Firewalls Best Practices

00:05

and wrapping up with firewalls. There's some best practices that we want to take to heart.

00:09

One of the first things is to block unnecessary ICMP traffic.

00:13

ICMP is a very exploited protocol. It's the protocol behind Ping and trace through it. And really, that is no business coming from outside your network to inside. It just is too vulnerable, so we block ICMP. Also, we keep our access. Control is simple.

00:30

A CLS When you're creating rules that they say block this traffic allow this traffic can get very confused the more that you have with the way these can be prioritized, you may wind up allowing access that you didn't intend or blocking access that you did intend to keep the list. Simple

00:47

firewalls should have an implicit deny meaning unless I explicitly grant access, then that access should be denied.

00:54

Block directed I P broadcasts. Don't allow someone outside your network to broadcast in. That's a directed broadcast. Next suggestion. Perform ingress and egress filtering. I don't just care what's coming in. I care what's going on if I'm seeing certain types of traffic going out like, for instance, a public I P address coming from my internal network that tells me something is going on. That may be an indication that one of my internal clients has a malware and is perhaps being used as a zombie to launch a downstream denial of service attack.

01:25

We watch traffic coming in and out. We enable logging honored firewalls. We also make sure that fragmented package don't come through. Those could cause damage or if it's possible to reassemble them. And that's a possible option.

01:38

Ultimately, just keeping it secure by default environment with our firewalls will go a long way towards protecting our organization.

01:49

Just a little review here with our access control lists. We've already talked about the significance of our access control lists. You can have these on Browder's and on firewalls, but this is how we create the rule set.

02:00

Here we have an illustration. You've got various servers. You see their I P addresses underneath. We've talked about access control lists, and this is how you build the rules to block or allow traffic coming through. But let's take a look at how you would configure them.

02:15

We have a series of tasks here.

02:17

First, we want to allow the accounting computer to have http access only to administrative Server One. When we're creating our firewall rules, we want to look at the source computer, the destination computer. And then we have to think about the port number.

02:31

Remember, we have an implicit deny. So all traffic is denied by default.

02:37

We have to create lists for what we're going to allow.

02:39

What we're going to see is the source address 10.18 point 2, 55.10 with the mask of 24 bits. This is the accounting computer.

02:50

We're going towards the destination, Peter, which should be the administrative server one. It is support for 43 because all we're allowing to secure Web traffic and that's a TCP port and we'll have to allow it.

03:01

Essentially, what happens is for each one of these tasks will have to configure a portion of the firewall.

03:07

A lot of times this shows up on the exam as a set of drop down areas.

03:12

Our next task is to allow the HR computers communicate with Server two over SCP and SCP uses the port number 22 you can see the second rule provides that access.

03:23

The third is to allow the I T. Computers have access to the administrator, Server one and two. So that's accomplished by creating two rules. We allow it to server one. We allow it to server two, and we've completed our list of tasks.

03:37

This might be comparable to something that you would see on the exam and just getting that flow for how firewalls work will be helpful.

03:45

You'll see lots of these on the security plus exam. So once again, make sure you know your ports, because without knowing them, you're not going to be able to complete these activities.