WEBVTT

00:00.730 --> 00:05.350
Firewalls are arguably one of the best methods of protecting your computer.

00:05.680 --> 00:07.660
Yet very few people understand them.

00:08.020 --> 00:13.720
I will suggest that the reason for this is because Microsoft does a pretty good job of implementing

00:13.720 --> 00:16.720
firewalls within their Windows operating system.

00:17.980 --> 00:26.290
Windows firewalls has been part of the operating systems since its introduction in Windows XP Service

00:26.290 --> 00:26.830
Pack two.

00:27.130 --> 00:33.190
And over time, its functional functionality has increased as a basic description.

00:33.190 --> 00:40.420
Their firewall is designed to either allow or deny network traffic based upon a sort of defined criteria.

00:41.790 --> 00:50.250
So these criteria could be a predefined set of default rules or called the use of created or even combination

00:50.250 --> 00:50.880
of two.

00:51.690 --> 00:55.740
These rules are often referred to as access control entries.

00:55.830 --> 01:06.330
AC and group of them form an access control list ACL, so these criteria could then be applied to outpoint

01:06.330 --> 01:11.400
or egress, trafficked or inbound or increase traffic.

01:11.910 --> 01:17.100
So understanding that a rule can be applied in each direction is important to know.

01:17.100 --> 01:23.400
For example, you may be troubleshooting a connectivity problem between two devices so you won't use

01:23.400 --> 01:25.080
the commonly used I.

01:25.080 --> 01:28.020
S MP tool known as ping signs.

01:28.440 --> 01:33.330
Um, I can be used for malicious purposes and Windows Firewall looks.

01:33.330 --> 01:41.730
It's by default, so you are aware of this and enable and uh and outbound rule to load the traffic out,

01:41.940 --> 01:43.680
but you get no responses back.

01:43.920 --> 01:49.890
This is very likely due to an important rule preventing ICMP traffic back into your PC you.

01:50.670 --> 02:00.270
So in this screenshot, we can see the result of two attempts to ping the IP address 8.8.8.8, which

02:00.270 --> 02:07.140
belongs to the Google's public DNS server and is commonly used by I.T. support staff to test connectivity

02:07.140 --> 02:07.890
to the internet.

02:08.250 --> 02:13.710
So we can see that the ping command at the beginning of this screenshot is useful.

02:14.340 --> 02:21.630
A successful action before running the command the second time I enabled, uh, outpoint firewall,

02:22.260 --> 02:25.260
a rule that blocks ICMP traffic.

02:25.500 --> 02:31.470
As you can see here, the second command does not elicit the same result as the first one.

02:36.030 --> 02:40.980
So a number of firewalls reach for their rules in a sequential manner.

02:41.190 --> 02:48.780
So they read the rules in order until they find one that matches and then apply that rule and doesn't

02:48.780 --> 02:50.550
carry out any further processing.

02:50.820 --> 02:53.640
So what problems called arise from this?

02:56.740 --> 02:57.700
So we have two.

02:58.060 --> 03:00.250
Let's look at the absolute firewall rules.

03:00.490 --> 03:08.860
So the first rule is block all inbound traffic from an IP address between ten point zero points 0.1

03:08.860 --> 03:11.500
and ten point zero point zero point ten.

03:12.180 --> 03:19.360
And the second rule is a low all inbound traffic from at just ten point zero point zero point five.

03:19.690 --> 03:25.270
So the firewall will look for a match for rule, a rule of one first.

03:25.690 --> 03:30.540
And if no one's found it, will then move on to check it out.

03:30.550 --> 03:37.960
Rule two If a match was found against Rule one, then it will the world look traffic and not even look

03:37.960 --> 03:38.740
at Rule two.

03:39.250 --> 03:41.110
So that's a real and good.

03:41.110 --> 03:46.780
But what happens to any in that traffic from ten point zero point zero point five?

03:47.200 --> 03:53.980
Despite that, others explicitly being a law to the at the rule tool, it matches a certain criteria

03:53.980 --> 03:54.790
at Rule one.

03:54.970 --> 03:56.380
So it would be blocked.

03:56.770 --> 04:01.370
So a better way of doing this will be to reverse the order of the rule.

04:01.420 --> 04:09.670
So the first rule will be a law all in one traffic from IP address ten point zero point zero point five.

04:09.940 --> 04:16.900
And the second rule will block all inbound traffic from an address from an IP address between ten point

04:16.990 --> 04:20.920
zero points 0.1 and ten point zero point zero point ten.

04:21.790 --> 04:28.390
So by reversing the rules and inbound traffic from ten point zero points, zero point five will be received

04:28.390 --> 04:31.540
by the firewall and cooperate against Rule one.

04:31.840 --> 04:38.620
So in this case, rule one is a match, so the traffic is allowed and Rule two never gets checked.

04:39.370 --> 04:46.180
So Windows Firewall is an example of host based firewall, so a host based firewall is one that is either

04:46.180 --> 04:50.250
built into the operating system or installed on the device.

04:50.260 --> 04:57.310
So, uh, the limitation of this is that you need to configure the firewall on each device and it only

04:57.310 --> 04:59.050
protects that device.

04:59.380 --> 05:05.290
So, you know, one saving grace if you are in a domain environment, is that you can deploy these settings

05:05.290 --> 05:11.710
to each machine using group policy project object actually not project and network based firewall,

05:11.950 --> 05:18.910
on the other hand, provides protection to all of your networks and monitors traffic going in and out

05:18.910 --> 05:19.630
of the network.

05:19.900 --> 05:25.150
So this may be true the dedicated hardware device or the future on another network device, such as

05:25.150 --> 05:31.870
a writer in an organization, you may find network based firewalls are in operating operation between

05:31.870 --> 05:36.910
your own networks and not just between your internal network and the outside world.

05:38.500 --> 05:45.280
So reading to them, as you can see in the screenshot, you may be thinking that the network based firewalls

05:45.280 --> 05:48.790
is a better of the two as it protects the entire network.

05:49.030 --> 05:53.770
However, now I will, uh, write some diagram here.

05:54.050 --> 05:58.480
Well, let's open our diagram of the Are you here?

06:00.190 --> 06:00.870
Can you see it?

06:01.440 --> 06:01.800
Yes.

06:03.240 --> 06:05.180
All that increase the size and the bit.

06:06.420 --> 06:06.690
Here.

06:14.390 --> 06:17.120
So you can see here, so the upon that.

06:17.150 --> 06:19.520
So let's go to new pitch here.

06:20.510 --> 06:29.480
So now I will create a firewall diagram here for better understanding and illustration.

06:30.170 --> 06:37.280
So let's create we need for, uh, for this, we need actually to come to Rome Firewall and one closed

06:37.280 --> 06:38.600
and one router.

06:39.230 --> 06:41.990
So here let's create that diagram.

06:42.320 --> 06:44.780
And like here.

06:46.430 --> 06:48.800
So this will be our comfortable on.

06:51.350 --> 06:53.630
He is home preacher a.

06:55.640 --> 07:00.690
And this will be our computer will be computer we.

07:02.820 --> 07:03.180
Yes.

07:05.440 --> 07:11.410
So these two computers connect to charter routers.

07:11.440 --> 07:11.830
Yes.

07:13.740 --> 07:18.120
For example, like that, so it is computers connected to disrupters.

07:19.980 --> 07:20.490
One.

07:22.250 --> 07:23.300
Two of.

07:34.290 --> 07:34.620
Yes.

07:34.960 --> 07:35.610
One two.

07:38.970 --> 07:39.240
Yeah.

07:40.080 --> 07:48.210
And these rioters, these rioters connects to firewall network based firewall.

07:53.450 --> 07:54.680
For example.

08:05.160 --> 08:05.450
Yes.

08:05.790 --> 08:07.620
So this is the network based firewall.

08:09.900 --> 08:11.790
Network based.

08:13.740 --> 08:14.900
Just prior to.

08:16.960 --> 08:17.800
It'll make it.

08:19.650 --> 08:23.910
And so this rather connects to this network based firewall here.

08:24.720 --> 08:27.810
Oh, that's actually decrease the size of it.

08:28.720 --> 08:32.140
And these firewall calls to internet.

08:34.160 --> 08:34.760
Lieutenant.

08:38.350 --> 08:39.940
Yes, internal.

08:45.580 --> 08:45.980
It's right.

09:02.940 --> 09:03.260
Okay.

09:04.820 --> 09:06.830
But his firewall then goes to internet.

09:09.100 --> 09:17.020
So, uh, as you can see in this diagram, you may be thinking that network based firewall is the better

09:17.020 --> 09:19.450
of the two as it protects the entire network.

09:19.820 --> 09:22.870
However, look at this diagram here.

09:23.350 --> 09:25.660
So I actually let me.

09:26.830 --> 09:27.470
Watch this.

09:27.510 --> 09:28.900
Is this recording, yes.

09:29.590 --> 09:33.340
So however, look at this tiger stall.

09:35.110 --> 09:40.710
As you can see here and pay particular attention to the placement of the firewall here.

09:41.880 --> 09:45.550
So it's only inspecting traffic that transmits trotted.

09:45.570 --> 09:54.300
But what will happen if a computer age here is compromised from attacking computer B, if this comes

09:54.300 --> 09:57.550
after a attacks who come to be?

09:57.570 --> 09:58.500
Then what happens?

10:00.000 --> 10:07.200
So, so is host based firewall better, so it will certainly prevent the present you where computer

10:07.470 --> 10:10.230
a year attacks to come to me.

10:12.940 --> 10:13.570
So but.

10:16.010 --> 10:20.570
It's certain to prevent the present and gives you very comfortable I attack comfortably, of course,

10:20.570 --> 10:25.670
but it leaves your network susceptible to an attack from outside.

10:26.450 --> 10:31.310
So then internet can attack to your comfort or comfortably without justifiable.

10:35.360 --> 10:41.150
So you may be thinking that's OK, because the host base firewalls will protect the system, but this

10:41.150 --> 10:47.120
may be correct for some systems, but not all network devices have the capability to have a host based

10:47.120 --> 10:47.690
firewall.

10:48.140 --> 10:56.780
A lot of Internet of Things do our Internet of Things devices are a prime example of this because of

10:56.780 --> 10:57.160
this.

10:57.390 --> 11:05.950
It's recommended to any network you run has bought host based and network based firewalls to provide

11:06.050 --> 11:08.420
what is known as defense in depth.

11:10.110 --> 11:10.680
So.

11:11.840 --> 11:17.900
Careful consideration needs to take place in respect of positioning the network based firewalls to ensure

11:18.230 --> 11:26.510
that there is no gaps and there is no gaps, and to allow you to play your roles out particularly.

11:27.580 --> 11:27.970
So.

11:29.200 --> 11:35.620
Actually, in next lecture, we will create, um, actually we will cover the various different types

11:35.620 --> 11:40.120
of firearms in more detail in next, uh, in this course, actually.

11:40.120 --> 11:44.500
But for now, I would like to look at the built in Windows firewall.

11:44.500 --> 11:50.410
So in next lecture, we will, um, create and edit our built in Windows Firewall.

11:50.530 --> 11:52.120
So I'm waiting on this lecture.