Hey what's up guys welcome to CertBros.
In this video we're going to be talking about firewalls. What they are, what they
do, and also the difference between traditional and next-gen firewalls. So
first what is a firewall? If you drive or you're into cars then
you may be familiar with the term. If your engine explodes and catches fire
there is something called a firewall that separates and shield you from the
burning hot flames and network firewalls work in the same
way Let's take this basic network as an
example. We have two hosts a switch and a router. Because you as a company or as an
admin has control over these devices, policies, antivirus, etc, it's reasonable
to consider this as a trusted network But we have zero control over the
devices and networks outside of our own So it's fair to consider these as
untrusted networks Now while most of the world is full of
good intentioned trustworthy people there are a huge number of bad guys out
there looking to take down your systems and get their hands on your heart and
money With routers generally having minimal
security features, you can quickly be at the mercy of the attackers. This is where
firewalls come in. Firewalls are designed to shield and protect our trusted
networks from the untrusted. The idea is that a firewall will block all of the
bad traffic from the attackers while at the same time they'll allow normal flow
for good traffic So let's look at how firewalls achieve
this. Most firewalls by default block everything. It doesn't matter if it's
traffic leaving the network or traffic entering the network everything is
blocked. The way we allow traffic to pass the file without being blocked is by
adding something called firewall rules For example, we may add a rule where the
source is host A the destination is any because we're not going to add a list of
every possible web server, and the port is HTTP or HTTPS and we'll set the action
to allow. The exact firewall rule format will vary from vendor to vendor. Now, when
host A sends traffic the firewall will see this and think are you from host A?
yes. Are you going to 'any' IP address? yes are you using port HTTP? Yes. Okay you are
allowed. And it lets the traffic through If host B tries to send traffic the
firewall checks its rules, sees that there are no matching rule and blocks
the traffic. So now let's add a rule for host B. Source, host B, destination 'any'
Port, this time we'll choose 'any' port, not a recommended rule but it will do for
the sake of the example. Action allow Both host A and host B can send traffic
through the firewall So that's traffic leaving the network,
but what about traffic entering the network?
Well it's a good idea to block all traffic from external sources. The only
exception is in special cases where you need to open up access for say VPN
servers, email servers and web servers but if you do this they should be
tightly controlled by the firewall rules But this poses a bit of an issue for us.
Let's say we request a web page, the firewall checks our rules and allows the
traffic through at some point that web server is going
to respond right but if the firewall doesn't allow inbound traffic what does
it do? Well, most firewalls are something called
stateful firewalls. Stateful firewalls monitor active connections. This means
that once outbound traffic has been allowed, the returning traffic is then
accepted. This is great because we don't need to add separate outgoing rules and
separate incoming rules. Okay so everything we've just discussed so far
is known as a traditional firewall. It mostly uses firewall rules to block or
allow traffic based on a number of things like IP address, port number etc.
Now, next-generation firewalls take the same methods but then they enhance them
with more in-depth security features Quick warning, there are a lot of
buzzwords out there and next-gen firewall is definitely one of them.
Different vendors will have slightly different meanings and features to what
a next-gen firewall is or what theirs does but generally speaking this is what
a next-generation firewall should include. Application level inspection so
the firewall can identify and block risky application traffic. Intrusion
prevention systems or IPS IPS will inspect the contents of the
traffic and look for patterns or signatures. It's looking for malicious or
malware-related traffic. IPS can also detect anomalies and unusual traffic External threat intelligence.
Next-generation firewalls can update themselves from external threat
intelligence sources. So if a brand-new attack has been identified, the vendor
can update the firewalls threat intelligence to be able to identify this
new emerging threat There are a huge number of features that
firewalls can offer. Things like URL filtering, email scanning, data loss
prevention or DLP and the list goes on and on firewalls that have features like
these are often known as UTM s or unified threat management. The idea is
you have a single appliance that unifies all of these security features. So that
is how a network firewall works, but you may have seen another type. Computers can
also have software based firewalls For example the Windows Firewall is
built-in and it uses the same rule based methods such as port, destination and
source IP address. So you might be thinking why have a network and an
endpoint firewall? I like to think of it like a house. If you lock all of your
internal doors would you be happy to leave the front door wide open and let
the bad guys or wonder your halls? Probably not. Having a firewall both on
the network and the endpoint is important when creating a layered
security posture. If something gets past the network firewall the endpoint
firewall is there to catch it. Also, what if the attack comes internally?
The network firewall doesn't see the traffic but the endpoint firewall does. That's it
for firewalls, this video is part of our full CCNA course which can be found in
the description, so please feel free to go and check that out.
If you liked this video don't forget to give it a thumbs up, leave a comment and
subscribe. The support from you guys really helps this channel grow. Other
than that, thank you for watching.
