Systems Security Certified Practitioner – SSCP – Question1023

Which of the following firewall rules found on a firewall installed between an organization's internal network and the Internet would present the greatest danger to the internal network?

A.
Permit all traffic between local hosts.
B. Permit all inbound ssh traffic.
C. Permit all inbound tcp connections.
D. Permit all syslog traffic to log-server.abc.org.

Correct Answer: C

Explanation:

Any opening of an internal network to the Internet is susceptible of creating a new vulnerability.
Of the given rules, the one that permits all inbound tcp connections is the less likely to be used since it amounts to almost having no firewall at all, tcp being widely used on the Internet.
Reference(s) used for this question: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 409).