Chapter 8

 Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common ports/protocols  Configure a firewall  Describe and configure a security appliance  Describe the purpose of a DMZ  Describe an ACL

8.1

 Software or hardware based security system  Allows or denies traffic based on rules  Protects network/devices from unwanted or untrusted traffic

 Hardware  Used to protect network  Dedicated appliance  At edge of network  More $$$  Software  Used to protect a PC  Less $

 Access control list (ACL)  Set of rules to allow a specific type of traffic, blocking all other traffic  Scans incoming & outgoing traffic

 Packet filtering firewall  Circuit level gateway  Application layer firewall

 Basic firewall (most routers)  Operates at layer 3  Inspects packet  Looks at header info & checks against ACL  Allows or rejects based on: Source IP Destination IP Source port Destination port Inbound or outbound  Example: only allow web traffic from a certain subnet

 Filters based on session layer ID  Remember the 3-way handshake?  It checks the incoming packet to see if it’s part of a legitimate communication  DOES NOT INSPECT EACH PACKET  Just looks for Session ID  Faster than packet filtering  Protects against a SYN FLOOD DOS attack

NORMAL ATTACK

 Filters based on the actual application layer data  AKA Proxy Server  Reassembles packets & looks at the data  Example: filter HTTP web request  You request a web page  Web page arrives, reassembles packets for page  Looks at the content Block URL, website categories

 Normally, web page requests come in on port 80  An online gaming application can be re- configured to use port 80  Normally port 80 HTTP is open  A packet inspection will allow port 80  Application layer firewall will block this because it looks at the content, not port  Can also allow/deny based on users/groups

 Filters request from Internet to your internal servers

 Multipurpose device  Less $  Easy to configure  Don’t have same features as a dedicated firewall

 UTM (Unified threat management device)  Combines firewall, anti-spam, anti-virus, VPN, etc.  Allows you to maintain one device  Single point of failure

 What is the most basic type of firewall and how does it work?  Packet filtering; inspects each packet  Which type of firewall looks for a session to ID to see if the communication was initiated by a device in your network?  Circuit level gateway  What hardware device combines a firewall, anti-spyware, ant-virus protection, and VPN services?  UTM

8.1.3

 Logical connections  All the conversations need to be tracked  Port Number in each segment  Helps identify what service the message is for Web request, , DHCP, etc.  Protocols identified by port numbers

 Each message sent, has a source & destination port number  Source Port  Randomly generated & placed into segment  Tracks incoming segment  Destination Port  Used to pass data to proper application at destination

 1-65,535  Well-known ports   Common applications  Registered ports  ,151  Can be source or destination ports  Used for specific applications like IM  Private ports  49,152 & above  For source ports

ProtocolPort #Information FTP 20/21File transfer SSH 22Secure remote login Telnet 23Remote login (TCP only) SMTP 25Used to send between servers DNS 53Domain Name translation DHCP 67/68Assigning IP addresses HTTP 80Connection to transfer web pages POP3 110Transfer of from server to you IMAP 143Transfer of from server to you HTTPS 443Secure connection for web pages transmission RDP 3389Remote Desktop Protocol

 Identify the Protocol & Port # Review Handout

8.1.4

 Control Panel >> System & Security  Block All Incoming- blocks others from coming in  Allow Program/Feature

 TestOut Configuring Windows Firewall  TestOut Configure a Host Firewall Lab  TestOut Practice Questions (14)  TestOut Configure Network Security Appliance Access Lab  TestOut Practice Questions (3)

8.3

 You have servers that need to be accessed from the Internet  You MUST protect the private, inside network  Create an “in-between area”- DMZ

 A list of rules a packet will be evaluated against to determine if it’s allowed through or not  What you can permit or deny, based on direction (in or out):  Specific PC’s  Subnet or network  Specific protocols  Example: You have a web server:  Allow only HTTP traffic on port 80, deny all others

 Placed on firewall or Cisco router  Configure on firewall or router  Assign to proper interface  Packet is checked against list in order, top to bottom  Once a match is made, permit or deny applies  Rest of list is ignored  Implicit deny at end Don’t make a list without permitting something  Standard or Extended ACLs

 Simple ACL 1:  Deny Mike  Deny Dan  Deny Rhiannon  Permit anyone else  Simple ACL 2:  Deny Don  Deny Allie  Deny Lexi  Implicit deny all at end. NO ONE will get in!

 Simple ACL 3:  Deny Mike  Permit anyone  Deny Bryan  Order is important. Once they hit the permit line, anything below means nothing.  Extended ACL 1:  Deny guys from punching Sarah  Deny Allie from sitting down  Permit anyone else to talk to anyone in here  Very specific.

 TestOut Configuring a Perimeter Firewall  TestOut Creating Firewall ACLs  TestOut Configure a DMZ Lab  TestOut Configure a Perimeter Firewall

 Sits before firewall in network  Inspects packets against network rules  Can hold cache of web pages  Can filter content for users (block or flags sites/words in sites)

 TestOut Configuring a Proxy Server  TestOut Practice Questions (15)

 Complete the study guide handout  Complete TestOut  Practice in Packet Tracer  Jeopardy review

Chapter 8