Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?

A.
The source and destination addresses, protocols, and ports contained in the IP packet header are the only
information that is available to the router in making a decision whether or not to permit traffic access to an
internal network.

B.
They don’t protect against IP or DNS address spoofing.

C.
They do not support strong user authentication.

D.
They are appropriate for medium-risk environment.

Explanation:
Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall
technologies. Packet filtering gateways/firewalls would be insufficient for a medium-risk environment.
Incorrect Answers:
A: Packet filtering gateways can make access decisions based upon the following basic criteria:
Source and destination IP addresses
Source and destination port numbers
Protocol types
Inbound and outbound traffic direction
B: Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out
and blocking packets with conflicting source address information (packets from outside the network that show
source addresses from inside the network and vice-versa). On the other hand packet filtering gateways would
not be able to protect against DNS spoofing. A stateful firewall is needed to protect against DNS spoofing
C: Packet filter gateways cannot ensure strong user authentication.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630