edited by
16,823 views
42 votes
42 votes

A layer-$4$ firewall (a device that can look at all protocol headers up to the transport layer) CANNOT

  1. block entire $\text{HTTP}$ traffic during $9:00PM$ and $5:00AM$
  2. block all $\text{ICMP}$ traffic
  3. stop incoming traffic from specific $\text{IP}$ address but allow outgoing traffic to the same IP address
  4. block $\text{TCP}$ traffic from a specific user on a multi-user system during $9:00PM$ to $5:00AM$
edited by

3 Answers

Best answer
104 votes
104 votes

Answer is (D).

(A) It is POSSIBLE to block "entire" HTTP traffic by blocking all the traffic on port number $80$ Since here we DON'T need to check anything that is application layer specific. We only need to block port no $80$ for required time span.

(B) & (C) are fairly possible to achieve.

(D) However (D) is not possible to achieve although the service uses TCP at transport layer. But see the question. We dont need to block entire TCP traffic so we cant block any specific PORT number. Also it is given that IT IS MULTI- USER System and so many user may be using same port for communication.Therefore blocking that port would block all the users  WHILE we want a specific user. So how to do that. To do so we need Application layer specific information of the user like user_id type of things which cant be checked as it is $4$-layer firewall. So it is not possible to allow other users and block some specific at the same time using
a $4$-layer firewall  (unless they all be using different port numbers which we actually cant predict).

edited by
8 votes
8 votes
Since it Layer-4 firewall so it includes the following layer ::

Physical layer,Data Link layer,Network layer as well s Transport layer.

So all functionalities of above layer can be prevented by Layer-4 protocol except last one which is associated with the application layer.
6 votes
6 votes

A is wrong
Because we're asked if we can block "entire" HTTP traffic. This is doable by a L4 firewall by disabling port no. 80.

B is wrong
ICMP is a NL protocol, which comes under TL, so we're good.

C is wrong
IP addresses are the characteristics of NL, which comes under TL.

D is right
Because we're asked to manipulate a specific user. We can't do that with a firewall that can see upto TL.

 


If option A said, block HTTP traffic from a specific user, then A and D would both be right. Intuitively, you can think of it like, blocking entire stuff requires a strong hammer, but blocking a specific thing out of it requires greater sophistication.

Answer:

Related questions

2 votes
2 votes
3 answers
1
Arjun asked Apr 22, 2018
3,996 views
What is one advantage of setting up a $\text{DMZ}$ (Demilitarized Zone) with two firewalls?You can control where traffic goes in the three networksYou can do statefull pa...
39 votes
39 votes
12 answers
3