Hi and welcome to Cyber Eri. My name's Anthony and I'm your local subject matter expert for Network Plus, And today we're gonna be talking about set up and configuration for basic firewall. So when we're setting up a firewall, the first thing that we need to know is our main difference between a software and a fire on a hardware firewall.
A software firewall is a piece of software that's installed on clients that is able to detect and is able to filter network traffic. It's able to filter traffic based on rules such as port numbers, type of contents, the protocols that are being utilized, the certain application that's talking out over those ports
and other rules that we can set on our client side using software.
Now, our hardware firewalls are going to be the actual actual physical devices on our network. These air devices that will set up and we have network traffic running through them, and they are actual physical devices that are act as hard a CZ actual firewalls. They're not software installed and on our computer, not software installed on our operating system.
They're staying alone devices
now. Our software firewalls are are two words here are going to be inexpensive but vulnerable. Our software firewalls, they are inexpensive, typically are operating. Systems will come bundled with a and A built in firewall such as Windows Firewall into the answer security.
However, they could be vulnerable to attacks in vulnerabilities within our operating system.
If there's a vulnerability within our operating system, there's an application vulnerability that could be exploited. Then that firewall is no good. The at the Mount Malicious author could come in and could change firewall rules that could disable our firewall. And because they can attack our computer because they didn't got into our computer, they're able to disable that software firewall
one of the benefits of our software firewall, however, is going to be that it has.
It knows more about what we're doing on our computer. It's able to identify certain applications and make specific rules for particular applications. We can say that I want this game and on Lee this game to be able to talk out through this port or Thio not be able to talk out through this port.
I want to allow traffic into this port
to be directed to this this particular application or this particular service. So our software firewalls
because they're installed on our computer and because they're integrated with our operating system, they know more about what's going on inside our computer. They know more about the applications, and service is that we're running. They're able to. They can perform the point, the point connectivity that can have rules that are based on particular service's and applications. And they may be more configurable,
and they may allow us to even set auditing and logs.
So that let us know. And we can actually see on our computer what's been going on. And we can get alerts that allow and let us know when different applications air trying to talk through our firewall
hardware firewalls on the other end there are more robust. They're typically they have typically more in depth configurations, and they're going. But they're gonna be more expensive because their devices that we actually need to buy and set up separately on our network they're gonna cost more than this software firewall typically would,
however, they are going to be more robust. They're going to be ableto have more rules set.
They may come with actual service terms, and they may come with a service agreement where, if something goes wrong on that firewall, we can call service and have them help us fix it, and they may include things that allow us. They include applications built into the firewall
that allow us to do things such as capturing packets or setting certain rules for public sources or doing things such as
network address, translation, airport address translation. So these hardware firewalls
these physical devices are more are designed more for handling more network traffic than just tow one computer. They're designed for handling traffic for multiple clients, multiple computers, multiple multiple servers. So, if at all possible, we want to use a combination of both
both software and hardware firewalls,
hardware firewalls that filter rules specific to our network and then software firewalls that filter traffic and filter rules based on our particular client's it. Let's just be able to stay a little bit more abroad and then be able to get more granular, and it makes it makes it a lot easier for us to filter specific rules based on applications
and make sure that we're monitoring all of our traffic going through so
don't just think that you just use software firewalls or just use hardware firewalls. It's best in a network environment to implement both of them and configure them. Both depend on to have rule set specific to that particular client or that particular part portion of your network.
Now we're talking about firewalls. He may hear of the concept of port security thrown around. Now Port Security is securing, done by modifying the traffic or access to particular ports on our network. We're modifying the traffic that can get to those ports or modifying which protocols were allowed to use those ports.
And we're blocking certain ports and protocols from being accessed.
Now we throw around the word ports a lot. When we talked about Network Plus
and as we've gone through our modules, we've seen that there's two main distinctions between ports. We have T, C P, I P ports, and we also have physical ports.
Physical ports are the actual
places on our computer that we plug in the cable or the actual places on a firewall or on a switch that we plug a cable into those are physical ports.
T C P I P ports are logical ports
inside of our operating system. Their logical destinations for protocol's there Logical in points for data to be sent inside of our computer. Our computer has multiple multiple thousands of ports and we've talked about them a bit more in depth in our first module on network. Plus
how our ports are locations Where in client sin data to us
when they're utilizing T c p i p when we're being sent data. When we're being sent a data packet, we're not just being sent that packet to R I P address, but we're also being sent that packet to R I P address in a particular port number based on the type of protocol and based on the port number that we specified for that packet
Port security for our firewalls
is mostly going to be referring to these t c p I P ports were going to be filtering the traffic sento logical ports and we're going to be filtering traffic by the protocols that were that The particular packets are trying to use instant to our specific logical ports on our computer.
But we can also refer to physical port security now physical port security would be setting a specific rules based on the physical ports. On our firewall weaken set specific access control lists. We may be able to support a set specific rule lists,
depending on the certain ports that we plug into our firewall if they go to different portions of our network.
So again, remember that we have this distinction when we're talking about ports and we're talking about port filtering that we have the difference between our T C P I P ports and we have our physical ports. But when we say terms such as port filtering and we have our different rule sets
and we talk about ports and we're also talking about protocols with ports,
we're talking about these T c P I P ports.
Now our firewalls can perform additional functions depending on the manufacturer and depending on how much money we paid for them and depending on where we got them, other than just
being a firewall, they can do other things. Then they can do they have more features than just
taking these taking Thies this data that sent to us and then filtering it based on our rules. Firewalls can also be built into routers and switches. Firewall Skin Act is a VPN concentrator and allow us to have a VP and set up and allow remote users to connect in and connected that BP and concentrator.
Or we could have to fire walls that create a persistent VPN connection between
to to client to client sites. We could have A. We could have a site to site VP and set up by using the VP and concentrator abilities of our firewall of our router. VP and firewall firewalls can perform as content filters, not just blocking particular ports and protocols,
but blocking particular websites and content on websites based on keywords and website ratings.
Then we also have firewalls that can perform its I. P S is and I d s is. They can listen in on the traffic and even if its traffic that is going to the correct port and is going to the correct protocol, they can actually view the traffic. They can see if it looks malicious and if it has any malicious signatures and maybe malware, maybe viruses or things of that nature.
So our firewalls aren't just limited thio
being a singular file. Now
the benefits of having firewalls that perform multiple functions like this is that if we have a network a minute, we have a smaller network. We have a network, maybe one or two network administrators at most then having devices. That function is all in one device is
I mean that we only need to know how to use this one device, this one piece of hardware.
But we can perform all of these functions with this one piece of hardware. We don't have to pay the money to buy a firewall and a router and a switch and a VPN concentrator and a constant filter. And an i. P s slash ideas. We can just buy this one device and then use it as an all in one device. It saves us on training costs. It saves us on
having to pay out costs for these different devices.
And it saves us just on the frustration of trying to have multiple different devices in getting them all to communicate and work together properly. The downside of having all in one device is, however, is the fact that if one device is performing all these different features than it can on Lee really do all these different features so well. And if this one device has a vulnerability in it
and if this one device is acting as our VP and concentrator, our firewall and R I p s slash I d. S.
If that one device gets compromised, the person the Attackers in our network, they only have to bypass one device and that there and then they're in.
If we're trying to lock down our network if we're trying to If we have a large enterprise network that's very robust has and we're trying to lay our security, we would want multiple different types of devices, multiple different physical devices, maybe even by multiple different manufacturers, so that
if there's an attacker coming into our network, they aren't just going to have to be able to bypass a single firewall router VP and concentrator content filter all in one box combo. They're gonna have to bypass a They're gonna have to bypass a firewall by one manufacturer,
followed by a router switch, but by another manufacturer, followed by ideas. I ps by another manufacturer,
followed by a firewall that's different manufacturer than our first firewall. So they're gonna have to be. They're gonna have to be smart, and they're gonna have to be knowledgeable about all those different devices in order to bypass them. So it just makes things more difficult for a potential intruder. So we need to understand
the difference and the weaknesses and on Lee won devices
versus having multiple different devices. And we also need to understand that if we have a large enterprise environment than small, all in one device from Best Buy isn't gonna cut it. Acting as a firewall for 5000 users, we're gonna have to buy some serious,
robust enterprise level equipment that is meant to service and act as just a firewall for all of these thousands of users.