Questions: Network Security: Firewalls, Filtering, and Threat Models
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
A company deploys TLS encryption on all communications between its servers and clients. A penetration tester then accesses the company's internal management dashboard directly from the internet because no firewall rules restricted that interface. Which principle does this failure illustrate?
AEncryption is fundamentally ineffective — a determined attacker can always break TLS
BDefense in depth — TLS addresses eavesdropping but cannot compensate for missing access controls on other attack surfaces
CThreat modeling is unnecessary when strong encryption is in place
DFirewalls are the only effective security control and should always be deployed before encryption
TLS protects data in transit from eavesdropping and tampering, but it does nothing to prevent unauthorized access to a management interface that is openly exposed to the internet. No single security mechanism is sufficient — this is the essence of defense in depth. Each control layer (encryption, access control, authentication, logging) compensates for gaps in the others. The company secured the communication channel while leaving the destination completely unprotected, illustrating why security is a system property, not a feature.
Question 2 Multiple Choice
A stateful firewall is more secure than a simple packet-filtering firewall for most deployments because:
AIt can decrypt and inspect the payload of encrypted HTTPS traffic in real time
BIt uses machine learning to identify novel attack patterns as they emerge
CIt tracks the state of active connections, automatically permitting return traffic for legitimate outbound requests without requiring static rules for each response
DIt blocks all incoming traffic by default, requiring manual whitelist approval for every new connection type
A packet-filtering firewall matches packets against static rules — to allow web browsing, you'd need a rule permitting all inbound TCP from port 443, which an attacker could exploit. A stateful firewall records that your browser initiated an outbound request; the server's reply is automatically permitted as part of that established connection. Packets arriving 'out of state' — not matching any known outbound request — are dropped. This eliminates entire attack classes without complex static rule sets and without the overly permissive rules packet filtering often requires.
Question 3 True / False
A network protected by strong TLS encryption on most traffic is secure against most common network-level attacks, including denial of service and unauthorized access to internal systems.
TTrue
FFalse
Answer: False
TLS addresses confidentiality and integrity — it prevents eavesdropping and tampering with data in transit. It does not prevent: (1) DoS attacks, which can overwhelm servers with TLS handshakes; (2) unauthorized access to unprotected management interfaces; (3) lateral movement by a compromised internal machine; or (4) IP spoofing at the network layer. Each of these requires a separate control. TLS is one essential layer of a secure system, not a complete security solution.
Question 4 True / False
Defining a threat model before selecting security controls is essential because the effectiveness of any control depends on what adversaries and attack types you are actually defending against.
TTrue
FFalse
Answer: True
A threat model identifies who your adversaries are, what they want, and what capabilities they have. Without this, security investments are arbitrary — you might spend resources on end-to-end encryption when the real threat is physical access, or deploy sophisticated IDS when the attacker is an insider with legitimate credentials. Every security measure should be traceable to a specific threat in the model. This is what distinguishes principled security engineering from 'security theater' — measures that look robust but don't address actual risks.
Question 5 Short Answer
Explain why 'defense in depth' is more effective than relying on a single powerful security mechanism, even if that mechanism is very well implemented.
Think about your answer, then reveal below.
Model answer: Every security mechanism has specific blind spots and failure modes. Encryption doesn't prevent access control failures. Firewalls don't stop compromised internal hosts. Authentication doesn't mitigate DoS. When mechanisms are layered, an attacker who defeats one still faces others. Defense in depth also provides detection: even if prevention layers are bypassed, logging and anomaly detection can catch the intrusion before catastrophic damage, enabling response.
Security engineering treats each mechanism as fallible and asks: what happens when this one fails? Layers with independent failure modes multiply the difficulty for attackers. Critically, the detection and response layers (IDS, logging, incident response) only make sense in a layered model — they assume prevention has been bypassed and provide a fallback. A single-mechanism design with no detection layer has no fallback at all.