Re: [CCCure CISSP] Stateful Firewall and OSI model

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Stateful Firewall and OSI model

pgnair
Hello,

I am trying to figure out which layer of the OSI model stateful firewall is placed at for the CISSP exam. I understand that it keeps
track using a state table, but I am getting conflicting information as to where this device belongs. Some literature is saying
it should be placed in the network layer, 3 and others are saying in layer 4, transport layer.
 
Thank you
 
Prema Nair


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Stateful Firewall and OSI model

Doug Spindler

Depends on the firewall manufacture but think of it this way which layer maintains the state of a TCP connection?  Three does not – That’s a traditional firewall no state status.  At layer four we have ports and sequence numbers a firewall could keep track of.  Some firewall do that and “deep” packet inspection which would be layer 5, 6, 7.

 

 

 

 

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of [hidden email]
Sent: Thursday, March 14, 2013 9:11 AM
To: [hidden email]
Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model

 

Hello,

I am trying to figure out which layer of the OSI model stateful firewall is placed at for the CISSP exam. I understand that it keeps
track using a state table, but I am getting conflicting information as to where this device belongs. Some literature is saying
it should be placed in the network layer, 3 and others are saying in layer 4, transport layer.
 

Thank you

 

Prema Nair

 


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Stateful Firewall and OSI model

Mr. Clark
This is also a part of a CSI or CCRI inspection for a firewall. "Deep
packet inspection" remember you have to have a license for the
software in order for the the firewall to perform this function.

On Thu, Mar 14, 2013 at 7:18 PM, Doug Spindler <[hidden email]> wrote:

> Depends on the firewall manufacture but think of it this way which layer
> maintains the state of a TCP connection?  Three does not – That’s a
> traditional firewall no state status.  At layer four we have ports and
> sequence numbers a firewall could keep track of.  Some firewall do that and
> “deep” packet inspection which would be layer 5, 6, 7.
>
>
>
>
>
>
>
>
>
>
>
> From: CISSPstudy [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Thursday, March 14, 2013 9:11 AM
> To: [hidden email]
> Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model
>
>
>
> Hello,
>
> I am trying to figure out which layer of the OSI model stateful firewall is
> placed at for the CISSP exam. I understand that it keeps
> track using a state table, but I am getting conflicting information as to
> where this device belongs. Some literature is saying
> it should be placed in the network layer, 3 and others are saying in layer
> 4, transport layer.
>
>
> Thank you
>
>
>
> Prema Nair
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Stateful Firewall and OSI model

pgnair
In reply to this post by pgnair
 
Thank you for the responses. For the exam, it looks like stateful firewalls will be in layer 4 of the OSI model based on what Doug is saying below.
There has to be things to keep track of like ports and sequence numbers. I hope this simplistic view will suffice to answer this question if it came up in the
test. I understand that we can go up the OSI layer for a deeper inspection of the package, but I was trying to figure out  which layer ISC2 and the CBK would place
this firewall (and I think I got the answer). All the other firewalls fall into the OSI layer nicely: packet firewall, proxy, circuit, application. I was looking to find where this one
fell.

Thank you Doug and Gary.
 
prema
 
On 03/15/13, [hidden email] wrote:
 
Send CISSPstudy mailing list submissions to
[hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
[hidden email]

You can reach the person managing the list at
[hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."


Today's Topics:

1. Re: Stateful Firewall and OSI model ([hidden email])
2. Re: Stateful Firewall and OSI model (Doug Spindler)
3. Re: Stateful Firewall and OSI model (Mr. Clark)
4. Re: CISSPstudy Digest, Vol 57, Issue 6 (Khan M A)


----------------------------------------------------------------------

Message: 1
Date: Thu, 14 Mar 2013 11:10:35 -0500 (CDT)
From: [hidden email]
To: [hidden email]
Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model
Message-ID: <4530359.1191917.1363277435103.JavaMail.root@vms170015>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130314/f8bde406/attachment.html>

------------------------------

Message: 2
Date: Thu, 14 Mar 2013 09:18:57 -0700
From: Doug Spindler <[hidden email]>
To: "'The CISSP Study Mailing list'" <[hidden email]>
Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model
Message-ID: <00cf01ce20cf$a24f2ce0$e6ed86a0$@gmail.com>
Content-Type: text/plain; charset="utf-8"

Depends on the firewall manufacture but think of it this way which layer maintains the state of a TCP connection? Three does not ? That?s a traditional firewall no state status. At layer four we have ports and sequence numbers a firewall could keep track of. Some firewall do that and ?deep? packet inspection which would be layer 5, 6, 7.











From: CISSPstudy [[hidden email]] On Behalf Of [hidden email]
Sent: Thursday, March 14, 2013 9:11 AM
To: [hidden email]
Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model



Hello,

I am trying to figure out which layer of the OSI model stateful firewall is placed at for the CISSP exam. I understand that it keeps
track using a state table, but I am getting conflicting information as to where this device belongs. Some literature is saying
it should be placed in the network layer, 3 and others are saying in layer 4, transport layer.


Thank you



Prema Nair



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130314/f9307eb3/attachment.html>

------------------------------

Message: 3
Date: Thu, 14 Mar 2013 19:26:39 +0300
From: "Mr. Clark" <[hidden email]>
To: The CISSP Study Mailing list <[hidden email]>
Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model
Message-ID:
<CAAYtGvafWmLhhsOjxoTszP9Zo_TvvC[hidden email]>
Content-Type: text/plain; charset=windows-1252

This is also a part of a CSI or CCRI inspection for a firewall. "Deep
packet inspection" remember you have to have a license for the
software in order for the the firewall to perform this function.

On Thu, Mar 14, 2013 at 7:18 PM, Doug Spindler <[hidden email]> wrote:

> Depends on the firewall manufacture but think of it this way which layer
> maintains the state of a TCP connection? Three does not ? That?s a
> traditional firewall no state status. At layer four we have ports and
> sequence numbers a firewall could keep track of. Some firewall do that and
> ?deep? packet inspection which would be layer 5, 6, 7.
>
>
>
>
>
>
>
>
>
>
>
> From: CISSPstudy [[hidden email]] On Behalf Of
> [hidden email]
> Sent: Thursday, March 14, 2013 9:11 AM
> To: [hidden email]
> Subject: Re: [CCCure CISSP] Stateful Firewall and OSI model
>
>
>
> Hello,
>
> I am trying to figure out which layer of the OSI model stateful firewall is
> placed at for the CISSP exam. I understand that it keeps
> track using a state table, but I am getting conflicting information as to
> where this device belongs. Some literature is saying
> it should be placed in the network layer, 3 and others are saying in layer
> 4, transport layer.
>
>
> Thank you
>
>
>
> Prema Nair
>
>
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>



------------------------------

Message: 4
Date: Fri, 15 Mar 2013 03:54:26 -0700 (PDT)
From: Khan M A <[hidden email]>
To: "[hidden email]" <[hidden email]>
Subject: Re: [CCCure CISSP] CISSPstudy Digest, Vol 57, Issue 6
Message-ID:
<136334486[hidden email]>
Content-Type: text/plain; charset="iso-8859-1"

Yes, you should be allowed to take a dictionary. It should be an?English?dictionary and your examiner will check the same before you take in in the exam hall.

Regards|
Khan M A -?
CISSP
Bangalore- India


________________________________
From: "[hidden email]" <[hidden email]>
To: [hidden email]
Sent: Thursday, March 14, 2013 9:30 PM
Subject: CISSPstudy Digest, Vol 57, Issue 6

Send CISSPstudy mailing list submissions to
??? [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
??? http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
??? [hidden email]

You can reach the person managing the list at
??? [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."


Today's Topics:

? 1. Dictionaire (Aleksandar Bratic)
? 2. Re: Dictionaire (Doug Spindler)


----------------------------------------------------------------------

Message: 1
Date: Wed, 13 Mar 2013 13:37:49 -0700 (PDT)
From: Aleksandar Bratic <[hidden email]>
To: The CISSP Study Mailing list <[hidden email]>
Subject: [CCCure CISSP] Dictionaire
Message-ID:
??? <13632070[hidden email]>
Content-Type: text/plain; charset="us-ascii"

Hi guys,


Is it possible to use dictionary on exam?



Regards,

Aleksandar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130313/116e899c/attachment.html>

------------------------------

Message: 2
Date: Wed, 13 Mar 2013 16:33:30 -0700
From: Doug Spindler <[hidden email]>
To: "'Aleksandar Bratic'" <[hidden email]>,??? "'The CISSP Study
??? Mailing list'" <[hidden email]>
Subject: Re: [CCCure CISSP] Dictionaire
Message-ID: <245001ce2043$2c655860$85300920$@gmail.com>
Content-Type: text/plain; charset="us-ascii"

I'm making the assumption here you mean a foreign language dictionary.? The
answer to that is yes it is, but you need to receive approval at the time
you register to take the exam.? And as I recall depending on the country,
the test center might have to provide the dictionary.? If you are asking
about a dictionary that's the same language as you are taking the exam then
the answer is no.? The test is offered in other languages, do you speak a
language other than one the test is offered in?



?





From: CISSPstudy [[hidden email]] On Behalf Of
Aleksandar Bratic
Sent: Wednesday, March 13, 2013 1:38 PM
To: The CISSP Study Mailing list
Subject: [CCCure CISSP] Dictionaire



Hi guys,



Is it possible to use dictionary on exam?





Regards,

Aleksandar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130313/209217e7/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
You can search through the mailing list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


------------------------------

End of CISSPstudy Digest, Vol 57, Issue 6
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130315/16c196f3/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
You can search through the mailing list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


------------------------------

End of CISSPstudy Digest, Vol 57, Issue 7
*****************************************

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org