From the course: IT Security Foundations: Network Security
Understanding firewalls
From the course: IT Security Foundations: Network Security
Understanding firewalls
- [Instructor] You're looking at a real-time cyber-threat map. The reality is that cyber-attacks occur in significant numbers every single minute of every single day. For most organizations, a firewall is used as a first line of defense. A firewall is a hardware or software-based method to control incoming and outgoing traffic, and it's based on a set of rules that either permit or deny traffic on a network or host. With a firewall, the concept is simple. Traffic is either allowed or denied and gives the administrator greater control over the types of traffic originating from inside and outside of the protected network. Today, there are many different types of firewalls, from software-based to dedicated appliances, that defend an enterprise network. First, let's talk about software-based firewalls. Now, personal or software-based firewalls generally reside on a host, such as a laptop or desktop computer. Most support stateful packet inspection, and some offer network address translation. Rules can be set to allow specific applications to pass through, such as HTTPS or DNS. Software-based firewalls work in the background on the device to protect the integrity of the system from malicious activity by controlling connections to and from a user's computer. The firewall filters inbound and outbound traffic and alerts the user to attempted intrusions. A good example of this is the Windows Firewall. You can gain access to this by finding it in the control panel. Now, I've opened it up, and here we can see Windows Defender Firewall with Advanced Security. And if you click on inbound rules, you can see a list of applications and whether they're allowed or blocked. And the same is with outbound rules. Now you can modify any of those rules or add to those. But prior to modifying any of the rules on a firewall, be careful because, remember, it's part of a layered defense for your system. Now, a router firewall is a physical device that can provide straightforward firewall features that block or allow certain IP addresses and port numbers and use network address translation to mask private IP addresses. They're often ready out of the box but can be further configured to meet specific needs. Firewalls ensure access control between networks by using what's called an access control list that filters traffic and monitors established traffic patterns. Rules can be set on each interface for ingress and egress filtering. Ingress filtering prevents attack packets such as malware from entering the protected network. Egress filtering is just as important as it prevents certain packets from leaving the network. Now, some reasons to include egress filtering are as follows. It can stop malware from connecting to the malware's command server, block unwanted services such as YouTube, and avoid contributing to distributed denial of service attacks, spamming, and botnets. Let's test your knowledge. Imagine you're talking to a friend about security devices. How would you describe what is a firewall and what can it do to protect the network? You can record your answer on the challenge worksheet. Firewalls block malicious traffic and protect hosts from untrusted users. Because of this, during selection, ensure that the firewall is robust and is able to handle the volume of traffic passing through the device. In addition, keep the firewall updated so that it's resistant to attacks. On a host or on an enterprise network, firewalls provide a first line of defense against many of today's threats.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.