1 hour 18 minutes
hello again and thank you for sticking with me
in Section one of this course will be discussing the following
what is a firewall? Why was it created? Do we still need it today? And who needs to understand its technology?
You also want to focus on the difference between host space firewalls
and network based firewalls.
Can we just choose one,
or do we need both?
It's also important that we pay attention to inbound and outbound, or some folks like to say ingress or egress.
And what do we mean when we use these words when describing a firewall?
So what is a firewall?
The basic definition I can give you is that a far wall is a device second, filter traffic into or out of a network.
It could be a physical device or software installed
that is running on a laptop or desktop computer.
It could also be a virtual appliance that's found in a V sphere or V Center environment,
and I think it's always great to use analogies.
Help in understanding computer interconnected networks
and what I want to really focus on is what do we really mean
when we say filter traffic
and I think analogies will help us understand what filtering is all about.
I think the biggest firewall that I could think of, and the one that we all share is one that's above our heads.
You know, just look up in the sky. And even though you can't see it, we have a firewall right there in the sky.
You and I call the video's only
about 9 to 18 miles above the Earth's surface is that protective layer. You and I need
to be protected from the ultraviolet radiation from the sun,
right? And so another example
really quick. Here's is the filter and that we see in a screened in porch. Now I live in Florida, and it's close to summer, no matter what season we're in.
And we have a ton of what we call love books and really all sorts of other critters we want to keep out from our patio area.
Now, keep in mind that screen allows in sunlight. It allows in the air
it even allows in rain. If it's, you know, storming or windy enough right, but not the blows.
It doesn't allow the bugs in,
so we see filter and from what is allowed in.
And we also see filter and what is not allowed in
and most screened in porches. They have a door to allow things out or in, so we have controls.
You know, when we talk about allowing things in denying things from coming in, you know, we have controls, and that's what a firewall does, right? It's gonna filter is gonna give us what we need and remove what we don't.
Now let's take a look at some examples of filtered by an actual firewall.
Okay, now, the easiest way I I think I could explain this is,
is by using a ping command.
When we paying a computer, we essentially use the Internet control message protocol to send packets to the I. P address or fully qualified domain name for the system that we're trying to reach
now, if the system is up and no fire, Wallace built her in I C M P traffic on the computer or network. The computer weeping will reply with packets as well,
and these air called echo request an apple reply. Now, if you focus your attention on the visual or the PowerPoint slide, you'll see the top left that we're paying in 192.168 dot zero. That one. We're getting those eco replies.
Why is that? Well, either the local firewall, where that network based firewall
that particular traffic to pass through
and at the bottom right. We see the request being timed out when we paying 10.0 dot 075
So one of two things could occur here. The local firewall for these machines that have the I P addresses
or either allowing
or denying ICMP traffic.
And again, it could be a local firewall. But again, if you're on different networks and you're tryingto ping from one network to another, you may have a firewall in between your networks and that viral could either be allowing or blocking ICMP or essentially the Pinkham.
All right, so that's that's another quick analogy, slash example of what viral filtering is the basics of. What if I was going to do
now? We could use the pink, a man on Windows, Linux, UNIX and mackerel s systems. So whatever operating system you feel most comfortable with, you can open up the terminal and paying a host or computer you know is up and running on your own network,
or maybe even one that's on the Internet.
It's important to understand that just because a computer is up
and running on the Internet or behind the same firewall as your computer that the computer you ping may not respond with an echo reply
or packets of its own again, you need to check the local firewall. That host Space Firewall could be the reason why
Thing is Working or Pink isn't working for you.
And shortly we'll talk about host based firewalls and network based firewalls.
But before we do,
let's let's try to answer those questions of Wife Barbara was created. Do we still need far walls today? And who needs to understand how it final works
and how it impacts our customers and the business both in a negative way and a positive way.
Now firewalls are created to protect private networks, and yes, we still need them. Today, the firewalls ability to filter traffic allows for other opportunities,
and one of those opportunities is segmentation. In the configuration of firewalls. Owns
the Far wall allows in many organizations to be compliant with regulatory standards by its use of zones that filters traffic
or in some cases, isolate sensitive assets from the remaining sub networks on a network.
The importance of understanding the far wall is not
just up to your network administrators or your security administrators
do the whole space, and our base virals, network traffic and issues that can accompany them will present themselves to help this representatives when dealing with a user and their laptop or desktop in or out of the office
and our managers,
who will be making purchases that protect their organizations. They must also be communally with marbles and the impact of our walls have on the network and the security posture of the organization.
Now let's dig deeper into host based and network based firewalls to better understand how our walls and the location of them on the perimeter of the network is different from being local. Tow a desktop or laptop.
Keep in mind that local firewalls can be found on Windows, Lennox, UNIX and Macro West systems.
You know, Windows Firewall, I P tables, firewall the They're just some of the native firewall software that you could find on the most popular operating systems today.
But many more exists that can be purchased for home or business use. Okay,
so I'll start with simple definitions.
Ah ho. Space Firewall provides protection on a single host computer.
They never baseball up provides protection on a computer network.
Now it's best to use both a host base
and a never base fireable. Why's that? Well,
it's like the defense in depth approach or the belts and suspenders approach.
The network based firewall will filter in block Melissa's traffic coming from the Internet,
and the whole space firewall will block militias traffic that maybe the PLO it internally.
Think of a flash drive that someone plugs into their computer and the virus execute and tries to call back to the command and control server.
You know, the network based firewall and the whole space viral are like the Earth's ozone layer and a good pair of sunglasses.
Okay, maybe not quite, but I hope you understand that having both
is better than just having one.
Now take a look at the diagram on the slow. The number based firewall is clearly visible here. It's represented by the black and gray object in the centre of the diagram.
The network based firewall has three interfaces with zones configure.
It has a wide area network, a de militarized network and a local area network.
And now this firewall can create rules that filter traffic and block malicious traffic.
Now what we don't see is the host based viral,
which would be installed on the servers in the D M Z and the computers in the land for extra security filtering and the blocking of militias tracking.
Okay, so one thing to mention is how very important it is to understand that the configuration of host Space firewall
is just as important as a network based marble. Let's say if ICMP isn't allowed on the local computer's firewall,
that echo replies will not be visible after an echo request.
So this is also
Onley effective. Both computers are on the same network or now work address translation. Nat is configured and Pork Ford and is also configured for a specific computer that is reachable
from outside one of those configured zones. Now we're gonna talk more about these protocols and features in a later section,
but let's move on to inbound and outbound.
So it's really critical that we understand the importance of not only built in traffic in bounds are networking workstations,
but we must concern ourselves
with what is leaving our workstations and our networks.
We need to think about how inbound and outbound allowance and denial of traffic can help or harmless
on one hand. Not allowing I C. M p or paying on a computer can protect us from things like denial of service attacks or DOS attack, because that protocol is often used to bring down a system in that type of attack.
So the computer's up and running, but the firewall is blocking ICMP traffic.
So what firewall
should perform the block? Should it be the network based borrow or the whole space far away, or both?
Well, in my opinion, you want to start with the network based viral, but the system's location that you're trying to protect might help you make that decision in your environment in your domain,
in your organization.
But many I T folks rely on tools such as paying and trace route to troubleshoot issues. It wouldn't be beneficial to your department if you block ICMP trapping on the internal network. In most cases,
it's scenarios like these that make Pharrell zones appealing, and it makes firewalls easier to work with. You could adapt based off what your needs are because of segmentation, because of zones become because of the granny Larry you have with filter inbound and outbound.
Now, having control over outbound traffic is important as well.
What it policy states that
not computers in the accounting seven it can use at the P clients
then. One way to stop the use of FTP client is the block Port 21 host space firewalls to stop the service ability to connect to FTP servers outside the network.
So, having control of both inbound and outbound chappie
from a firewall giggsy granular control to tighten or loosen security
as the business sees fit. So it's very important.
Okay, so a quick recap on this section in this section we talked about
defining a firewall.
We look at them analogies,
real world scenarios where we see a filtering and also an example of a firewall and how it filters on a computer. We also talked about network base and host based firewalls and some of this known scenarios that they were used.
We also talked briefly about the farmers ability control, traffic inbound and outbound. And how this gives us better control over securing traffic
and the computers they reach.
We look forward in the next section to a lab where I will configure firewall zones using the PF Sense firewall.
Thank you for being here. Stay tuned.