1
00:00:00,730 --> 00:00:05,350
Firewalls are arguably one of the best methods of protecting your computer.

2
00:00:05,680 --> 00:00:07,660
Yet very few people understand them.

3
00:00:08,020 --> 00:00:13,720
I will suggest that the reason for this is because Microsoft does a pretty good job of implementing

4
00:00:13,720 --> 00:00:16,720
firewalls within their Windows operating system.

5
00:00:17,980 --> 00:00:26,290
Windows firewalls has been part of the operating systems since its introduction in Windows XP Service

6
00:00:26,290 --> 00:00:26,830
Pack two.

7
00:00:27,130 --> 00:00:33,190
And over time, its functional functionality has increased as a basic description.

8
00:00:33,190 --> 00:00:40,420
Their firewall is designed to either allow or deny network traffic based upon a sort of defined criteria.

9
00:00:41,790 --> 00:00:50,250
So these criteria could be a predefined set of default rules or called the use of created or even combination

10
00:00:50,250 --> 00:00:50,880
of two.

11
00:00:51,690 --> 00:00:55,740
These rules are often referred to as access control entries.

12
00:00:55,830 --> 00:01:06,330
AC and group of them form an access control list ACL, so these criteria could then be applied to outpoint

13
00:01:06,330 --> 00:01:11,400
or egress, trafficked or inbound or increase traffic.

14
00:01:11,910 --> 00:01:17,100
So understanding that a rule can be applied in each direction is important to know.

15
00:01:17,100 --> 00:01:23,400
For example, you may be troubleshooting a connectivity problem between two devices so you won't use

16
00:01:23,400 --> 00:01:25,080
the commonly used I.

17
00:01:25,080 --> 00:01:28,020
S MP tool known as ping signs.

18
00:01:28,440 --> 00:01:33,330
Um, I can be used for malicious purposes and Windows Firewall looks.

19
00:01:33,330 --> 00:01:41,730
It's by default, so you are aware of this and enable and uh and outbound rule to load the traffic out,

20
00:01:41,940 --> 00:01:43,680
but you get no responses back.

21
00:01:43,920 --> 00:01:49,890
This is very likely due to an important rule preventing ICMP traffic back into your PC you.

22
00:01:50,670 --> 00:02:00,270
So in this screenshot, we can see the result of two attempts to ping the IP address 8.8.8.8, which

23
00:02:00,270 --> 00:02:07,140
belongs to the Google's public DNS server and is commonly used by I.T. support staff to test connectivity

24
00:02:07,140 --> 00:02:07,890
to the internet.

25
00:02:08,250 --> 00:02:13,710
So we can see that the ping command at the beginning of this screenshot is useful.

26
00:02:14,340 --> 00:02:21,630
A successful action before running the command the second time I enabled, uh, outpoint firewall,

27
00:02:22,260 --> 00:02:25,260
a rule that blocks ICMP traffic.

28
00:02:25,500 --> 00:02:31,470
As you can see here, the second command does not elicit the same result as the first one.

29
00:02:36,030 --> 00:02:40,980
So a number of firewalls reach for their rules in a sequential manner.

30
00:02:41,190 --> 00:02:48,780
So they read the rules in order until they find one that matches and then apply that rule and doesn't

31
00:02:48,780 --> 00:02:50,550
carry out any further processing.

32
00:02:50,820 --> 00:02:53,640
So what problems called arise from this?

33
00:02:56,740 --> 00:02:57,700
So we have two.

34
00:02:58,060 --> 00:03:00,250
Let's look at the absolute firewall rules.

35
00:03:00,490 --> 00:03:08,860
So the first rule is block all inbound traffic from an IP address between ten point zero points 0.1

36
00:03:08,860 --> 00:03:11,500
and ten point zero point zero point ten.

37
00:03:12,180 --> 00:03:19,360
And the second rule is a low all inbound traffic from at just ten point zero point zero point five.

38
00:03:19,690 --> 00:03:25,270
So the firewall will look for a match for rule, a rule of one first.

39
00:03:25,690 --> 00:03:30,540
And if no one's found it, will then move on to check it out.

40
00:03:30,550 --> 00:03:37,960
Rule two If a match was found against Rule one, then it will the world look traffic and not even look

41
00:03:37,960 --> 00:03:38,740
at Rule two.

42
00:03:39,250 --> 00:03:41,110
So that's a real and good.

43
00:03:41,110 --> 00:03:46,780
But what happens to any in that traffic from ten point zero point zero point five?

44
00:03:47,200 --> 00:03:53,980
Despite that, others explicitly being a law to the at the rule tool, it matches a certain criteria

45
00:03:53,980 --> 00:03:54,790
at Rule one.

46
00:03:54,970 --> 00:03:56,380
So it would be blocked.

47
00:03:56,770 --> 00:04:01,370
So a better way of doing this will be to reverse the order of the rule.

48
00:04:01,420 --> 00:04:09,670
So the first rule will be a law all in one traffic from IP address ten point zero point zero point five.

49
00:04:09,940 --> 00:04:16,900
And the second rule will block all inbound traffic from an address from an IP address between ten point

50
00:04:16,990 --> 00:04:20,920
zero points 0.1 and ten point zero point zero point ten.

51
00:04:21,790 --> 00:04:28,390
So by reversing the rules and inbound traffic from ten point zero points, zero point five will be received

52
00:04:28,390 --> 00:04:31,540
by the firewall and cooperate against Rule one.

53
00:04:31,840 --> 00:04:38,620
So in this case, rule one is a match, so the traffic is allowed and Rule two never gets checked.

54
00:04:39,370 --> 00:04:46,180
So Windows Firewall is an example of host based firewall, so a host based firewall is one that is either

55
00:04:46,180 --> 00:04:50,250
built into the operating system or installed on the device.

56
00:04:50,260 --> 00:04:57,310
So, uh, the limitation of this is that you need to configure the firewall on each device and it only

57
00:04:57,310 --> 00:04:59,050
protects that device.

58
00:04:59,380 --> 00:05:05,290
So, you know, one saving grace if you are in a domain environment, is that you can deploy these settings

59
00:05:05,290 --> 00:05:11,710
to each machine using group policy project object actually not project and network based firewall,

60
00:05:11,950 --> 00:05:18,910
on the other hand, provides protection to all of your networks and monitors traffic going in and out

61
00:05:18,910 --> 00:05:19,630
of the network.

62
00:05:19,900 --> 00:05:25,150
So this may be true the dedicated hardware device or the future on another network device, such as

63
00:05:25,150 --> 00:05:31,870
a writer in an organization, you may find network based firewalls are in operating operation between

64
00:05:31,870 --> 00:05:36,910
your own networks and not just between your internal network and the outside world.

65
00:05:38,500 --> 00:05:45,280
So reading to them, as you can see in the screenshot, you may be thinking that the network based firewalls

66
00:05:45,280 --> 00:05:48,790
is a better of the two as it protects the entire network.

67
00:05:49,030 --> 00:05:53,770
However, now I will, uh, write some diagram here.

68
00:05:54,050 --> 00:05:58,480
Well, let's open our diagram of the Are you here?

69
00:06:00,190 --> 00:06:00,870
Can you see it?

70
00:06:01,440 --> 00:06:01,800
Yes.

71
00:06:03,240 --> 00:06:05,180
All that increase the size and the bit.

72
00:06:06,420 --> 00:06:06,690
Here.

73
00:06:14,390 --> 00:06:17,120
So you can see here, so the upon that.

74
00:06:17,150 --> 00:06:19,520
So let's go to new pitch here.

75
00:06:20,510 --> 00:06:29,480
So now I will create a firewall diagram here for better understanding and illustration.

76
00:06:30,170 --> 00:06:37,280
So let's create we need for, uh, for this, we need actually to come to Rome Firewall and one closed

77
00:06:37,280 --> 00:06:38,600
and one router.

78
00:06:39,230 --> 00:06:41,990
So here let's create that diagram.

79
00:06:42,320 --> 00:06:44,780
And like here.

80
00:06:46,430 --> 00:06:48,800
So this will be our comfortable on.

81
00:06:51,350 --> 00:06:53,630
He is home preacher a.

82
00:06:55,640 --> 00:07:00,690
And this will be our computer will be computer we.

83
00:07:02,820 --> 00:07:03,180
Yes.

84
00:07:05,440 --> 00:07:11,410
So these two computers connect to charter routers.

85
00:07:11,440 --> 00:07:11,830
Yes.

86
00:07:13,740 --> 00:07:18,120
For example, like that, so it is computers connected to disrupters.

87
00:07:19,980 --> 00:07:20,490
One.

88
00:07:22,250 --> 00:07:23,300
Two of.

89
00:07:34,290 --> 00:07:34,620
Yes.

90
00:07:34,960 --> 00:07:35,610
One two.

91
00:07:38,970 --> 00:07:39,240
Yeah.

92
00:07:40,080 --> 00:07:48,210
And these rioters, these rioters connects to firewall network based firewall.

93
00:07:53,450 --> 00:07:54,680
For example.

94
00:08:05,160 --> 00:08:05,450
Yes.

95
00:08:05,790 --> 00:08:07,620
So this is the network based firewall.

96
00:08:09,900 --> 00:08:11,790
Network based.

97
00:08:13,740 --> 00:08:14,900
Just prior to.

98
00:08:16,960 --> 00:08:17,800
It'll make it.

99
00:08:19,650 --> 00:08:23,910
And so this rather connects to this network based firewall here.

100
00:08:24,720 --> 00:08:27,810
Oh, that's actually decrease the size of it.

101
00:08:28,720 --> 00:08:32,140
And these firewall calls to internet.

102
00:08:34,160 --> 00:08:34,760
Lieutenant.

103
00:08:38,350 --> 00:08:39,940
Yes, internal.

104
00:08:45,580 --> 00:08:45,980
It's right.

105
00:09:02,940 --> 00:09:03,260
Okay.

106
00:09:04,820 --> 00:09:06,830
But his firewall then goes to internet.

107
00:09:09,100 --> 00:09:17,020
So, uh, as you can see in this diagram, you may be thinking that network based firewall is the better

108
00:09:17,020 --> 00:09:19,450
of the two as it protects the entire network.

109
00:09:19,820 --> 00:09:22,870
However, look at this diagram here.

110
00:09:23,350 --> 00:09:25,660
So I actually let me.

111
00:09:26,830 --> 00:09:27,470
Watch this.

112
00:09:27,510 --> 00:09:28,900
Is this recording, yes.

113
00:09:29,590 --> 00:09:33,340
So however, look at this tiger stall.

114
00:09:35,110 --> 00:09:40,710
As you can see here and pay particular attention to the placement of the firewall here.

115
00:09:41,880 --> 00:09:45,550
So it's only inspecting traffic that transmits trotted.

116
00:09:45,570 --> 00:09:54,300
But what will happen if a computer age here is compromised from attacking computer B, if this comes

117
00:09:54,300 --> 00:09:57,550
after a attacks who come to be?

118
00:09:57,570 --> 00:09:58,500
Then what happens?

119
00:10:00,000 --> 00:10:07,200
So, so is host based firewall better, so it will certainly prevent the present you where computer

120
00:10:07,470 --> 00:10:10,230
a year attacks to come to me.

121
00:10:12,940 --> 00:10:13,570
So but.

122
00:10:16,010 --> 00:10:20,570
It's certain to prevent the present and gives you very comfortable I attack comfortably, of course,

123
00:10:20,570 --> 00:10:25,670
but it leaves your network susceptible to an attack from outside.

124
00:10:26,450 --> 00:10:31,310
So then internet can attack to your comfort or comfortably without justifiable.

125
00:10:35,360 --> 00:10:41,150
So you may be thinking that's OK, because the host base firewalls will protect the system, but this

126
00:10:41,150 --> 00:10:47,120
may be correct for some systems, but not all network devices have the capability to have a host based

127
00:10:47,120 --> 00:10:47,690
firewall.

128
00:10:48,140 --> 00:10:56,780
A lot of Internet of Things do our Internet of Things devices are a prime example of this because of

129
00:10:56,780 --> 00:10:57,160
this.

130
00:10:57,390 --> 00:11:05,950
It's recommended to any network you run has bought host based and network based firewalls to provide

131
00:11:06,050 --> 00:11:08,420
what is known as defense in depth.

132
00:11:10,110 --> 00:11:10,680
So.

133
00:11:11,840 --> 00:11:17,900
Careful consideration needs to take place in respect of positioning the network based firewalls to ensure

134
00:11:18,230 --> 00:11:26,510
that there is no gaps and there is no gaps, and to allow you to play your roles out particularly.

135
00:11:27,580 --> 00:11:27,970
So.

136
00:11:29,200 --> 00:11:35,620
Actually, in next lecture, we will create, um, actually we will cover the various different types

137
00:11:35,620 --> 00:11:40,120
of firearms in more detail in next, uh, in this course, actually.

138
00:11:40,120 --> 00:11:44,500
But for now, I would like to look at the built in Windows firewall.

139
00:11:44,500 --> 00:11:50,410
So in next lecture, we will, um, create and edit our built in Windows Firewall.

140
00:11:50,530 --> 00:11:52,120
So I'm waiting on this lecture.