4.1 Section 3

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 18 minutes
Video Transcription
Welcome to Section three. This is gonna be our last section. And in this section, we're gonna
kind of go back and really focus on some of the things that we may have lost over while doing the lab. Um, we're gonna talk about firewalls, owns how they benefit our network. We're gonna talk about some different types of firewalls. Packet, filter, state full and application. Now, these air Not
all the type of firewalls that you could find
out there today. But I think these three basic ones do a good job of telling us how firewalls have evolved. We'll take a look at de ns de a, C P Nat and pork boarding. We kind of spoke about those Join the lab, some of them not so much others. We did speak about
more in depth, and then
we're gonna leave with common protocols and ports, right? I think that for anyone that's in networking or in a security role, understanding
your common protocols reports and how they work is gonna be important to securing your systems and also making sure you have the right up time for your users.
So stay tuned. We're gonna go ahead and jump in to Section three, starting right now with my wall zones.
Now, let's go ahead and define the win interface, right? We talked about this in the lab. You're probably aware of a wider area network that you've heard it before. But that's the title of a win like wide area network and what it does. It connects computers across
a large geographical area
like Miami in New York. So if you've got a Miami office in New York office, you're too PF sense firewalls. One in your Miami office and one in your New York office
would connect via land link right to connect those two offices, right? So that's That's one of the benefits of a Wang interface, right? You can connect multiple offices across a large geographical area Now. Next, we have our land interface.
Now the land is called the local area network, and it's also known to some as the intranet.
The land is generally the most trusted segment, and traffic generally flows more freely here than other segments.
Think of a school zone where traffic is monitored heavily because we want to protect our kids and then think of the Daytona 500 track that was made for racing.
No car's gonna go as fast as they want. There's more trust in the Daytona 500 because it's an environment built for speed. It's an environment built for work.
So the school zone is like R D M Z, where it's heavily monitored, and there's only a finite amount of things that should and should not have sure shouldn't happen in your school zone in terms of traffic and how it blows. Right
now, the D M Z or the Demilitarized Zone is where organizations host Webster's or, you know, your FTP servers that are Internet Basin and accessible to your customers.
The DNC provides that layer of protection for resource is that wouldn't be available if they were placed directly on the Internet. And so we can use the firewall toe filter traffic from the D M Z in bound to the land, and we can filter inbound traffic from the Internet coming to our d m. Z.
So I hope that makes sense. I hope you have. You will be able to connect the firewall zones that we just talked about to the lab and really get a clear picture of what we're doing Y zones are important and how you could facilitate on traffic the way you want.
They stop a policy
and what's best for your organization or your your home environment.
So let's now move on to, uh, firewalls transformed right. The evolution of fire wolves, packet filter, state bull and application firewalls. So a packet filter fire will filter. Is traffic probe in the contents inside the packet? So that really means I will filter based on
I p address
ports, protocols or combination of those contents. Now, however, that the packet filter Pharrell is a stateless firewall. It's not ST ful. What that means is it cannot monitor a complete session.
So this type of firewall doesn't know if a packet is part of an ongoing session between two systems or if the pack it came from a hacker trying to pro one of those systems.
Okay, now, I know that's a mouthful, but picture this.
You're in a grocery line at Wal Mart.
The people represent the packets, and the cashier is a firewall. Okay, Now, if the cashier is a packet filter type of cash here,
I could walk out of line
and skip in front of the line. Add my grocery items to the person in front of me and the cashier wouldn't care. He or she would accept my items and ring them up to the person that is indeed in front of me.
So that's not good. Right now, the state full firewall is aware of what is expected.
So it looks at the entire TCP handshake, right? And it keeps track of this information in a state table.
So basically no skipping lines and having someone else pay for groceries they didn't buy.
And lastly, we've got that application viral. Now this fire will open filter at the application level, So applications that use http SMTP ftp on example would be that the application firewall can behave as an http proxy or a Web proxy right
and intercept to get and put requests that are used to retrieve and modify Web pages.
So basically, the application firewall goes deeper.
Think about that cashier from earlier.
I don't skip any lines, but maybe I'm under aged. I'm trying to buy beer for my older buddies.
The cashier being an application level cashier, will card me because it's not enough that I'm in line and I have money and I have a light moustache.
So we see the firewall evolving and becoming smarter.
Now, let's take a look at some of the protocols it can use to protect and provide. A service is to our networks.
Now, I'm gonna focus on a few that we again either skipped over in the lab or we kind of spoke about briefly in the lab. Now, the 1st 1 is Deena's. Now Deanna stands for your domain name system, and it resolves host names to an I. P address.
The D. N s service runs on Port 53 it uses different records, such as a host record that can resolve a host name to an I P address, right? Or an MX record that points toe a mail server
and a C name or Pinocchio name that allows were hosts be known by a different name or different names.
Think of basketball now, if you're a fan of the game like me than the mailman means something to you.
The mailman means Karl Malone. The answer means Allen Iverson. His Airness is Michael Jordan. Black Mamba
means cold Bryant.
Now I think
you get what I mean, right? D n s ties to descriptions of the host to a specific coast, and it makes it easier for us to identify or reach that host.
now dynamic host configuration particle de A C P.
It's very important to a firewall, but we don't have to use it on firewall. Right? So this is the firewall involved in being able to do more than what it used to on this service. For this. This this protocol runs on Port 66 67
and the main goal of the main service at D h E P offers. It assigns I p addresses to its clients. Think of a doctor's office where you have to pull a number and wait to be called
right, So that's basically G a T P. In a nutshell. But keep in mind that it can do so much more than just hand out I p ease.
But that's a topic for another day.
Okay, now Nat or network address. Translation.
It's a service that runs at the boundary between the Internet and your internal network. That makes it so that you don't have to have public I p address assigns all your users on your private network.
You know this provides protection for your internal users, and they're real private addresses. So when your users go out to the Internet,
the I P address that the external website gets will be the wen interface I p. Address of your firewall and nothing else about your users.
Now, lastly, this is where Port Forden comes into play when we want to open up our D m Z or land clients of the Internet.
Now just because you place a client in your d. M Z doesn't mean folks on the Internet can get to it. We need to set up pork fording, right? So if I give my way and i p address to a customer
and tell them to access that I p address on pork for for three, and I ask that of a redirect the D. M Z client on the protocol range for 43 then my customer would indeed access my D m Z client on that pork with the when I p address,
Sonett still masked the D M Z clients riel private address and the fire will allow you to access it on Port 443
So you see how all of that comes together. You know, as that picture describes, you know, port soon protocols are like doors that open and close, based off. You know you're building super or your firewall administrator. Right?
So that's let's look at our common ports and protocols before we close.
Now, I just want to leave you with this because I think it's so very important for folks who are network administrators, network analyst, security analyst, security administrators, right over even your penetration testers in your a center responsible still really understand the common ports and protocols
more specifically, for those of you who want to manage in a firewall, you know you're gonna come across filtering for these
ports and filtered for these protocols. You're right. If you've got ah, firewall, maybe you're using that for VPN again. All of these things you may want a filter for your remote access users. There's so many different things that you and I can do without virals. It all starts with understanding zones
and understanding are
ports and protocols and how they can be used to be
secure and effective for visitors right
so I just wantto leave you with that and let you know that this is something that's gonna be important. It's gonna be a lot easier for you to understand how to do networking task and security task once you know about common ports and protocols in your environment.
So let's quickly wrap up here.
We defined Farwell zones in section three. We discussed different viral types. We also discuss some common ports and protocols. Really, We didn't touch on it too much, but we talked about the ones that I thought were, you know,
really important. So what we did in the lab and also I left you with that chart that you can go back to and and really commit to your memory.
I had a great time with you all, you know, during this course, and we've got some additional materials to go to go over. So if if you are someone who doesn't have a membership
and you want to do this on your own, you can install p of sense. Theoden Schimmel materially here will get you there. That particular link from mighty pro eyes is a really good one that I think is gonna help you build a home lab with
with PF cents on a V M wear workstation. You could do it with fusion or virtual box. You just have to
tweak a few things. But really good walk through in that article. Also the all in one S S C P exam. God, it really breaks down your
your viral architecture. Er, in terms of yours owns it talks about some of those common ports and protocols. I does a good job talking about lands, Internets, Internet zones. It's a lot of good stuff in there that will really go well with this particular course that you just after we listen to
and also I see
MP. We talked about it heavily in Section one. We saw it in in use in section two with the lab. And so if you go to network sorcery dot com, they have a ton of information about network, an activity that I think would be pleasing to anyone that needs
to learn more about how networks working, how we can secure them.
This has been a really
great course for me to teach. I had fun. I hope you had fun as well and until next time. This is more your bardwell. And this is P F sense configuring barbell zones. Take care. Bye.