1. Chapter 8

2.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common ports/protocols  Configure a firewall  Describe and configure a security appliance  Describe the purpose of a DMZ  Describe an ACL

3. 8.1

4.  Software or hardware based security system  Allows or denies traffic based on rules  Protects network/devices from unwanted or untrusted traffic

6.  Hardware  Used to protect network  Dedicated appliance  At edge of network  More $$$  Software  Used to protect a PC  Less $

7.  Access control list (ACL)  Set of rules to allow a specific type of traffic, blocking all other traffic  Scans incoming & outgoing traffic

8.  Packet filtering firewall  Circuit level gateway  Application layer firewall

9.  Basic firewall (most routers)  Operates at layer 3  Inspects packet  Looks at header info & checks against ACL  Allows or rejects based on: Source IP Destination IP Source port Destination port Inbound or outbound  Example: only allow web traffic from a certain subnet

10.  Filters based on session layer ID  Remember the 3-way handshake?  It checks the incoming packet to see if it’s part of a legitimate communication  DOES NOT INSPECT EACH PACKET  Just looks for Session ID  Faster than packet filtering  Protects against a SYN FLOOD DOS attack

11. NORMAL ATTACK

12.  Filters based on the actual application layer data  AKA Proxy Server  Reassembles packets & looks at the data  Example: filter HTTP web request  You request a web page  Web page arrives, reassembles packets for page  Looks at the content Block URL, website categories

13.  Normally, web page requests come in on port 80  An online gaming application can be re- configured to use port 80  Normally port 80 HTTP is open  A packet inspection will allow port 80  Application layer firewall will block this because it looks at the content, not port  Can also allow/deny based on users/groups

14.  Filters request from Internet to your internal servers

15.  Multipurpose device  Less $  Easy to configure  Don’t have same features as a dedicated firewall

16.  UTM (Unified threat management device)  Combines firewall, anti-spam, anti-virus, VPN, etc.  Allows you to maintain one device  Single point of failure

17.  What is the most basic type of firewall and how does it work?  Packet filtering; inspects each packet  Which type of firewall looks for a session to ID to see if the communication was initiated by a device in your network?  Circuit level gateway  What hardware device combines a firewall, anti-spyware, ant-virus protection, and VPN services?  UTM

18. 8.1.3

19.  Logical connections  All the conversations need to be tracked  Port Number in each segment  Helps identify what service the message is for Web request, email, DHCP, etc.  Protocols identified by port numbers

21.  Each message sent, has a source & destination port number  Source Port  Randomly generated & placed into segment  Tracks incoming segment  Destination Port  Used to pass data to proper application at destination

22.  1-65,535  Well-known ports  1- 1023  Common applications  Registered ports  1024- 49,151  Can be source or destination ports  Used for specific applications like IM  Private ports  49,152 & above  For source ports

23. ProtocolPort #Information FTP 20/21File transfer SSH 22Secure remote login Telnet 23Remote login (TCP only) SMTP 25Used to send email between email servers DNS 53Domain Name translation DHCP 67/68Assigning IP addresses HTTP 80Connection to transfer web pages POP3 110Transfer of email from email server to you IMAP 143Transfer of email from email server to you HTTPS 443Secure connection for web pages transmission RDP 3389Remote Desktop Protocol

24.  Identify the Protocol & Port # Review Handout

25. 8.1.4

26.  Control Panel >> System & Security  Block All Incoming- blocks others from coming in  Allow Program/Feature

27.  TestOut 8.1.4- Configuring Windows Firewall  TestOut 8.1.5- Configure a Host Firewall Lab  TestOut 8.1.6- Practice Questions (14)  TestOut 8.2.4- Configure Network Security Appliance Access Lab  TestOut 8.2.5- Practice Questions (3)

28. 8.3

29.  You have servers that need to be accessed from the Internet  You MUST protect the private, inside network  Create an “in-between area”- DMZ

30.  A list of rules a packet will be evaluated against to determine if it’s allowed through or not  What you can permit or deny, based on direction (in or out):  Specific PC’s  Subnet or network  Specific protocols  Example: You have a web server:  Allow only HTTP traffic on port 80, deny all others

31.  Placed on firewall or Cisco router  Configure on firewall or router  Assign to proper interface  Packet is checked against list in order, top to bottom  Once a match is made, permit or deny applies  Rest of list is ignored  Implicit deny at end Don’t make a list without permitting something  Standard or Extended ACLs

32.  Simple ACL 1:  Deny Mike  Deny Dan  Deny Rhiannon  Permit anyone else  Simple ACL 2:  Deny Don  Deny Allie  Deny Lexi  Implicit deny all at end. NO ONE will get in!

33.  Simple ACL 3:  Deny Mike  Permit anyone  Deny Bryan  Order is important. Once they hit the permit line, anything below means nothing.  Extended ACL 1:  Deny guys from punching Sarah  Deny Allie from sitting down  Permit anyone else to talk to anyone in here  Very specific.

35.  TestOut 8.3.2- Configuring a Perimeter Firewall  TestOut 8.3.4- Creating Firewall ACLs  TestOut 8.3.5- Configure a DMZ Lab  TestOut 8.3.6- Configure a Perimeter Firewall

36.  Sits before firewall in network  Inspects packets against network rules  Can hold cache of web pages  Can filter content for users (block or flags sites/words in sites)

37.  TestOut 8.3.7- Configuring a Proxy Server  TestOut 8.3.9- Practice Questions (15)

38.  Complete the study guide handout  Complete TestOut  Practice in Packet Tracer  Jeopardy review

39. Chapter 8