1
00:00:00,090 --> 00:00:00,960
In this lesson,

2
00:00:00,960 --> 00:00:03,570
we're going to learn how to configure firewalls.

3
00:00:03,570 --> 00:00:05,430
While routers can use access control lists

4
00:00:05,430 --> 00:00:07,920
to provide some protections and filtering for our networks,

5
00:00:07,920 --> 00:00:10,410
it's really that dedicated device that is a firewall

6
00:00:10,410 --> 00:00:12,840
that excels at using access control lists.

7
00:00:12,840 --> 00:00:15,000
Now, access control lists are very important for us

8
00:00:15,000 --> 00:00:17,490
to be able to secure our networks from unwanted traffic.

9
00:00:17,490 --> 00:00:19,650
A large portion of the permit and deny statements

10
00:00:19,650 --> 00:00:21,960
that we're going to utilize inside of our ACLs

11
00:00:21,960 --> 00:00:23,400
are going to be based on port numbers,

12
00:00:23,400 --> 00:00:24,630
because those directly correlate

13
00:00:24,630 --> 00:00:28,170
with an application or service that we want to allow or block.

14
00:00:28,170 --> 00:00:30,180
An access control list, or ACL,

15
00:00:30,180 --> 00:00:32,610
is the rule set that's going to be placed on the firewall,

16
00:00:32,610 --> 00:00:34,623
router, or other network infrastructure devices

17
00:00:34,623 --> 00:00:36,450
that will permit or allow traffic

18
00:00:36,450 --> 00:00:38,430
through a particular interface.

19
00:00:38,430 --> 00:00:39,810
These rule sets are going to be used

20
00:00:39,810 --> 00:00:42,960
to control the flow of traffic into or out of our networks.

21
00:00:42,960 --> 00:00:45,090
Now, while access control lists can also be used

22
00:00:45,090 --> 00:00:47,040
to help define proper quality of service levels

23
00:00:47,040 --> 00:00:48,300
inside of our networks,

24
00:00:48,300 --> 00:00:49,320
in this lesson,

25
00:00:49,320 --> 00:00:51,180
we're really going to be focused on their crucial role

26
00:00:51,180 --> 00:00:52,500
in security of our networks

27
00:00:52,500 --> 00:00:54,630
and their use inside of firewalls.

28
00:00:54,630 --> 00:00:57,090
To configure the access control lists on our firewalls,

29
00:00:57,090 --> 00:00:59,130
we're either going to be using a web-based interface

30
00:00:59,130 --> 00:01:01,560
or a text-based command-line interface.

31
00:01:01,560 --> 00:01:03,240
When configuring these ACLs,

32
00:01:03,240 --> 00:01:04,680
it's always important to remember

33
00:01:04,680 --> 00:01:06,210
that the order in which they're listed

34
00:01:06,210 --> 00:01:08,400
will specify the order of the actions that are taken

35
00:01:08,400 --> 00:01:10,320
on a particular piece of traffic.

36
00:01:10,320 --> 00:01:13,050
Actions will always be performed in a top down manner

37
00:01:13,050 --> 00:01:15,090
inside of an access control list.

38
00:01:15,090 --> 00:01:17,700
The traffic will first be compared against the first rule,

39
00:01:17,700 --> 00:01:19,470
and then if it matches the condition,

40
00:01:19,470 --> 00:01:20,790
the action will be applied

41
00:01:20,790 --> 00:01:23,580
and it will no longer perform the rest of the ACL.

42
00:01:23,580 --> 00:01:26,040
For this reason, we always use the specific rules

43
00:01:26,040 --> 00:01:27,120
at the top of the list

44
00:01:27,120 --> 00:01:28,290
and then the more generic rules

45
00:01:28,290 --> 00:01:29,460
towards the bottom of the list

46
00:01:29,460 --> 00:01:31,650
to give us the best levels of protection.

47
00:01:31,650 --> 00:01:33,450
Now, many devices will support the use

48
00:01:33,450 --> 00:01:36,540
of an implied deny function for their rule set too.

49
00:01:36,540 --> 00:01:39,030
Other devices, though, will not support this function,

50
00:01:39,030 --> 00:01:40,320
and so it's considered a best practice

51
00:01:40,320 --> 00:01:43,710
to always include a deny all rule at the end of your ACL

52
00:01:43,710 --> 00:01:45,330
to ensure that only authorized traffic

53
00:01:45,330 --> 00:01:47,160
will be able to enter your network.

54
00:01:47,160 --> 00:01:49,170
Finally, it's important to log your actions

55
00:01:49,170 --> 00:01:50,940
taken by our network infrastructure devices,

56
00:01:50,940 --> 00:01:52,230
like our firewalls.

57
00:01:52,230 --> 00:01:53,580
Anytime a rule condition is met

58
00:01:53,580 --> 00:01:54,930
from the access control list,

59
00:01:54,930 --> 00:01:56,220
the action should be taken,

60
00:01:56,220 --> 00:01:58,170
and then that action should be logged.

61
00:01:58,170 --> 00:02:00,300
This includes any deny actions that are taken,

62
00:02:00,300 --> 00:02:03,630
including the deny all at the bottom of the ACL.

63
00:02:03,630 --> 00:02:04,950
Access control list rules

64
00:02:04,950 --> 00:02:07,200
are going to be made up of some key pieces of information,

65
00:02:07,200 --> 00:02:09,630
including the type of traffic, the source of traffic,

66
00:02:09,630 --> 00:02:10,979
the destination of the traffic,

67
00:02:10,979 --> 00:02:13,620
and the action that should be taken against that traffic.

68
00:02:13,620 --> 00:02:15,990
For example, this access control list

69
00:02:15,990 --> 00:02:17,460
has a first entry line here,

70
00:02:17,460 --> 00:02:22,460
stating that it's going to allow TCP traffic from 192.168.00

71
00:02:23,190 --> 00:02:26,160
to any destination IP over port 22.

72
00:02:26,160 --> 00:02:28,260
Now, routers can provide basic security

73
00:02:28,260 --> 00:02:30,690
using these access control lists and filtering rules,

74
00:02:30,690 --> 00:02:32,580
but it is really our network firewalls

75
00:02:32,580 --> 00:02:34,890
that are most commonly going to be used for network security

76
00:02:34,890 --> 00:02:38,280
and bulk blocking and allowing using an access control list.

77
00:02:38,280 --> 00:02:40,080
So now that we've covered the basics

78
00:02:40,080 --> 00:02:41,760
of what an access control list is,

79
00:02:41,760 --> 00:02:43,650
let's take a look at how we can configure

80
00:02:43,650 --> 00:02:46,530
a basic small office/home office hardware firewall,

81
00:02:46,530 --> 00:02:48,660
and then we'll configure a software firewall

82
00:02:48,660 --> 00:02:51,450
inside of the Windows or macOS systems.

83
00:02:51,450 --> 00:02:54,600
First, let's take a look at our hardware-based firewall.

84
00:02:54,600 --> 00:02:56,940
In this example, I'm going to use a typical router

85
00:02:56,940 --> 00:02:59,400
switch access point combination device

86
00:02:59,400 --> 00:03:00,870
manufactured by NETGEAR

87
00:03:00,870 --> 00:03:04,170
and marketed as a wireless router N300 model.

88
00:03:04,170 --> 00:03:05,610
Now, this is probably very similar

89
00:03:05,610 --> 00:03:07,710
to what most of you are using in your small office

90
00:03:07,710 --> 00:03:09,390
or home office environments.

91
00:03:09,390 --> 00:03:11,520
Your interface and settings on your firewall

92
00:03:11,520 --> 00:03:13,140
are going to look a little different than mine,

93
00:03:13,140 --> 00:03:15,300
but it's still going to give you the same general idea

94
00:03:15,300 --> 00:03:16,680
of what kind of options there are

95
00:03:16,680 --> 00:03:18,630
and how you can configure one of these firewalls

96
00:03:18,630 --> 00:03:20,430
at your network boundary.

97
00:03:20,430 --> 00:03:23,850
So on the screen, you can see the basic web-based access

98
00:03:23,850 --> 00:03:25,500
for this wireless router

99
00:03:25,500 --> 00:03:28,020
wireless access point combination device.

100
00:03:28,020 --> 00:03:30,150
Now, on mine, I'm going to go to Security,

101
00:03:30,150 --> 00:03:32,010
which is where the firewall is located.

102
00:03:32,010 --> 00:03:35,640
And it's under Block Services on this particular router.

103
00:03:35,640 --> 00:03:39,150
Now, usually, most of these small office/home office routers

104
00:03:39,150 --> 00:03:41,520
are going to have a very weak type firewall,

105
00:03:41,520 --> 00:03:43,350
and they hide it by calling it something else

106
00:03:43,350 --> 00:03:45,090
instead of calling it a firewall.

107
00:03:45,090 --> 00:03:48,300
So it'll be called block sites, block services, block ports,

108
00:03:48,300 --> 00:03:49,620
something of that nature.

109
00:03:49,620 --> 00:03:51,480
So in this case, it's block services.

110
00:03:51,480 --> 00:03:53,280
And I can do it based on a schedule,

111
00:03:53,280 --> 00:03:55,380
so I only want it to be done at certain times of the day

112
00:03:55,380 --> 00:03:56,790
or always.

113
00:03:56,790 --> 00:03:58,800
Let's say I want to block something like Telnet,

114
00:03:58,800 --> 00:04:00,540
I'm going to always block it.

115
00:04:00,540 --> 00:04:02,160
I'm going to add a block,

116
00:04:02,160 --> 00:04:05,130
and the block I want to use is going to be a service.

117
00:04:05,130 --> 00:04:06,960
And go down to Telnet.

118
00:04:06,960 --> 00:04:09,750
Now, it automatically knows that Telnet is port 23,

119
00:04:09,750 --> 00:04:11,760
so it's going to block port 23 for me.

120
00:04:11,760 --> 00:04:14,520
It's called Telnet because this is a predefined one.

121
00:04:14,520 --> 00:04:17,550
And then I can block it for all IP addresses in this network

122
00:04:17,550 --> 00:04:20,790
or only certain IP addresses or a certain range.

123
00:04:20,790 --> 00:04:23,130
So maybe I want to block it for everything for Telenet.

124
00:04:23,130 --> 00:04:25,770
That's fine, we can go ahead and add that to our list.

125
00:04:25,770 --> 00:04:27,000
Now if we want to add something else,

126
00:04:27,000 --> 00:04:28,440
let's say I have another rule.

127
00:04:28,440 --> 00:04:31,230
In this case, I want to block port 666

128
00:04:31,230 --> 00:04:32,310
because maybe there's a game

129
00:04:32,310 --> 00:04:34,110
I don't want my kids playing on that.

130
00:04:34,110 --> 00:04:36,270
So I'll block it as port 666.

131
00:04:36,270 --> 00:04:38,460
I'm going to make it TCP, UDP, or both.

132
00:04:38,460 --> 00:04:40,170
I'm going to say both in this case.

133
00:04:40,170 --> 00:04:42,450
And I'm just going to call it Game.

134
00:04:42,450 --> 00:04:44,700
And then I can block it for an IP range.

135
00:04:44,700 --> 00:04:47,550
Maybe I don't want it to be accessed by my kids,

136
00:04:47,550 --> 00:04:51,362
which all have their devices in the 10.0.0.2

137
00:04:51,362 --> 00:04:53,240
and 10.0.0.10 range.

138
00:04:53,240 --> 00:04:55,560
If I do that, I can go ahead and Add.

139
00:04:55,560 --> 00:04:58,140
And, again, that adds another rule to the firewall

140
00:04:58,140 --> 00:05:01,200
where we are blocking port 666

141
00:05:01,200 --> 00:05:03,420
over that range of IPs.

142
00:05:03,420 --> 00:05:04,530
And you can see how this works

143
00:05:04,530 --> 00:05:06,510
as you can add or delete different rules.

144
00:05:06,510 --> 00:05:08,670
And then I can go through and I can do another one.

145
00:05:08,670 --> 00:05:13,670
Let's say I want to block the FTP server.

146
00:05:13,800 --> 00:05:15,180
So I will just go through here

147
00:05:15,180 --> 00:05:16,800
and say User Defined,

148
00:05:16,800 --> 00:05:18,810
port 20 through port 21,

149
00:05:18,810 --> 00:05:21,240
because that is the connection port

150
00:05:21,240 --> 00:05:23,430
and the data ports for FTP.

151
00:05:23,430 --> 00:05:25,593
And then we'll give it a name of FTP.

152
00:05:26,760 --> 00:05:29,430
And we can do it for all IP addresses in this range

153
00:05:29,430 --> 00:05:31,950
so nobody can access FTP servers.

154
00:05:31,950 --> 00:05:34,500
That's the idea of how this firewall works.

155
00:05:34,500 --> 00:05:36,000
And you can do it, in this case,

156
00:05:36,000 --> 00:05:38,310
it's blocking the outbound connections

157
00:05:38,310 --> 00:05:39,480
because it's preventing us

158
00:05:39,480 --> 00:05:42,090
from sending things out to the internet.

159
00:05:42,090 --> 00:05:43,290
Now, if we want to block things

160
00:05:43,290 --> 00:05:45,210
from coming in from the internet,

161
00:05:45,210 --> 00:05:46,140
we're going to have to do that

162
00:05:46,140 --> 00:05:48,810
in a different firewall on this particular device

163
00:05:48,810 --> 00:05:52,770
because this one only has the outbound defined here.

164
00:05:52,770 --> 00:05:54,390
It's going to have what things

165
00:05:54,390 --> 00:05:56,880
as it's going out to the internet.

166
00:05:56,880 --> 00:05:59,550
Now, if I want to do this on inbound stuff,

167
00:05:59,550 --> 00:06:02,430
I would have to go and find that in this particular router.

168
00:06:02,430 --> 00:06:04,380
That's usually going to be something like port forwarding

169
00:06:04,380 --> 00:06:05,910
or port triggering,

170
00:06:05,910 --> 00:06:07,710
or something like a static route.

171
00:06:07,710 --> 00:06:10,560
And so in this case, I can port forward or port trigger

172
00:06:10,560 --> 00:06:11,820
and say, hey, if something's trying

173
00:06:11,820 --> 00:06:15,180
to come in on port 21 FTP,

174
00:06:15,180 --> 00:06:17,430
it can go and be routed to my server,

175
00:06:17,430 --> 00:06:21,210
which is at the .50, for instance.

176
00:06:21,210 --> 00:06:22,710
And so now, anything that comes in

177
00:06:22,710 --> 00:06:25,620
that's trying to get to this router on port 21

178
00:06:25,620 --> 00:06:29,790
is going to be forwarded over to that IP address of .50.

179
00:06:29,790 --> 00:06:32,340
So that's how you allow things into your network

180
00:06:32,340 --> 00:06:34,650
based on this particular firewall.

181
00:06:34,650 --> 00:06:36,930
Now, how do you block things at the firewall?

182
00:06:36,930 --> 00:06:38,670
Well, in this particular router,

183
00:06:38,670 --> 00:06:40,200
everything is blocked by default

184
00:06:40,200 --> 00:06:42,300
because it's doing an implicit deny.

185
00:06:42,300 --> 00:06:44,790
So anytime I add a rule like FTP here,

186
00:06:44,790 --> 00:06:47,280
that's doing an explicit allow,

187
00:06:47,280 --> 00:06:48,660
and so anything you don't allow

188
00:06:48,660 --> 00:06:51,270
is going to be blocked by default on the inbound

189
00:06:51,270 --> 00:06:52,950
based on this particular router.

190
00:06:52,950 --> 00:06:53,970
Now, let's take a look

191
00:06:53,970 --> 00:06:56,040
at how we can configure the software firewall

192
00:06:56,040 --> 00:06:58,110
included inside the Windows operating system,

193
00:06:58,110 --> 00:07:01,170
known as Windows Defender Firewall with Advanced Security.

194
00:07:01,170 --> 00:07:02,970
To load this up, simply go down

195
00:07:02,970 --> 00:07:05,190
to your Windows key or your Start menu.

196
00:07:05,190 --> 00:07:06,840
Scroll all the way down

197
00:07:06,840 --> 00:07:09,840
to where you see Windows Administrative Tools,

198
00:07:09,840 --> 00:07:11,310
and then scroll down again

199
00:07:11,310 --> 00:07:12,510
once you click on that,

200
00:07:12,510 --> 00:07:15,000
and you will find the Windows Defender Firewall

201
00:07:15,000 --> 00:07:16,203
with Advanced Security.

202
00:07:17,310 --> 00:07:19,740
Once you click on that, it will open.

203
00:07:19,740 --> 00:07:22,530
From here, you can create all of the policies you want,

204
00:07:22,530 --> 00:07:25,140
setting up inbound rules, outbound rules,

205
00:07:25,140 --> 00:07:27,000
monitoring it, et cetera.

206
00:07:27,000 --> 00:07:28,950
Once you have it set just the way you like,

207
00:07:28,950 --> 00:07:31,020
you can actually export that policy,

208
00:07:31,020 --> 00:07:32,280
so you'll have it as a backup

209
00:07:32,280 --> 00:07:34,440
anytime you need to go back to it.

210
00:07:34,440 --> 00:07:36,900
Right now, you can see my domain profile

211
00:07:36,900 --> 00:07:39,660
shows Windows Defender Firewall is off.

212
00:07:39,660 --> 00:07:42,150
My private profile shows that it's on,

213
00:07:42,150 --> 00:07:44,640
and my public profile shows that it's on.

214
00:07:44,640 --> 00:07:46,050
What this means is that,

215
00:07:46,050 --> 00:07:48,330
in my private network and my public network,

216
00:07:48,330 --> 00:07:50,730
I do have the Windows Firewall turned on.

217
00:07:50,730 --> 00:07:52,080
In the private network,

218
00:07:52,080 --> 00:07:54,120
I don't allow any inbound connections

219
00:07:54,120 --> 00:07:55,890
that don't match my rules,

220
00:07:55,890 --> 00:07:57,540
but I will allow outbound connections

221
00:07:57,540 --> 00:07:59,220
that don't match my rules.

222
00:07:59,220 --> 00:08:00,240
In my public network,

223
00:08:00,240 --> 00:08:02,400
I have it set the exact same way.

224
00:08:02,400 --> 00:08:04,230
Now, if I want to change that,

225
00:08:04,230 --> 00:08:07,140
I can go into my inbound rules or my outbound rules

226
00:08:07,140 --> 00:08:09,270
and decide how I want that to be done.

227
00:08:09,270 --> 00:08:11,460
Let's take a look at some of these rules.

228
00:08:11,460 --> 00:08:14,580
For example, we have this one here, which is SSH,

229
00:08:14,580 --> 00:08:16,350
which is Secure Shell.

230
00:08:16,350 --> 00:08:18,120
All of my profiles allow it.

231
00:08:18,120 --> 00:08:19,800
It's enabled for all of them.

232
00:08:19,800 --> 00:08:21,660
It will do an allow action.

233
00:08:21,660 --> 00:08:24,060
And it's going to allow any program to be run

234
00:08:24,060 --> 00:08:25,470
from any address locally

235
00:08:25,470 --> 00:08:29,370
to any address remotely over port 22.

236
00:08:29,370 --> 00:08:30,900
That may be what you want to do,

237
00:08:30,900 --> 00:08:33,179
or it may be something you want to block.

238
00:08:33,179 --> 00:08:35,309
Let's go ahead and look at some other ones.

239
00:08:35,309 --> 00:08:37,440
Down here we have App Installer.

240
00:08:37,440 --> 00:08:41,400
For App Installer, it's allowing it to go any local address

241
00:08:41,400 --> 00:08:43,110
to any remote address,

242
00:08:43,110 --> 00:08:45,270
any protocol, and any port.

243
00:08:45,270 --> 00:08:46,830
This type of an any any rule

244
00:08:46,830 --> 00:08:48,870
allows it to have a lot of ability,

245
00:08:48,870 --> 00:08:50,970
and so this is going to allow a lot of things through

246
00:08:50,970 --> 00:08:52,120
that we might not want.

247
00:08:53,370 --> 00:08:55,950
Now, let's say you have a program that you want add to this.

248
00:08:55,950 --> 00:08:57,720
Maybe you have a new web server on this,

249
00:08:57,720 --> 00:08:59,670
and you're going to run it on port 80.

250
00:08:59,670 --> 00:09:00,573
You can hit New.

251
00:09:01,410 --> 00:09:04,260
You can then select a program, a port,

252
00:09:04,260 --> 00:09:06,300
a predefined, or a custom.

253
00:09:06,300 --> 00:09:07,860
In this case, if it's a web server,

254
00:09:07,860 --> 00:09:10,320
we would want to do it based on port 80.

255
00:09:10,320 --> 00:09:12,090
Then we'll click on Next.

256
00:09:12,090 --> 00:09:15,000
Do we want it for TCP traffic or UDP traffic?

257
00:09:15,000 --> 00:09:17,180
If it's a web server again, it's TCP.

258
00:09:17,180 --> 00:09:19,110
If it's something else that might use UDP,

259
00:09:19,110 --> 00:09:20,280
you could set that up.

260
00:09:20,280 --> 00:09:22,410
And then, what ports is that going to work for,

261
00:09:22,410 --> 00:09:25,080
for all of your local ports or specific ports?

262
00:09:25,080 --> 00:09:28,410
Well, if it's a web server, it, again, should be port 80.

263
00:09:28,410 --> 00:09:30,573
And for secure, port 443.

264
00:09:31,751 --> 00:09:33,090
Then we can go Next.

265
00:09:33,090 --> 00:09:34,680
We can allow that connection.

266
00:09:34,680 --> 00:09:36,540
We can allow the connection if it's secure,

267
00:09:36,540 --> 00:09:37,590
meaning that it has to use something

268
00:09:37,590 --> 00:09:39,810
like a VPN tunnel with IPSec,

269
00:09:39,810 --> 00:09:41,310
or we can block the connection

270
00:09:41,310 --> 00:09:43,230
and not allow any web traffic in.

271
00:09:43,230 --> 00:09:46,020
In our case, we want to allow the connection.

272
00:09:46,020 --> 00:09:47,400
Then we click on Next,

273
00:09:47,400 --> 00:09:49,260
and you can see which of those three networks

274
00:09:49,260 --> 00:09:50,160
it's going to apply to.

275
00:09:50,160 --> 00:09:53,010
I'm going to allow all three of them to have it applied to it,

276
00:09:53,010 --> 00:09:54,460
and then I'll give it a rule.

277
00:09:55,320 --> 00:09:56,463
Jason's Web Server.

278
00:09:58,890 --> 00:09:59,723
And that's it.

279
00:09:59,723 --> 00:10:01,260
Now you can see that Jason's Web Server

280
00:10:01,260 --> 00:10:04,590
is now going to allow traffic from any program,

281
00:10:04,590 --> 00:10:05,940
from any local address

282
00:10:05,940 --> 00:10:08,850
and any remote address over protocol TCP

283
00:10:08,850 --> 00:10:11,520
and on port 80 and 443.

284
00:10:11,520 --> 00:10:15,390
Now, conversely, if I want to block things from getting in,

285
00:10:15,390 --> 00:10:16,740
we would do the exact same thing,

286
00:10:16,740 --> 00:10:19,500
except we would set it up as a block or a deny.

287
00:10:19,500 --> 00:10:21,600
For example, I don't want to allow anybody

288
00:10:21,600 --> 00:10:23,280
to do Telnet into my network

289
00:10:23,280 --> 00:10:25,290
because Telnet is unsecure.

290
00:10:25,290 --> 00:10:27,450
So I would set up a new rule.

291
00:10:27,450 --> 00:10:30,690
And from there, I can block anything on port 23,

292
00:10:30,690 --> 00:10:33,900
which is TCP traffic on port 23.

293
00:10:33,900 --> 00:10:35,310
And then I'll hit Next.

294
00:10:35,310 --> 00:10:37,140
I'll block that connection,

295
00:10:37,140 --> 00:10:39,660
and I'll block it for all three of those networks.

296
00:10:39,660 --> 00:10:41,553
And I'm going to say Blocking Telnet.

297
00:10:44,190 --> 00:10:45,023
And that's it.

298
00:10:45,023 --> 00:10:47,610
You could see how easy it is to set up these rules.

299
00:10:47,610 --> 00:10:49,890
For this exam, you should feel very comfortable

300
00:10:49,890 --> 00:10:51,660
with setting up these type of rules.

301
00:10:51,660 --> 00:10:55,560
If somebody says, I want to block TCP on port 23,

302
00:10:55,560 --> 00:10:56,850
or I want to block Telnet,

303
00:10:56,850 --> 00:10:57,810
then you should be able to say,

304
00:10:57,810 --> 00:11:01,500
I want to block it from this area and let it go to that area.

305
00:11:01,500 --> 00:11:03,330
Now, one more area of the Windows Firewall

306
00:11:03,330 --> 00:11:05,880
that I want to show you is down here in Monitoring.

307
00:11:05,880 --> 00:11:08,310
Down in Monitoring, you can see which profile is active,

308
00:11:08,310 --> 00:11:09,570
as I showed you before,

309
00:11:09,570 --> 00:11:11,580
but you also have access to the log file.

310
00:11:11,580 --> 00:11:12,420
And if you click on that,

311
00:11:12,420 --> 00:11:14,730
you'll be able to see what's currently there.

312
00:11:14,730 --> 00:11:15,960
What is being logged right now?

313
00:11:15,960 --> 00:11:18,660
Is it logging drop packets and successful connections?

314
00:11:18,660 --> 00:11:20,010
Right now, it's not,

315
00:11:20,010 --> 00:11:22,290
but we can change that if we wanted to.

316
00:11:22,290 --> 00:11:25,290
Now, we can also view our active rules.

317
00:11:25,290 --> 00:11:28,110
This, again, brings us back to what those inbound rules are

318
00:11:28,110 --> 00:11:31,320
and seeing which ones are actually active on this profile.

319
00:11:31,320 --> 00:11:32,160
So you'll notice anything

320
00:11:32,160 --> 00:11:34,740
that's all or public is being shown here.

321
00:11:34,740 --> 00:11:38,040
Anything that was just private or domain is not

322
00:11:38,040 --> 00:11:40,980
because they're not active for this particular connection.

323
00:11:40,980 --> 00:11:44,160
Next, we're going to configure a firewall on a Mac machine.

324
00:11:44,160 --> 00:11:47,070
To do that, simply go to the Apple in the upper left corner

325
00:11:47,070 --> 00:11:48,840
and go to System Preferences.

326
00:11:48,840 --> 00:11:52,440
From here, you're going to click Security & Privacy,

327
00:11:52,440 --> 00:11:55,140
and then you're going to click on the Firewall tab.

328
00:11:55,140 --> 00:11:57,480
You can notice that my firewall is on,

329
00:11:57,480 --> 00:12:00,180
but I can't click any of the firewall options right now.

330
00:12:00,180 --> 00:12:02,910
That's because you have to unlock it by clicking the lock

331
00:12:02,910 --> 00:12:05,913
and adding your username and password for the admin account.

332
00:12:07,860 --> 00:12:10,220
Once you do that, you can turn off your firewall,

333
00:12:10,220 --> 00:12:11,820
or you could turn on your firewall,

334
00:12:11,820 --> 00:12:14,460
and you can configure the options.

335
00:12:14,460 --> 00:12:17,460
In here, you can block all incoming connections.

336
00:12:17,460 --> 00:12:19,050
You can see what applications

337
00:12:19,050 --> 00:12:20,430
have been allowed through the firewall.

338
00:12:20,430 --> 00:12:22,740
In my case, Skype and Google Drive

339
00:12:22,740 --> 00:12:25,320
are allowed to have connections into my computer.

340
00:12:25,320 --> 00:12:28,080
And then you can automatically allow built-in software,

341
00:12:28,080 --> 00:12:29,340
meaning Apple software,

342
00:12:29,340 --> 00:12:30,780
to receive incoming connections,

343
00:12:30,780 --> 00:12:32,970
things like iTunes and iMessage.

344
00:12:32,970 --> 00:12:35,760
And you can automatically allow downloaded signed software

345
00:12:35,760 --> 00:12:37,380
to receive incoming connections,

346
00:12:37,380 --> 00:12:39,300
meaning this is software that you trust.

347
00:12:39,300 --> 00:12:41,370
And finally, we have stealth mode.

348
00:12:41,370 --> 00:12:44,880
What stealth mode does is it makes your firewall not respond

349
00:12:44,880 --> 00:12:46,860
and not acknowledge any attempts

350
00:12:46,860 --> 00:12:48,720
from somebody to ping your network.

351
00:12:48,720 --> 00:12:50,700
So if somebody is doing a ping sweep of your network,

352
00:12:50,700 --> 00:12:53,040
my computer is simply not even going to answer,

353
00:12:53,040 --> 00:12:55,770
so you won't know if it's up, down, or even there.

354
00:12:55,770 --> 00:12:58,080
So, how do we add an application to this list

355
00:12:58,080 --> 00:12:59,880
to allow incoming connections?

356
00:12:59,880 --> 00:13:01,950
Well, Mac makes it fairly easy.

357
00:13:01,950 --> 00:13:04,980
You click on the plus sign, you find the application,

358
00:13:04,980 --> 00:13:08,640
for example, my chess application, and then hit Add.

359
00:13:08,640 --> 00:13:10,440
When you do that, it, by default,

360
00:13:10,440 --> 00:13:12,480
is going to allow incoming connections.

361
00:13:12,480 --> 00:13:13,980
Now, if I don't want that anymore,

362
00:13:13,980 --> 00:13:16,260
I could simply click on it and subtract it,

363
00:13:16,260 --> 00:13:18,180
and it won't answer up.

364
00:13:18,180 --> 00:13:20,760
As you can see, you don't have the level of fidelity

365
00:13:20,760 --> 00:13:24,150
that you have on a Windows machine here in a Mac machine.

366
00:13:24,150 --> 00:13:25,590
To get that level of fidelity,

367
00:13:25,590 --> 00:13:28,200
you'd have to use the command-line firewall tools

368
00:13:28,200 --> 00:13:30,990
that are provided, such as PF or IPFW.

369
00:13:31,860 --> 00:13:34,710
So, remember, when it comes to firewall configuration,

370
00:13:34,710 --> 00:13:36,663
you can utilize either a hardware-based firewall

371
00:13:36,663 --> 00:13:38,580
that will protect all the workstations

372
00:13:38,580 --> 00:13:40,350
connected to a firewall subnet,

373
00:13:40,350 --> 00:13:43,050
or you can use an individual software-based firewall

374
00:13:43,050 --> 00:13:46,920
on the workstation itself within Windows, macOS, or Linux.

375
00:13:46,920 --> 00:13:49,500
Either way, the protections that your firewall will provide

376
00:13:49,500 --> 00:13:51,600
is all going to be based on the access control list

377
00:13:51,600 --> 00:13:52,830
and the rules that you configure

378
00:13:52,830 --> 00:13:54,393
when setting up your firewalls.