Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)

Previous Topic/Section
3.5.3.9.2  Databases
Previous Page
Pages in Current Topic/Section
1
2
345678910
Next Page
3.7  Success Questions
Next Topic/Section

3.6  Summary
(Page 2 of 10)

Firewalls



You discovered more details about firewalls, which come in two types, application-level and network level:

  • Application-level firewalls, or proxy servers, act as middlemen between client and server sides of a connection, keeping two separate physical connections open for each single logical conversation, and passing packets as permitted. Pros include finer-grained control over permissions due to proxy’s detailed knowledge of each protocol allowed to pass through the firewall, and the fact that internal systems are usually protected from most low-level TCP/IP attacks, because the proxy never allows an external system to connect directly to the internal system. Cons include that client configuration is usually required, and they are less efficient than other types of firewalls due to overhead in setting up multiple connections for each incoming request.

  • Network-level firewalls inspect packets as they travel through the firewall, from one side (the outside network) to the other (the inside network). Pros include transparency to network clients and faster speed/more efficiency compared to application-level firewalls. Cons include no isolation from low-level TCP/IP attacks since direct connections from outside devices to inside devices are allowed, and less protocol specific filtering functionality than many application firewalls. Two types of network-level firewalls are packet filters and stateful packet inspection firewalls. Packet filters are the simplest, lowest-overhead firewall; they base all decisions as to allow or disallow a packet based on the contents of that packet, not taking into account the context of the conversation. Stateful packet inspection firewalls build on packet filter technology by looking at packets in the context of the conversation in which they occur, giving them more information to evaluate when deciding whether or not to allow a packet through.

Previous Topic/Section
3.5.3.9.2  Databases
Previous Page
Pages in Current Topic/Section
1
2
345678910
Next Page
3.7  Success Questions
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.