Hi. Welcome back to the course. In the last video, we talked about intrusion detection and intrusion prevention systems.
In this video, we're gonna go over firewalls.
So what are firewalls? Well, basically, they're a device that you could be hardware software, and they're there to basically filter traffic. So they feel to the traffic based off certain rules that you can put in place,
and then they also have an implicit deny. So what that means is, basically, if I don't specify rules on the firewall, that's gonna deny basically everything. You know, aside from common forms of traffic that should come through like, you know, Web traffic on http report 80.
So what we would want to do with rules in the firewall. We're not gonna really dive into that on this course, but what we would want to do with the rules, put any type of permission rules first. So we want to allow this traffic in this traffic in this traffic, and then if they at the very end of that rule list, we would then put that okay and everything else you go ahead and block.
So this diagram here is basically showing you kind of a typical network set up. You might see there so you'll have your internal network. You should have some type of far all between that and her D M Z or Demilitarized Zone
and then the d M Z. If you're not familiar with that again, that's kind of basic networking. But basically you've gotten your Web servers and other devices out there,
and then you've got an external firewall. And then
on top of that, you've also got ah Bastian host. So basically some type of device that sitting on the vory perimeter of your network. So in this case, it looks like they have a router, which is kind of typical. It's usually some type of a hardened router that sits out there on the very, very perimeter of your network.
So different types of fire. Well, technologies. We've got packet filtering firewalls. Sometimes they're called static filtering circuit level gateway firewalls, application level, stay full inspection application proxy. And then we also have something called network address Translation or Nat,
So packet filtering. So basically
it filters based off the source the destination I P. Then also the port. So you know, is it Port 80 traffic and where's it coming from? And then where is it going to? And the destination is that also import 80? I mean, if all that matches up, if it looks right, then it lets it through
Circle level Gateway.
So basically, this one where the outside center doesn't know your actual I p addresses here, the inside machine. So it'll come through the firewall here, and then I'll go out some random port to get to the end user there,
faithful inspections. Eventually, it's gonna monitor the state of the connection there and and, uh, basically determined is this Ah, correct connection. So we talked about the CCP handshake earlier, So something like that, right? So if I send my sin packet and then the firewalls like, OK, this looks like a TCP connection,
and then there's never any acknowledgment packet being sent or, you know, there that the acknowledgment of scent, But then the excuse me, that sin sin AC is sent back from the internal machine. But then there's no additional act to establish the full connection there.
So it'll monitor I stop itself and just say Okay, well, this looks like a normal connection or this doesn't and it'll drop it based off that
application level or proxy. Gateway basically functions as a proxy between systems dependent upon certain protocols, but it's not used too much, especially like smaller businesses. It uses a lot of resources to do so. You may or may not see that actually out in industry
Network address translation. As I mentioned, basically, this is going to allow the firewall to sound a single outside of P address for the computer, the private network. So basically, you can have one public I p address for a whole bunch of systems inside your network.
So there are some limitations to firewalls. Here's a few examples. Obviously, it's not gonna protect it against any type of social engineering attack. So, you know you could get traffic coming through or a user goto a website and click it on something and downloading it.
It also doesn't It's not going to enforce your password policies has. It doesn't have a way to do that on then. If you've got weak security policies or you don't provide users with security awareness training something like that, then the fire was not gonna do anything to protect you again. It's really just kind of. There is a perimeter defense type of tool to filter some of the traffic out.
So different tools that we could use His firewalls manage engine fire will analyze her his own alarm and then a couple of mobile tools as well.
So many in Changing Firewall analyzer gives you some different visibility. So it'll analyze a firewall. It'll, uh, even offers a firewall type of service. And then also, you can, uh, set your rules and stuff like that
zone alarm. That's another free firewall thing on again. I would always be wary of free firewall stuff. Even though this is my checkpoint, they're a reputable company. You know, if if you can, even at your home network, if you're gonna have a firewall on, get that set up, just just, you know, it just it does not cost that much to get something legit out there.
And then a couple of android won't specifically for Android and specifically for older man Droid OS is these basically will let you set up a quick little firewall on you on your mobile device to protect against threats. So no route and the no guard
so several different ways. You conveyed a firewall, these air, Just a couple of examples here, so I p address spoofing. That's pretty straightforward. We just spoof R I p address. And so we appear either as a trusted host or just somebody else. And so the firewall doesn't recognize that
tiny fragments again. We're just kind of breaking up packets. So that's similar to that fragmentation we're doing to evade I. D s systems.
You are a blocking. So if they're blocking our you know, Microsoft dot com, for example we just typing the actual i p address for the domain name
ICMP tunneling on semester. That's gonna be a covert message. So we're gonna obstinate skate the traffic by using different echo requests.
Hasty Keep Tony Ling. This is a popular one sending traffic on Port 80. So, basically, we're tunneling through on legitimate poor traffic that's gonna come through right because we don't want to block our users from getting two different websites. So the traffic's gonna come through the firewall
and then a tool you can use for that in one of many, either There several out there. Http tunnels of tool you use for that
and then our Web application fire. Well, we could actually bypass that with stored cross site scripting.
So this video, But he kind of went over a very high level overview of firewalls. And the next video we're gonna jump into honey pots. And again, that was gonna be a high level overview as well. You don't really need to know either of these topics on an intricate level for this sort of unethical hacker exam.