Which of the following statements is true of all firewalls? (Select the best answer.)
- They maintain a state table.
- They hide the source of network connections.
- They operate at Layer 7 of the OSI model.
- They are multihomed devices.
All firewalls are multihomed devices. A multihomed device is a device that connects to more than one network segment. The purpose of a firewall is to block undesired network traffic and to allow desired network traffic to pass from one network interface to another.
Some firewalls, such as proxy firewalls, can be configured to hide the source of network connections. However, stateful firewalls and packet filtering firewalls are not typically configured to hide the source of network connections. A proxy firewall terminates the connection with the source device and initiates a new connection with the destination device, thereby hiding the true source of the traffic. When the reply comes from the destination device, the proxy firewall forwards the reply to the original source device. Network Address Translation (NAT) and Port Address Translation (PAT) can also be used to hide the source of network connections.
Some firewalls, such as stateful firewalls, maintain a state table. However, other firewalls, such as packet filtering firewalls, do not. A stateful firewall makes filtering decisions based on the state of each session. When an outbound session is initiated, the stateful firewall will create an entry in the firewall’s state table and dynamically allow the return traffic in the inbound direction. Inbound traffic from other sources will be blocked unless there is a corresponding outbound session listed in the state table.
A packet filtering firewall makes simple filtering decisions based on each individual packet. As a result, packet filtering firewalls are not particularly flexible. For example, if you want to configure traffic on a port to flow inbound as well as outbound, you must open up the port in both directions. However, doing so might expose the internal network to undesirable inbound traffic on that port. Therefore, stateful firewalls are more secure than packet filtering firewalls.
Some firewalls, such as applicationlevel proxy firewalls, operate at Layer 7 of the Open Systems Interconnection (OSI) model, which is called the Application layer. However, stateful firewalls and packet filtering firewalls operate at the Network and Transport layers. An applicationlevel proxy firewall can make filtering decisions based on Application layer data. However, to do so, the firewall must be able to understand the corresponding Application layer protocol. As a result, applicationlevel proxy firewalls are often designed to filter data for a particular Application layer protocol, such as Hypertext Transfer Protocol (HTTP) or File Transfer Protocol (FTP). For example, an HTTP proxy can block malicious or otherwise undesirable web traffic, but it might not be able to block malicious FTP traffic.