Security Zones and Firewalls
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> We've just wrapped up our discussion on the OSI model.
00:00
I really do think
00:00
that after you talk about the OSI model,
00:00
it makes perfect sense to jump right
00:00
into talking about firewalls. Here's why.
00:00
When we look at firewalls,
00:00
there are three different types
00:00
>> of firewalls and they're
00:00
>> based on which layer of the OSI model they work within.
00:00
When we examine Layer 3,
00:00
Layer 5, and Layer 7 firewalls,
00:00
I think it helps solidify
00:00
what we talked about with the OSI model.
00:00
The primary and original purpose for a firewall
00:00
is to isolate traffic into security zones,
00:00
which we're going to do and we'll talk
00:00
about those zones and what they mean.
00:00
Then we're going to talk about the particular zone that
00:00
firewalls help us with
00:00
being the DMZ, the demilitarized zone.
00:00
There are different ways we can configure
00:00
our firewalls based on how we want the DMZ setup.
00:00
What is a security zone?
00:00
Ultimately, it's a grouping of
00:00
systems that have the same security needs.
00:00
I might have HR computers
00:00
that have highly sensitive data on them.
00:00
I would place them into a security zone.
00:00
I might have a public network
00:00
that I allow my vendors and guests to access,
00:00
that's a different security zone.
00:00
The idea is we create these security zones and then we
00:00
create or we provide filtering from zone to zone.
00:00
We don't want somebody in an untrusted zone to
00:00
access a secure area of the network.
00:00
That's exactly what firewalls do.
00:00
As a matter of fact, you could make
00:00
a good argument that the definition of
00:00
a firewall is to isolate networks into security zones.
00:00
Of course, they do so by
00:00
filtering traffic and restricting
00:00
and allowing specific types of
00:00
traffic based on rules from network administrators.
00:00
In the most basic,
00:00
we have trusted, semi-trusted, and untrusted.
00:00
If you look over the right,
00:00
that's our local area network,
00:00
that's our internal Internet or intranet rather.
00:00
This is where all my resources are,
00:00
my file servers, my database servers,
00:00
anything that I want to protect
00:00
>> is in my trusted network,
00:00
>> and I only allow trusted entities to access my land.
00:00
In the middle, well,
00:00
actually let's go to the far left,
00:00
we have the Internet,
00:00
which is the ultimate in untrusted,
00:00
the Internet is a bad neighborhood.
00:00
In the middle, we have
00:00
a semi-trusted zone called the DMZ.
00:00
The DMZ stands for a demilitarized zone.
00:00
The idea is all my precious resources
00:00
are inside my intranet and the trusted network,
00:00
but I have some servers
00:00
that I want to be publicly available.
00:00
For instance, my web server.
00:00
I want the public to be able to access my web server
00:00
because I want them to come buy
00:00
my product and learn about my company.
00:00
It's considered semi-trusted because my systems are in
00:00
the DMZ and I configure
00:00
security requirements and security settings,
00:00
but because of the fact that
00:00
the general public will also be in the DMZ,
00:00
we certainly can't call it fully trusted.
00:00
You'll notice as we go from untrusted to semi-trusted,
00:00
we have a firewall in between,
00:00
semi-trusted to trusted,
00:00
we have a firewall in between.
00:00
When we have these divisions of
00:00
traffic based on security zones,
00:00
then we would have firewalls that provide inspection
00:00
before we allow traffic moving
00:00
>> from one zone to the next.
00:00
>> Just like we said, filtering between trust zones.
00:00
I get the question a lot,
00:00
are firewalls hardware or software? The answer is yes.
00:00
Yes, they are. They are hardware or software.
00:00
When I talk about a software firewall,
00:00
what I've generally done is I've
00:00
taken a computer, an old computer,
00:00
and maybe put a second network card in
00:00
and I've installed software like
00:00
Microsoft ISA Server or a pfSense on
00:00
a Linux machine and I've turned
00:00
this old computer into a firewall.
00:00
But the thing is, it's still
00:00
primarily a system with an operating system,
00:00
whether that operating system is Linux or Windows,
00:00
there are still flaws in operating systems.
00:00
The software that I'm installing is
00:00
turning that device into a firewall.
00:00
We consider that a software-based system.
00:00
Now the benefit there is
00:00
>> they're cheap, but the downside,
00:00
>> you don't get the same performance and you
00:00
have an extra security vulnerability in there.
00:00
We'd prefer hardware-based firewalls.
00:00
Sometimes you hear these called black boxes or
00:00
appliances and I'll go out and buy
00:00
maybe a Cisco ASA firewall for lots of money
00:00
and I will configure it and
00:00
that device is nothing but a firewall.
00:00
It has a low-end operating system that I
00:00
can use to configure access control lists,
00:00
but that's all that system does.
00:00
By the way, when I say access control list,
00:00
what we're doing is we're
00:00
configuring the rules of the firewall.
00:00
Firewalls use something called
00:00
>> rule-based access control,
00:00
>> which simply means we
00:00
establish rules based on if-then logic.
00:00
If traffic is coming to the 10 network, then block it.
00:00
Hardware-based firewalls give us better performance,
00:00
better security, but much more expensive.
00:00
You can spend tens of thousands of
00:00
dollars on hardware-based firewalls.
00:00
Then the software-based firewalls are cheaper,
00:00
but they don't perform as well and are not as secure.
00:00
We just laid the groundwork down for
00:00
what a firewall is and
00:00
just the notion of separating
00:00
your network into security zones.
00:00
We have our trusted intranet are
00:00
untrusted access to the Internet.
00:00
Then somewhere right there in between is
00:00
our demilitarized zone that
00:00
we consider to be semi-trusted.
Up Next
Instructed By
Similar Content
