CompTIA Security+ SY0-601 – 3.3 Implement secure network designs. Part 3

5. Firewalls

In this video I’m going to be talking about one of the most basic network devices out there and that every computer and network should have is a firewall. Let’s get into it. First of all, what is the most basic function of a firewall that will be to block ports coming in. So firewall is a wall. Basically walls have two sides to it. It your firewall is connected to your internet, your Wang side, and it also has a connection to your land side. So it’s always trying to stop something from coming in on this side or something from going out on this side. Yes, there are firewalls that stop things from going out, but by default a firewall stops traffic from coming into your network but allows all traffic going out. You’ll see this when we take a look at some firewall rules in a few minutes.

Now how does it do it because it blocks ports. There’s 65,530 something ports coming into an IP address on your systems and on your network. Firewall, when you put it on by the edge of your network, it basically will lock those ports up so nothing comes in. Now there are different firewalls with different types and much more functionality than just blocking ports and we’ll take a look at that in a few minutes. Now, the first thing I want to mention is we have a whole lot of terms that you see here and we’re going to cover all of them right now. So when it comes to firewall, the first thing I want to mention here is going to be the concept of what is known as state full and stateless state full and stateless firewall.

Let me just start off by saying almost every single firewall in today’s world is considered a state full firewall. We really don’t have state less firewall, but it is in the exam objectives. So let’s just talk about it. So let’s go back to the 1990s when we really didn’t have firewalls. Basically you wanted to set up a network, you would take a router, you would connect the router to the internet line, you would set up network address, translation firewall, that would be your firewall. You would put an access list on it, access control list to block traffic and that would become your firewall. That is a stateless firewall. So stateless firewall are technically they’re not really even firewalls, they’re just a router and they’re called stateless because they actually don’t know the traffic that left.

So only that traffic can come back in. State full firewall, all firewalls, windows, firewalls ASAS, sonic Wall checkpoint, Palo Alto, all firewalls. They are basically based on a state full firewall. Stateful firewalls have what’s known as a state table. State table is basically what that is, is a table that keeps track of all traffic going out and traffic coming back in. Stateful firewalls are able to enforce the TCP handshake if it’s able to keep track of it stateless Firewalls can’t. So just keep in mind for your exam, stateful Firewalls is what we use today. Stateless. You really don’t use those. Now what I do want to mention is something called a web application Firewall. Now a web application firewall, I have a link here from Barracuda and this is the Barracudas device, the web application Firewall that it has. So Barracudas protects your web, mobile and API application.

So most of us know that a Firewall will stop traffic coming into our network. Well, web application Firewalls are really devices or software, I should say, that protects web application. So if you’re hosting a web application like a web server, what you would do is you would buy one of these devices or software and you would put it in front of it. What this can do is this can stop things like crosssite scripting and buffer overflow and a wide variety of other web vulnerabilities. So this basically stop here’s a web server. It basically stops traffic trying to come in and affect the web server. So it’s really just for web application. The other one here we want to mention is going to be what is known as the NGFW Next Generation Firewalls and UTM’s Unified Threat Management. I want to show you guys this device.

So this is my sonic loops, this is my sonic wall. Let’s click on the link here for it. This is an NGFW firewall or Next generation firewall. Here it is here at the top. Actually the one here at the bottom I have a 350 W is the one I have on this device. So this is a next generation Firewall. Now next generation Firewall basically includes things like intrusion prevention system. It includes more filtering, unified Threat management. Unified Threat Management includes more things generally unified Threat management includes the functions of a next generation firewall. But then it also includes things like antivirus filtering, spam filtering. Some of them can even stop particular type of Dos attacks all at the firewall level.

Imagine you have one of these devices connected to your network and this thing is eliminating viruses from your internet right off the internet connection before it even gets into your land. That would be a very useful feature for unified Threat management. Now one of the things I want to do in this video is I want to show you guys this firewall rule set. We’ll take a look at that right now. Let’s go into it because I want to show you guys how firewall rules are set up. We have a video coming up somewhere before or after this where I’m actually going to do some rule sets with you. But I want to just in this video, I want to show you guys some firewalls rule here. So let’s go to this device.Okay, so I’m going to log in here and I want to show you a rule set and I want to show you now the Firewall doesn’t have a license on it.

I have not licensed this device yet, but I do want to show you since this is the next generation firewall, here is the rules that we have and you’ll notice that there’s a variety of different rules that is in the device. But I want you we’re going to find the one here that basically you see where it says Land to DMZ allowed? Land to land allowed. Land to land, yes, land to Wang allowed. So this is the rule. So it’s basically saying, hey, if something is connected to the landport, it wants to go out to the Internet, allow it. But when we find the Wang section, you’ll notice Wang to DMZ denied. We actually have to open that ourselves. Wang to land is denied. So you can see that by default these firewalls are set up with rules where it’s blocking the Wang coming into the land.

Now, since this is a next generation device, this thing has a variety of other services. So it’s not just Firewall services, but this thing has security services. This thing here could stop antivirus right at the gateway. It is an intrusion prevention system. You just got to put the license into it. It does do anti spyware right at it. It does even do botnet filtering. So it does quite a lot of different things here. It even does SSL inspection right at the gateway. And see if you can find any type of SSN inspection, any type of virus that wants to encrypt itself using SSL. So this is why these things are called next generation devices because they’re not just a regular firewall, they’re just blocks traffic coming in.

Now they’re actually doing a whole lot more stuff. Now, other terms here we need to know, for example, Nat gateways, all these devices, all Firewalls does Nap, all Firewalls are Nat gateways because basically what they do is they run. If you guys remember Nap, if you did General Plus, remember that is public to private, private public translation, they basically all do Nat translations. Now Nat gateway in a cloud is a different thing. Nat gateway and a cloud will allow so when you set up the cloud systems, you can set up two cloud sections where you have public servers and you have servers with private IP addresses.

And then what you do is if you want some of these servers with private IP addresses to go out and to get updates and to come back in, you’d set up a Nat gateway so it could go out and come back in. But it only allows the traffic to really go out. It doesn’t really allow anything to get back into it. Now, we did talk and we’re going to talk a little bit later about proxy service, but some of these devices does allow you to filter content. If you guys ever been to an organization where when you type in like Facebook or you try to go to your private email, it redirects you. That would be a content URL filter. Now, most firewalls are proprietary, that most big ones, ASAS, sonic walls, checkpoints, but we do have open source firewalls and open source firewalls.

Here’s a good one, IP fire. And if you guys remember, open source means that the source code is available to you so that you could download and edit and manipulate the source code. Now, I’m not going to go into which one is better. People ask me and which one is better, open source or proprietary? That’s like saying, is Windows better than Mac? Is Linux more secure than Windows? We’re not going to go into that. Let’s just say when it’s proprietary, anyone can look at the source code, people can update, if there’s more vulnerabilities, they can find it, but that means every eye is on it, and if there is a vulnerability, it’s easy to find the proprietary devices. Well, you can’t see the source code finding vulnerabilities harder, but then there’s not a lot of eyes on it.

So you got to give and take here, okay, the other thing here we have is going to be hardware versus software. This right now is a hardware device, all right? This is a hardware firewall. Now, software firewalls generally apply to what’s known as host or virtual firewalls versus this thing is an appliance. So let’s talk about all of this firewalls. Most of the time people think of firewalls, they’re thinking of a hardware or an appliance or a software. This sonic wall that I have here, this is an appliance device. This is a full appliance. This is not a piece of software, obviously you can see that, but Windows Firewalls, that’s a piece of software. So if I go back here and I say, hey, where is my Windows Defender firewall? So this is a piece of software that I can configure.

So this here is a software firewall. This is known as a host base. Now, basically when firewalls come, you have network and you have host base network firewalls that sits on the edge of your network. It basically connects to your main Internet connection, that connects maybe to your ISPs router, your ISPs, sometimes they give you modems. So whatever firewall you have there, that’s basically your network firewall protects the entire network. Host based firewalls are installed on your individual computer, like Windows Defender firewall. A lot of times the endpoint security suites will come with these particular software, with these particular software firewall, the other terms is that you also have virtual firewalls. This is firewalls that are virtualized and basically works to protect virtual environments.

Okay, guys, we went through a lot of different things here with firewalls, just a lot of terms follow up this video when I actually go and configure the firewall rule set as that is a very famous performancebased question for your exam.

6. Configuring firewall rules

In this video, I’m going to be showing you how to configure a firewall. Now this particular video is really important because this is what they love to act on, the simulations or the Pbqs on your exam. They love doing this. Very rarely do you have an exam that doesn’t have firewall configurations. So I’m going be showing you how to configure it on a complex device like this. I’m going to show you a simple one, which is probably the one they’re most likely going to ask for your exam. You got to get the theory down because the interface that they’re going to be using is going to be different than what you’ve seen before. Then we’ll draw some diagrams and I’ll show you what they may be asking. So let’s take a look at the diagram that I have set up. We’ll create a scenario.

Then we’ll go, we’ll set it up here. We’ll take a look at a more simpler device to set it up. And once you get the principles down is what I’m trying to show you, you should be okay on the exam. So let’s take a look at this. So let’s say I have a network and for whatever crazy reason, I decided to host my own web server. So this is a web server. So let’s say that the network’s IP address is 192168. Now, this is all internal stuff. I’m doing it technically it should be a public IP address. But we’ll just go with this for now. One dot, zero slash 24. So this one will be one dot something. And this one here, let’s say is 192-16-8168. Let’s say that one is the web server’s internal IP address. So what I want to do is I want to configure remember what I said. Firewalls by default does not allow traffic to come in the network.

So what we’re going to do is we’re going to configure this firewall to allow traffic from the Wang to come into the land, particularly port four, four, three only, basically only Https traffic because we are hosting a secure website. So to do this, let’s go set up our sonic wall on this. So I’m going to go in here and I am going to type in the IP address of the sonic wall. This is the actual that’s this device we’re logging into right now, the sonic wall administration is something that I’ve been doing 15 years probably. I’ve set up so many of these devices, they’re pretty simple to set up. So, okay, so what I want to go here is in the firewall set up. Now there is a quick configuration. You can do the good thing about sonic quality. They have a wizard that you can actually follow and set it up.

But I want to show you the rule because on the exam you’re not going to have a wizard to set it up. So what here I’m going to do is I want to show you the access rule because the exam may look similar. This sonic right now has everything is default. I mean, I haven’t touched really this device yet. But you notice how it’s like from DMZ to DMZ, it’s going to allow it. Now remember, you have DMZ, you have Wang ports, you have land ports, you have WLAN wireless. Notice from DMZ to Wang, anything in objects in the DMZ cannot access the wireless lab. But land to DMZ is all allowed. The land can basically do anything. The land can go from the land to the DMZ, the land to the VPN clients, SSL VPN are basically allowed everything. Let’s find some VPNs can access almost.

So when your VPN, if you’re coming in from the VPN, you can access almost a lot of stuff. But if you see this being repeated, it’s because of the different services that it’s allowing. But you’ll notice from Wang to the DMZ, all services are denied. And this is the main rule of a firewall right here. Let me see if I can make this bigger. Okay, so this is the main rule of a firewall right here. You see it says data coming from the Wang, the Internet port to the land, any of it is denied. And that’s the default settings on all firewall. Notice how this one is fully enabled. So Wang to Wang is enabled wireless land to land. They’re denying that. If you do want communication between them, you’ll have to enable that. Okay, so let’s go and set up my sonic wall for my scenario here.

So for this, we’re going to have to go to objects and we actually got to create an address object. Now this is unique to this device. You do not need to do this. Keep it in mind. You don’t need to do this for your exam. It’s just that this device needs to configure like that. So I’m going to say add address object. Some year now this will pop up here. Add a dress object. It doesn’t want to add an object. This is what happens when you do live labs on live devices. That doesn’t like you too much. You know why I keep clicking a dress object? It is getting kind of late, guys. Let’s click on Add. Okay, so we’re going to click on Add. We’ll say give it a name here. Arweb server. So let’s say this device is in our land. It’s a host, it’s just one computer. It’s not a range. And we’ll give it an IP address. 192-168-1681.

That’s fine. So there you go. So we’re going to add this in here. Okay, so we have an object called AR Webserver. So what we’re going to do now is we got to go set up a rule. So we got to tell the firewall that you know what, you need to allow traffic from the Wang into our AR Web server. So I’m going to say add here. And the policy name we’re going to give it is going to be, let’s say arweb server. No reason to capitalize. I just put that in there. One of the things I do when I configure firewall, it’s just something I do and there’s no rule against this, but generally when I configure firewall, I generally uppercase my name. So I know I added that in really quickly. It’s just something I’ve been doing for years.

Okay, so we’re going to allow traffic from the Wang to the land, right? The source port it should be originating, the traffic should come in and be coming in on Https. Also https for the service. The source network is all rang, IP address. Doesn’t matter what the IP address on the Wang is, the destination is going to be my AR webserver that I have users is all. We’re not excluding anything else. And we’re going to say add now in its basic settings. That’s it. Basically what we’re doing now is we’re saying we got our own rule there. We’re saying from the Wang to the land we’re going to allow the sources. Any Wang IP address is going right to this web server with Https, as easy as that was. Now that’s all there is. They just got to configure it. Now what I do is I want to show you guys in this video an easier firewall to configure like a linksys.

Now linksys in particular linksys are more like homebase devices. This is more of a business class device. I’m going to go here to just Google linksys, router demos. We’re going to see linksys emulator. So what it is that they published their operating systems online so people can just log into it and use it to practice with. So I want to show you guys, I just clicked on this one. For what reason, I don’t know. You can click on anyone. Basically they all look the same. But I want you guys to the reason why I’m doing this again is to get you guys familiar with this. So you know, okay, this is how these devices are configured. Okay? So on your linksys here, if you want to set up a port forwarder, it’s really what we want to do.

So we’re going to go here to let’s go to access policies. No, we’re going to go to here we go application and games. And what we want to do is we want to add in our own custom application. So let’s say the server is 192168, the internal server. Let’s say this was a linksys and the internal server was 1921-6810. So we want to enable that. So we’re going to say web server. Web server. We’re going to say external port is 443. It’s coming in on 443, the internal port. We’re going to make this a TCP connection. We’re going to say IP address 192168 100. We’re going to enable this. Basically save it. Now this is a demo. I think it’s going to say it actually did. So that’s basically it. Now the main thing you got to learn about firewalls is this from and two. From and two.

That’s what you need to know. From and to coming from this going to this or going out of this into this. That’s really what you need to know on the exam. They’re going to give you a simulator where it’s going to be. You’re going to have to analyze the network and it’s going to be some kind of traffic is not working like this host can’t get out because it’s blocking. So you’re going to have to check to see if the IP addresses in this range is matching what’s the configuration rules on the firewall. All right? So you got to watch it very carefully. It shouldn’t be a difficult lab if you understand that a firewall allows from it. If you understood what I did here then it shouldn’t be too difficult. What you could do here’s a little practice you can do.

Try this on your home router. You’ve got a home router, maybe even a network device. Every one of these things are different. They all look different, but the concepts are still the same. Do some groundwork go and open up port 80 on your firewall so you get familiar with it. You can even try to the linksys thing that I just did. Open up port 80. Open up port 443. Just practice it, then shut it down or don’t leave ports open on your firewall. If you want to try something easy open up Remote Desktop and forward it to an internal computer on your network. And then try to Remote Desktop from your phone on your LTE connection to your internal network to Remote Desktop see the network. So practice playing with ports because you can pretty much expect this question could be a simulator.