Which of the following firewalls tracks the state of connections and blocks packets that deviate from the expected state based on a state table? (Wentz QOTD)
A. SOCKS proxies
B. TCP Wrappers
C. Application firewalls
D. Circuit-level gateways
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Application firewalls.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Firewalls use a variety of technologies to control network traffic and enforce security.
- Stateful inspection firewalls track the state of connections and blocks packets that deviate from the expected state based on a state table.
- Stateful protocol analysis or deep packet inspection (DPI) is an advanced version of stateful inspection that looks into payloads or application messages. Fadi Sodah introduced an awesome post about deep packet inspection (DPI): Deep Packet Inspection: How it Works and its Impact on Privacy
- TCP Wrappers that use files like “hosts.allow” and “hosts.deny” as the ACL are typically stateless.
- SOCKS proxies are circuit-level gateways. They are the middle man between external and internal hosts and do not pass on packets directly.
Reference
以下哪些防火牆會根據狀態表跟踪連接狀態並阻止偏離預期狀態的數據包? (Wentz QOTD)
A. SOCKS 代理
B. TCP 包裝器
C. 應用防火牆
D. 電路級網關