Cert Exam Pass/Fail Chances
  • IT from Cost Center to Revenue Generator

• Follow Me on Twitter

• Business Tech Press Releases

  • WRGL Names Julian Sula as New CEO February 11, 2012
  • tw telecom Awarded South Carolina Contract to Offer State Government Telecommunication Services February 11, 2012
  • Vidable Inc. Launches in Test Market February 10, 2012
  • HostWire Merges into WRGL February 10, 2012
  • Altera Announces Upcoming Schedule of Events With the Financial Community February 10, 2012

• Archives

  Select Month March 2011  (1) February 2011  (3) January 2011  (4) December 2010  (3) October 2010  (2) August 2010  (4) July 2010  (19) June 2010  (28) May 2010  (37) April 2010  (63) March 2010  (54) February 2010  (1) January 2010  (4) December 2009  (18) November 2009  (27) October 2009  (4) September 2009  (1)

• Tags

  Book Building business CISSP CISSP Exam CISSP reviewer Development Dummies eBusiness Edition Engine Entrepreneurship Exam facebook From Google Guide Hardcover Information Information Security internet Joomla Maceo MAD MAC Management marketing Media Online Optimization Paperback PMP Exam Professional Project Search Secrets Security Social strategies Technology Trehb101 Tweets Twitter with Wordpress Your

• Your Shopping Cart

  Your cart is empty

• Calendar

  March 2010

  M	T	W	T	F	S	S
  « Feb				Apr »
  1	2	3	4	5	6	7
  8	9	10	11	12	13	14
  15	16	17	18	19	20	21
  22	23	24	25	26	27	28
  29	30	31

• From the National Vulnerability Database

  • CVE-2011-3958 (chrome) February 7, 2012
    Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]
    nvd@nist.gov
  • CVE-2012-1033 (bind) February 7, 2012
    The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]
    nvd@nist.gov
  • CVE-2011-3971 (chrome) February 7, 2012
    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]
    nvd@nist.gov
  • CVE-2011-3954 (chrome) February 7, 2012
    Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]
    nvd@nist.gov
  • CVE-2011-3970 (chrome, libxslt) February 7, 2012
    libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]
    nvd@nist.gov
  • CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012
    The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]
    nvd@nist.gov
  • CVE-2011-3969 (chrome) February 7, 2012
    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]
    nvd@nist.gov
  • CVE-2011-3956 (chrome) February 7, 2012
    The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]
    nvd@nist.gov
  • CVE-2011-3968 (chrome) February 7, 2012
    Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]
    nvd@nist.gov
  • CVE-2012-1035 (ada_web_services) February 7, 2012
    AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]
    nvd@nist.gov