Exam CISA topic 1 question 814 discussion

D. changing the source address on incoming packets

C. intercepting packets and viewing passwords sent in clear text Packet-level firewalls operate at the network layer and make decisions based on the source and destination IP addresses, as well as port numbers, without inspecting the content of the packets. This means that if sensitive information, such as passwords, is sent in clear text (unencrypted) within the packets, an attacker can intercept and view this information without the firewall detecting or preventing it. This is a significant security weakness because it doesn't protect against eavesdropping or interception of sensitive data within the packets themselves.

The packet filtering type determines whether to allow packets to pass through to the internal network by referring to packet headers (information such as procotr, source and destination addresses, and port numbers). In other words, in the packet filtering type, access permission/denial is determined based on header information alone. Therefore, as long as the header information clears the access permission definition (policy), it is possible to enter the internal network even if there is unauthorized data in it.

: where an attacker sends packets with a forged source IP 2 번 찬성address to bypass the firewall’s rules and gain access to the network.

Option A is not correct as packet level firewalls do not typically involve deciphering the signature information of packets. Option B is out, Packet level firewalls do not perform password authentication or encryption. Option D is out, While this may be a concern from a network security perspective, it is not a specific weakness of a packet level firewall. This action relates to source address spoofing, which is a separate security issue and is typically addressed by other measures like anti-spoofing controls. That leaves to Option C.