|Read this whole guide offline with no ads, for a low price!|
Use coupon code "certiguide" to save 20%!
|Need more practice? 300 additional Security+ questions!|
|Get It Here!|
(Page 2 of 10)
You discovered more details about
firewalls, which come in two types, application-level and network level:
- Application-level firewalls, or proxy
servers, act as middlemen between client and server sides of a connection,
keeping two separate physical connections open for each single logical
conversation, and passing packets as permitted. Pros include finer-grained
control over permissions due to proxys detailed knowledge of each
protocol allowed to pass through the firewall, and the fact that internal
systems are usually protected from most low-level TCP/IP attacks, because
the proxy never allows an external system to connect directly to the
internal system. Cons include that client configuration is usually
required, and they are less efficient than other types of firewalls
due to overhead in setting up multiple connections for each incoming
- Network-level firewalls inspect packets
as they travel through the firewall, from one side (the outside network)
to the other (the inside network). Pros include transparency to network
clients and faster speed/more efficiency compared to application-level
firewalls. Cons include no isolation from low-level TCP/IP attacks
since direct connections from outside devices to inside devices are
allowed, and less protocol specific filtering functionality than many
application firewalls. Two types of network-level firewalls are packet
filters and stateful packet inspection firewalls. Packet filters are
the simplest, lowest-overhead firewall; they base all decisions as to
allow or disallow a packet based on the contents of that packet, not
taking into account the context of the conversation. Stateful packet
inspection firewalls build on packet filter technology by looking at
packets in the context of the conversation in which they occur, giving
them more information to evaluate when deciding whether or not to allow
a packet through.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.