1 00:00:00,06 --> 00:00:03,02 - [Instructor] A firewall is the most basic form 2 00:00:03,02 --> 00:00:06,00 of defense in network security. 3 00:00:06,00 --> 00:00:11,07 It provides a foundation for your overall network defense. 4 00:00:11,07 --> 00:00:16,00 Therefore, it's critical to clearly understand 5 00:00:16,00 --> 00:00:19,06 what a file is and learning what you can do 6 00:00:19,06 --> 00:00:22,03 to improve your network security. 7 00:00:22,03 --> 00:00:24,02 Before going any further, 8 00:00:24,02 --> 00:00:27,07 let's define some frequently used networking terms 9 00:00:27,07 --> 00:00:29,07 in this course. 10 00:00:29,07 --> 00:00:33,05 Computer network refers to two or more hosts 11 00:00:33,05 --> 00:00:36,02 connected through a communication medium, 12 00:00:36,02 --> 00:00:41,01 like a cable or radio signal to share resources. 13 00:00:41,01 --> 00:00:44,01 We leave out the word computer from now on 14 00:00:44,01 --> 00:00:48,05 in our discussions of computer networks for brevity. 15 00:00:48,05 --> 00:00:51,02 Hosts are any devices in the network 16 00:00:51,02 --> 00:00:53,07 with a unique address. 17 00:00:53,07 --> 00:00:56,09 Packets are messages containing data, 18 00:00:56,09 --> 00:01:00,03 host exchange in a network. 19 00:01:00,03 --> 00:01:04,01 Firewalls restrict the flow of network traffic, 20 00:01:04,01 --> 00:01:07,00 by dropping suspicious attack packets 21 00:01:07,00 --> 00:01:11,08 or accepting seemingly safe packets. 22 00:01:11,08 --> 00:01:15,02 Firewalls also log the details of dropped packets 23 00:01:15,02 --> 00:01:19,02 for a later review by administrators. 24 00:01:19,02 --> 00:01:22,03 The most fundamental feature of a firewall 25 00:01:22,03 --> 00:01:25,06 is filtering the packets. 26 00:01:25,06 --> 00:01:29,03 There are two types of filtering going on in a firewall. 27 00:01:29,03 --> 00:01:32,07 The first type is called ingress filtering, 28 00:01:32,07 --> 00:01:36,06 which filters the incoming packets. 29 00:01:36,06 --> 00:01:39,05 The second type of filtering is referred to as, 30 00:01:39,05 --> 00:01:45,01 egress filtering, which filters the outgoing packets. 31 00:01:45,01 --> 00:01:47,06 Once a packet arrives at a host, 32 00:01:47,06 --> 00:01:52,00 based on its source IP address, the firewall has to decide 33 00:01:52,00 --> 00:01:54,09 whether to drop the packet or forward it 34 00:01:54,09 --> 00:01:59,02 to an appropriate location based on its port number. 35 00:01:59,02 --> 00:02:00,05 To understand the relationship 36 00:02:00,05 --> 00:02:03,06 between port numbers and IP addresses, 37 00:02:03,06 --> 00:02:05,01 you need to know the different types 38 00:02:05,01 --> 00:02:08,08 of addresses used in networking. 39 00:02:08,08 --> 00:02:11,09 The first one is the target host IP, 40 00:02:11,09 --> 00:02:15,05 which is used to reach a destination host, 41 00:02:15,05 --> 00:02:21,04 for example, 10.0.0.1 is a host internet protocol 42 00:02:21,04 --> 00:02:23,05 or IP address. 43 00:02:23,05 --> 00:02:27,05 Please note that the IP address range we use here 44 00:02:27,05 --> 00:02:32,00 is for those used only within a private network. 45 00:02:32,00 --> 00:02:35,05 The second type of address is the port number. 46 00:02:35,05 --> 00:02:38,07 This one is used to reach an application 47 00:02:38,07 --> 00:02:41,04 after a packet arrives at a host. 48 00:02:41,04 --> 00:02:43,07 For example, number 80 is used 49 00:02:43,07 --> 00:02:49,08 for a hypertext transfer protocol or HTTP or web server. 50 00:02:49,08 --> 00:02:53,01 Therefore based on the firewall rules, 51 00:02:53,01 --> 00:02:56,02 if the port is open the packet is forwarded 52 00:02:56,02 --> 00:03:01,01 to a target application on the host. 53 00:03:01,01 --> 00:03:05,09 If the port is closed, the packet is dropped. 54 00:03:05,09 --> 00:03:08,03 I think the relationship between a firewall and ports 55 00:03:08,03 --> 00:03:11,04 it protects is a big step forward 56 00:03:11,04 --> 00:03:15,01 towards mastering the topic of network security. 57 00:03:15,01 --> 00:03:20,00 Congratulations on taking this crucial first step.