Chapter 8
 Upon
completion of this chapter, you should
be able to:
 Understand the purpose of a firewall
 Name two types of firewalls
 Identify common ports/protocols
 Configure a firewall
 Describe and configure a security appliance
 Describe the purpose of a DMZ
 Describe an ACL
8.1
 Software
 Allows
or hardware based security system
or denies traffic based on rules
 Protects
network/devices from unwanted or
untrusted traffic
 Hardware




Used to protect network
Dedicated appliance
At edge of network
More $$$
 Software


Used to protect a PC
Less $
 Access


control list (ACL)
Set of rules to allow a specific type of traffic,
blocking all other traffic
Scans incoming & outgoing traffic
 Packet
filtering firewall
 Circuit level gateway
 Application layer firewall
 Basic
firewall (most routers)
 Operates at layer 3
 Inspects packet


Looks at header info & checks against ACL
Allows or rejects based on:





Source IP
Destination IP
Source port
Destination port
Inbound or outbound
 Example:
only allow web traffic from a
certain subnet
 Filters
based on session layer ID
 Remember

It checks the incoming packet to see if it’s part
of a legitimate communication
 DOES



the 3-way handshake?
NOT INSPECT EACH PACKET
Just looks for Session ID
Faster than packet filtering
Protects against a SYN FLOOD DOS attack
NORMAL
ATTACK
 Filters
based on the actual application layer
data

AKA Proxy Server
 Reassembles
 Example:



packets & looks at the data
filter HTTP web request
You request a web page
Web page arrives, reassembles packets for page
Looks at the content

Block URL, website categories
 Normally,
web page requests come in on port
80
 An online gaming application can be reconfigured to use port 80


Normally port 80 HTTP is open
A packet inspection will allow port 80
 Application
layer firewall will block this
because it looks at the content, not port
 Can
also allow/deny based on users/groups
 Filters
request from Internet to your internal
servers
 Multipurpose



device
Less $
Easy to configure
Don’t have same features as a dedicated firewall
 UTM



(Unified threat management device)
Combines firewall, anti-spam, anti-virus, VPN,
etc.
Allows you to maintain one device
Single point of failure
 What
is the most basic type of firewall and
how does it work?

Packet filtering; inspects each packet
 Which
type of firewall looks for a session to
ID to see if the communication was initiated
by a device in your network?

Circuit level gateway
 What
hardware device combines a firewall,
anti-spyware, ant-virus protection, and VPN
services?

UTM
8.1.3
 Logical
connections
 All the conversations need to be tracked


Port Number in each segment
Helps identify what service the message is for

Web request, email, DHCP, etc.
 Protocols
identified by port numbers
 Each
message sent, has a source &
destination port number
 Source Port


Randomly generated & placed into segment
Tracks incoming segment
 Destination

Port
Used to pass data to proper application at
destination
 1-65,535
 Well-known


ports
1- 1023
Common applications
 Registered
ports
1024- 49,151
 Can be source or destination ports
 Used for specific applications like IM

 Private


ports
49,152 & above
For source ports
Protocol
Port #
Information
FTP
20/21
File transfer
SSH
22
Secure remote login
Telnet
23
Remote login (TCP only)
SMTP
25
Used to send email between email servers
DNS
53
Domain Name translation
DHCP
67/68
Assigning IP addresses
HTTP
80
Connection to transfer web pages
POP3
110
Transfer of email from email server to you
IMAP
143
Transfer of email from email server to you
HTTPS
443
Secure connection for web pages transmission
RDP
3389
Remote Desktop Protocol
 Identify
Handout
the Protocol & Port # Review
8.1.4
 Control
Panel >> System & Security
 Block All Incoming- blocks others from
coming in
 Allow Program/Feature
 TestOut
8.1.4- Configuring Windows Firewall
 TestOut
8.1.5- Configure a Host Firewall Lab
 TestOut
8.1.6- Practice Questions (14)
 TestOut
8.2.4- Configure Network Security
Appliance Access Lab
 TestOut
8.2.5- Practice Questions (3)
8.3
 You
have servers that need to be accessed
from the Internet
 You MUST protect the private, inside network
 Create an “in-between area”- DMZ

A list of rules a packet will be evaluated against
to determine if it’s allowed through or not

What you can permit or deny, based on direction
(in or out):
Specific PC’s
 Subnet or network
 Specific protocols


Example: You have a web server:

Allow only HTTP traffic on port 80, deny all others
 Placed






Configure on firewall or router
Assign to proper interface
Packet is checked against list in order, top to
bottom
Once a match is made, permit or deny applies
Rest of list is ignored
Implicit deny at end


on firewall or Cisco router
Don’t make a list without permitting something
Standard or Extended ACLs
 TestOut
8.3.2- Configuring a Perimeter
Firewall
 TestOut
8.3.4- Creating Firewall ACLs
 TestOut
8.3.5- Configure a DMZ Lab
 TestOut
8.3.6- Configure a Perimeter Firewall
 Sits
before firewall in network
 Inspects packets against network rules


Can hold cache of web pages
Can filter content for users (block or flags
sites/words in sites)
 TestOut
8.3.7- Configuring a Proxy Server
 TestOut
8.3.9- Practice Questions (15)
 Complete
the study guide handout
 Complete
TestOut
 Practice
in Packet Tracer
 Jeopardy
review
Chapter 8