Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network.
Why will this not be possible?
A.
Firewalls cannot inspect traffic coming through port 443
B.
Firewalls can only inspect outbound traffic
C.
Firewalls cannot inspect traffic at all, they can only block or allow certain ports
D.
Firewalls cannot inspect traffic coming through port 80
Firewalls can block ports but a statefull inspection firewall can inspect traffic. That having been said firewalls, IDS and IPS are blind to SSL, SSH or other encrypted traffic.
Not entirely true if they do SSL intercept. This may break some applications (usually in-house ones that don’t expect SSL errors) but most web-sites will still function without user knowledge.
At that point it’s not a “firewall” by the definition of this old test. They must mean just ports and protocols allowed or disallowed. Also, keep in mind, the questino said from all kinds of attacks. So what about sqli or ssi on his vulnerable server? The firewall will not stop this kind of activity. What if I created an upload form on a vulnerable web page on that server and uploaded a virus/worm to that server, what does a FW have to do with that protection? Nothing!