Time
1 hour 18 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
Hey, welcome back. Thank you so much for sticking with me in this section Three of the lab we're gonna talk about S H access. Um,
00:11
And what the reason why I wanted to do shh access is because we're gonna try toe access something that d m Z.
00:20
And
00:21
in order for us to do this, we're gonna need to do something called Port 40.
00:27
Or in that which is gonna be network address translation.
00:31
And the best way that I think I could describe it to you is
00:35
let's say you got three people and these three people are only gonna be together in one location every day.
00:43
And the scenario that I'm gonna draw for you is it's a boy
00:48
who's in home room
00:50
and he's friends
00:52
with a girl. And the girl that he's friends with
00:56
is friends with a girl that he likes
00:58
now.
01:00
He was understanding with
01:02
the girl that he's friends with,
01:03
that he likes her friend
01:07
and he wants to give her a note so she can pass that note.
01:11
Tow her friend that says, Will you go to prom with me?
01:15
Circle Yes or no?
01:18
And that's basically what Port Ford and network address Translation comes down to in my mind, and that helped me a little bit. Uh, I know it seems funny, but I'm going somewhere with this
01:32
When we
01:33
try to access
01:36
something in the d m z,
01:38
we're not actually going to s h to the target i p address for that asset in the d m Z, but we're gonna have to go through the when interface, and we're gonna have to set up a firewall rules that redirect to the target. I pee on this specific port.
01:55
Now, if you're following me, and I hope you are,
01:57
what we're doing as that boy with that note in home room is
02:02
we're on a certain port or we're in a certain classroom and we're passing a note.
02:09
Yeah,
02:10
that girl who's your friend knows is not for her, but it's for her friend,
02:16
right? And it's almost like this intermediary. She is the firewall. And you're trying to get sshh access to something that is behind her in the d m Z in the home room, which is her best friend, which is something that you like and you want to go to prom with.
02:34
I know, it probably sounds funny. I hope it is comical to you. But I also hope that you get some understanding from it, right, that you're not directly accessing that asset in the D m Z or you're not directly access in the person that you like.
02:51
You're going through that firewall or that intermediary
02:53
friend and she knows, based off of the conversations and the understanding that you have with her that the note is not for her, but it's for
03:02
her friend, which you're both gonna see a home room again. Port 22 for s s h is what I'm talking about. So let's actually attempt
03:13
sshh into
03:15
a computer in the d m Z. And again, we're gonna do this by trying to go through the when interface. Is that when is what connects us to the d m Z, Right?
03:28
So bear with me
03:29
and we're gonna We're gonna see that in action.
03:40
Now, keep in mind this I p address that I'm typing in is that land interface. It is not the actual target I p address
03:49
for the asset in the d. M. Z is We can't get to it that way. We have to go through the land interface. All right, we're gonna notice that we're not getting any action, right? We're not seeing that echo reply that we're hoping for, Right? A Ziff. We were doing a ping, but we're not getting that connection. Even though we
04:09
we put in the user name,
04:10
you got the i P. Address and we're using the essays protocol. Nothing's happening.
04:15
Why? We probably need to create a rule. And that's what we're gonna do while we head back to that Windows eight
04:23
box and we're gonna create that rule. We're gonna make our way to firewall go than that rule, and then make sure we're on the choose on the tab port boarding,
04:33
and then we're gonna get going here. We definitely don't want this disabled because we want this to work.
04:40
I want this to work on the wind interface, which is gonna signify the the friend that knows the boy and knows the girl that we like, right.
04:50
Protocols in a state TCP
04:54
and the destination port range homeroom is gonna be shh.
04:59
The redirect target. I p That's gonna be important. This is where we want that note to go. It's not for her, our friend. It's for her friend. So we want to make sure that she knows that we want to make sure fire will knows. This is well again. I hope you're following me and over getting a good laugh out of this.
05:15
So let's go ahead and put in that I p address for the actual target. I pee in the d m Z that we want access to.
05:23
I want to make sure that redirect
05:26
port is is gonna be s S h and we'll give it up a quick description, right? It's always good to be descriptive. Like I said,
05:33
that way we know exactly what we've done. If something comes behind us, they know as well okay, we're gonna save that rule. We're gonna apply that change.
05:44
We're gonna make sure
05:46
that this is gonna actually work. Now that we applied it,
05:50
we're gonna go back to the Callum machine,
05:53
and we'll actually try to run that again. Okay,
05:57
so let's see what happens
06:00
and look at that.
06:01
Are you sure you want to continue yes or no? Just like that boy in homeroom past that note
06:08
to his friend who's friends with a girl that he likes.
06:11
Are you sure you want to go out? Promise me yes or no? Okay. So seems like
06:16
we are in a good position
06:19
to goto problem with the girl that we like or
06:26
in a firewall term, were able to access as it's h right. So we're gonna go ahead and put in that password
06:35
and we're in. So I hope that
06:39
that gives some credence to how
06:44
that
06:45
port forward in
06:46
Phil turn in batting outbound on follow works. Um, I know that there's tons of analogies and examples that we can use, but really think about what I said in terms off. Sshh. In terms of
07:00
the target, I pee in terms of going through the land interface because that makes the most sense. That's your wide area network. That's how connections air coming in
07:09
through your *** z. Think about network address translation again,
07:15
we're gonna talk about this much more in depth in section three, and you can always come back thio the lab section 12 and three of the labs
07:25
and hopefully have some ah ha moments. Based on some of the things that I've said in Section One
07:30
as well as some of the quirky analogies that I've just provided to help you understand the network sorcery That's kind of going on to allow us to have access to things through a firewall and the segments that is created. Thank you so much.

Up Next

pfSense: Installing and Configuring the Firewall

PfSense is a is a free commercial firewall solution that users are able to customize based on their organization’s needs to create a solution that is tailored to those needs. PfSense can repurpose an old computer into a fully featured router and firewall.

Instructed By

Instructor Profile Image
Mario Bardowell
Instructor