Configuring Firewalls
(OBJ 4.5)
Firewalls and Access Control Lists (ACLs)
- Firewalls
- Dedicated devices for using Access Control Lists (ACLs) to protect networks
- Access Control Lists (ACLs)
- Essential for securing networks from unwanted traffic
- Consist of permit and deny statements, often based on port numbers
- Rule sets placed on firewalls, routers, and network infrastructure devices that permit or allow traffic through a particular interface
- Control the flow of traffic into and out of networks
- May define quality of service levels inside networks but are primarily used for network security in firewalls
Configuring ACLs
- A web-based interface or a text-based command line interface can be used
- The order of ACL rules specifies the order of actions taken on traffic (top-down)
- The first matching rule is executed, and no other ACLs are checked
- Place the most specific rules at the top and generic rules at the bottom
- Some devices support implied deny functions, while others require a "
deny all" rule at the end - Actions taken by network devices should be logged, including deny actions
ACL Rules
- Made up of some key pieces of information including
- Type of traffic
- Source of traffic
- Destination of traffic
- Action to be taken against the traffic
Firewall Types
-
Hardware-Based Firewall
- A dedicated network security device that filters and controls network traffic at the hardware level
- Commonly used to protect an entire network or subnet by implementing ACLs and rules
- Configuring steps:
- Go to "Security"
- Go to "Block Services"
- Select frequency (schedule, never, always)
- Select protocol, port, and TCP/UDP
- Select single IP address, an IP address range, or all IP addresses
- Click "Apply/Add"
- This will add a rule to the firewall
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250710212015.png)
- This is for things going out to the internet
- Inbound stuff is probably located at the "Port Forwarding" tab
- Same process, just select where to forward a specific service traffic
-
Software-Based Firewall
- A firewall that runs as a software application on individual devices, such as workstations
- Utilizes ACLs and rules to manage incoming and outgoing traffic, providing security at the software level on a per-device basis
- Configuring steps for Windows Firewall:
- Look for the Windows Defender Firewall application and run it
- Set Private Profile or Public Profile
- You will see all rules listed
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250710211653.png)
- Hit "New Rule" to set a new rule
- Select TCP/UDP, and list ports to be allowed
- Select if allow the connection, allow the connection if its secure, or deny the connection
- Give it a name
- In "Monitoring" you can see which Profile is active and what is being logging, as well as view active rules
- Configuring steps for MacOS Firewall:
- Hit the Apple icon on the upper left corner, select "System Preferences..."
- Go to "Security & Privacy"
- Click on the "Firewall" Tab
- Unlock it by giving admin credentials
- Once you do that you can turn on/off and configure it
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250710212239.png)
- Once you do that you can turn on/off and configure it
- In case you are wandering, Stealth mode makes your firewall not respond and not acknowledge any attempts from somebody to ping your network.
- Not even gonna answer so you won't know if its up or down.
- Click on the "+" sign to find an application, it by default allows incoming connections
- You do not have the level of fidelity that you have in Windows unless you use the command line tools.
Key Takeaway
- Firewalls use ACLs to control network traffic, ensuring security by specifying permitted and denied actions
- Proper ACL configuration and rule order are crucial for effective network protection