Firewall Best Practices

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:04
>> In wrapping up with firewalls,
00:04
there are some best practices
00:04
that we want to take to heart.
00:04
One of the first things is to
00:04
block unnecessary ICMP traffic.
00:04
ICMP is very exploited protocol.
00:04
It's the protocol behind ping entries for you,
00:04
and really that is no business
00:04
coming from outside your network to inside.
00:04
It just is too vulnerable,
00:04
so we block ICMP.
00:04
Also, we keep our access control lists simple ACLS,
00:04
when you're creating rules that they
00:04
say block this traffic,
00:04
allow this traffic,
00:04
you can get very confused the more that you
00:04
have with the way these can be priorities.
00:04
You may wind up allowing access that you didn't intend,
00:04
or blocking access that you didn't
00:04
intend. Keep the list simple.
00:04
Firewall should have an implicit deny meaning,
00:04
unless I explicitly grant
00:04
access then that access should be denied.
00:04
Block directed IP broadcasts.
00:04
Don't allow someone outside your
00:04
>> network to broadcast in.
00:04
>> That's a directed broadcast.
00:04
Next suggestion, perform ingress and egress filtering.
00:04
I don't just care with coming in.
00:04
I care what's going on.
00:04
If I'm seeing certain types of traffic
00:04
going out, like for instance,
00:04
a public IP address coming from
00:04
my internal network that tells me something's going on.
00:04
That may be an indication that one of
00:04
my internal clients has a malware and is
00:04
perhaps being used as a zombie to
00:04
launch a downstream denial of service attack.
00:04
We watch traffic coming in and out.
00:04
We enable logging honored firewalls.
00:04
We also make sure that fragmented packets
00:04
don't come through.
00:04
Those could cause damage
00:04
or if it's possible to reassemble them,
00:04
and that's a possible option.
00:04
Ultimately, just keeping a
00:04
secure by default environment with
00:04
our firewalls will go
00:04
a long way towards protecting our organization.
00:04
Just a little review here with our
00:04
>> access control lists.
00:04
>> We've already talked about the significance
00:04
of our access control lists.
00:04
You can have these on routers and on firewalls,
00:04
but this is how we create the rural set.
00:04
Here we have an illustration.
00:04
You've got various servers.
00:04
You see their IP addresses underneath.
00:04
We've talked about access control lists,
00:04
and this is how you build a rules to block
00:04
or allow traffic coming through.
00:04
But let's take a look at how you would configure them.
00:04
We have a series of tasks here.
00:04
First, we want to allow the accounting computers
00:04
to have HTTP access only to administrative Server 1.
00:04
When we're creating our firewall rules,
00:04
we want to look at source computer,
00:04
the destination computer,
00:04
and then we have to think about the port number.
00:04
Remember, we have an implicit deny.
00:04
All traffic is denied by default.
00:04
We have to create lists for what we're going to allow.
00:04
What we're going to see is the source address
00:04
10.18.255.10 with the mask of 24 bits.
00:04
This is the accounting computer,
00:04
are going towards the destination computer,
00:04
which should be the administrative Server 1.
00:04
It is port 443,
00:04
because all we're allowing a secure web traffic
00:04
and that's a TCP port and we'll have to allow it.
00:04
Essentially, what happens,
00:04
is for each one of these tasks we'll
00:04
have to configure a portion of the firewall.
00:04
A lot of times this shows up on
00:04
the exam as a setup drop-down errors.
00:04
Our next task is to allow
00:04
the HR computer to communicate with Server 2 over SCP,
00:04
and SCP uses the port number 22.
00:04
You can see the second rule provides that access.
00:04
The third is to allow the IT computer to have
00:04
access to the administrator Server 1 and 2.
00:04
That's accomplished by creating two rules.
00:04
We allow it to Server 1,
00:04
we allowed to Server 2, and
00:04
we've completed our list of tasks.
00:04
This may be comparable to
00:04
something that you would see on the exam.
00:04
Just getting that flow for
00:04
how firewalls work will be helpful.
00:04
You'll see lots of these on the security plus exam.
00:04
Once again, make sure you know
00:04
your ports because without knowing them,
00:04
you're not going to be able to
00:04
>> complete these activities.
Up Next