Firewalls and Security

Learning outcomes

  • Define the purpose of a firewall
  • Describe how the order of the rules affects a firewall
  • Demonstrate the difference between a base of deny any vs. allow any
  • Describe the threats firewalls protect against

Would you like to download my PowerPoint to folllow along?

  • What is a firewall?
    • Monitor traffic
    • Ingress and Egress (in and out) traffic can be monitored and controlled
    • A way to separate your network from the WWW (World Wide Web)
  • How are firewalls different on different operating systems?
    • Different Operating Systems use different types of firewalls and have different ways to interact with the firewall
    • Some examples include: UFW (Ubuntu) Firewalld (Red Hat) and Windows Defender Firewall (Microsoft)
  • What kinds of firewalls are there and how do we sort them?
    • Hardware vs Software
    • Stateful vs Stateless
    • Network vs Host
    • Static vs Dynamic
  • Allow all vs deny all
    • Firewalls that work with packets have rules
    • Rules must have a default if no other rules apply
    • Deny All
      • More Secure
      • Needs more work to keep up to date
      • Used in places like governments and secure R&D where security is more needed
    • Allow All
      • Less secure
      • Needs less hands-on watching
      • Used in places where you don't need as much protection such as small businesses
  • What firewalls are NOT good at
    • Any Social Engineering threats
    • If you don't know the issue is coming you can't tell the firewall to protect you from it
    • They are reactive not proactive
  • What firewalls are good protection for
    • Prevents some unauthorized remote access
      • Not all! Scammers can get through on Browsers still
      • Social Engineering and viruses can still give up access
    • Extra layer of protection for legacy systems
    • Can be used to Block access to specific sites from within the network such as social media
    • Can give extra info in logs of ingress/egress on network
  • Ok, but why do I care for security
    • Hardening of the system
      • In security we need to protect systems by knowing where our vulnerabilities are to mitigate them
      • Blue Team
    • Testing limits of the system
      • Pen testing
      • Red Team
  • What do most companies do with firewalls?
    • Layered approach
    • Multiple vendors (Swiss cheese model)
    • DMZ

Suggested Activities and Discussion Topics:

  • In pairs, discuss How could you use a Firewall to prevent a DDOS attack, and what the limitations of your protections might be.
  • Work as a group to come up with 3 Firewall rules for your company including explanations of why those rules are helpful

Would you like to see some more classes? Click here