Scribd
Upload
2 views

Document (1)

The document outlines key concepts related to firewalls, including their limitations such as vulnerability to social engineering and encrypted traffic. It describes the DMZ (Demilitarized Zone) and its role in network security, as well as various types of firewalls and their characteristics. Additionally, it introduces the concept of Intrusion Detection Systems (IDS) and their types, while providing diagrams for visual representation.

Uploaded by

Pranav Shingne
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views

Document (1)

The document outlines key concepts related to firewalls, including their limitations such as vulnerability to social engineering and encrypted traffic. It describes the DMZ (Demilitarized Zone) and its role in network security, as well as various types of firewalls and their characteristics. Additionally, it introduces the concept of Intrusion Detection Systems (IDS) and their types, while providing diagrams for visual representation.

Uploaded by

Pranav Shingne
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

JAYAWANT SHIKSHAN PRASARAK MANDAL’s

Bhivrabai Sawant Polytechnic


Computer Engineering Department
Assignment 4 NIS
Course: 22620

1. State any four limitations of Firewall. (2 Marks)

Answer:

1. Social Engineering Attacks: Firewalls cannot prevent phishing or


user manipulation.
2. Encrypted Traffic: Cannot inspect encrypted packets for hidden
threats.
3. Zero-Day Exploits: Fails to detect unknown vulnerabilities or APTs
(Advanced Persistent Threats).
4. Bypass Risks: Users/attackers may bypass firewalls via direct
connections (e.g., dial-up).
(Source: Page 14, Section 4.0.3)

2. Describe term DMZ with diagram. (2 Marks)

Answer:
A DMZ (Demilitarized Zone) is a network segment between an internal (trusted) network and
an external (untrusted) network (e.g., the Internet). It hosts public-facing services (e.g., web
servers) to isolate them from sensitive internal resources.

Diagram Description:

 External Network (Internet) → DMZ (contains public servers)


→ Internal Network (private resources).
 Traffic to the DMZ is restricted from directly accessing the internal
network.
(Source: Pages 15-16)
3. What is the application of Firewall? Enlist its Limitations. (4
Marks)

Answer:
Applications:

 Filters incoming/outgoing traffic using predefined rules.


 Acts as a barrier between trusted and untrusted networks.
 Controls access to services (e.g., HTTP, SMTP).
 Prevents unauthorized external access.

Limitations:

1. No protection against insider threats.


2. Ineffective against social engineering.
3. Limited analysis of encrypted traffic.
4. Complex configuration risks.
(Source: Sections 4.1 and 4.0.3)

4. Explain Characteristics and Types of Firewall. (4 Marks)

Answer:
Characteristics:

 Inspects packets based on IP, port, and protocol.


 Integrates with proxy servers for enhanced security.
 Blocks all unauthorized network access.
 Enforces security policies strictly.

Types:

1. Packet Filter Firewall: Filters at the network layer (e.g., IP/port).


2. Application-Level Gateway: Inspects application-layer data (e.g.,
HTTP).
3. Circuit-Level Gateway: Manages TCP/UDP connections.
4. Stateful Inspection Firewall: Tracks active connections dynamically.
(Source: Pages 3-7)
5. Describe Packet Filter Router Firewall with Diagram. (2 Marks)

Answer:
A Packet Filtering Router examines packet headers (source/destination IP, port, protocol) and
applies rules to forward or discard traffic.

Diagram Description:

 Internet → Router (applies rules) → Internal Network.


 Example rule: Block all inbound traffic on port 23 (Telnet).
(Source: Pages 3-4)

6. Explain the Concept of Kerberos. (4 Marks)

Answer:
Note: The term "Kerberos" is not covered in the provided NIS Unit 4 PDF. It may belong to
another unit or subject.

7. Describe term IDS. (2 Marks)

Answer:
IDS (Intrusion Detection System) monitors network/system activity to detect suspicious
behavior or policy violations. It alerts administrators but does not block threats.

Types:

 HIDS (Host-based IDS): Monitors individual systems (e.g., log files).


 NIDS (Network-based IDS): Analyzes network traffic for anomalies.
(Source: Pages 17-22)

Diagrams: Refer to the original PDF for visual representations:

 DMZ (Page 16).


 Packet Filtering Router (Page 3).
 IDS Components (Pages 19-22).

End of Assignment

You might also like