When it comes to IT security, a good network firewall isn't a good idea. It's a necessity. So in this episode, what I want to do is cover network firewalls. Now keep in mind, the security plus exam is not going to ask you what steps do you go through to configure a Cisco firewall, but it is going to ask you conceptual questions on what are some of the big things we do with firewalls. So to do that, I've actually got myself a net gear cable modem firewall here. Now it's, it's considered a Soho, but it's actually a very high end router with a built in firewall.
And I'm not even going to plug it into the internet, we're just going to go ahead and set up the firewall on this. So it's graphical, but don't let the pretty graphics fool you. This is a powerful little system. So what I've got is I've got it plugged in. And I've got a cable running into my desktop down here and here's my monitor and keyboard. And we're going to go ahead and configure this guy.
So like most of these, they come by default With a fixed IP address, in this particular case, it's 192 168, zero dot one, which are even nice enough to document on the bottom of this with a built in username and password that I've already gone ahead and change. So to configure this particular guy, I'm just going to open up a web browser to 192 168 zero dot one I've already logged in. So let's see what we need to do. Now, if you take a look, it took me a while to find this. But the settings for most of the firewalls are right here under security. We're also going to see that there's a few other settings in a little bit different place.
And we're going to talk about those in just a moment. The number one thing we need to talk about when we talk about firewalls are stateful versus stateless firewalls. A stateless firewall will go ahead and filter and block stuff, no matter what the situation. If I set up a firewall to always block Port 197. I don't know what that is. That is an example of a stateless file.
Firewall. So all of these rules that we set up, we can block based on IP address, we can block based on words that are coming in or out of a particular connection, we can block on time of day. So all of these types of blocks are going to be stateless firewall settings. And we store all of this information into a database, a file known as an access control list. Now, access control lists appear all over the world of IT security, but they certainly show up in every firewall there is out there. Now also keep in mind as we go into this is that every one of these firewalls has a different screen, the information is always there, but you're always having to poke around and figure out where the heck do I do one thing or another.
So what we're going to do first of all, we're going to set up some stateless settings in here. But then the other thing we're going to do is we're going to set up stateful settings. A stateful firewall doesn't really have an access control list per se, a stateful firewall Looks at what's going on and then makes a decision on what it's going to do. For example, if we start getting a lot of pings coming into this system, it's going to go, Hey, there is a lot of pings here, I'm going to start blocking pings, or it will sit there and see that there's a bunch of commands requests coming in for a particular web page. And they're malformed. So he'll sit there and go, Oh, I'm getting too many malformed packets, and he'll go ahead and start blocking this stuff.
So a stateful firewall is a much more complicated tool than a stateless firewall. In most of these little Soho routers, they reduce it to Little things like saying disable port scanning or something like that. And in that case, what you're doing is actually turning on or off the stateful firewall. You know what, let's go ahead. I got the stateful stuff up. Let's start with that.
So if you take a look right here, and by golly it was underway and set up who to thought there's actually some setting on here for a stateful firewall. Number one, it says disable ipv4 fire wall protection. If I check this, I'm in essence turning off the stateful firewall for that particular type of stuff, ipv4, you'll also notice that it has disabled port scan and denial of service protection. If I check this, I'm turning off that aspect of the stateful firewall. Now this one's actually kind of interesting because it actually has a very powerful stateful firewall built in, but it doesn't give you a lot of control, because it pretty much turns it on and runs. But you'll see on a lot of firewalls that will say things like block ICMP, what they're doing there mainly is they don't want anybody to be able to ping you or things like that.
So these are all good examples of stateful firewall, so for the most part, on almost all firewalls including some of the higher end ones, you either just turn it on or turn it off. Now stateless is a different animal altogether. stateless is going to be based on what your needs are for that particular network. So let's head over here. And let's see what we can do. On this particular guy, you'll see it says access control.
So it wants the password again, no problem. So you'll see that right now it's turned off. So I'm going to turn on access control. And you'll see it says, allow all new devices to connect, or block all new devices from connecting, if I were to block all new devices from connecting, first of all, nobody would get out. But what we're doing is what's known as an implicit denied. And we talked about implicit deny in other episodes, but in a very different way.
In this particular case, we're talking about a firewall. In essence, nobody can do anything unless I'm on this screen and say, oh, okay, I'll let them through. So in this particular case, I'm going to just leave it as allow all new devices to connect. And then that way, I can go ahead and start selectively making blocks, I can block on IP address, I can block on Mac address. And I could just keep adding on to this. In fact, if you take a look on the screen, you'll see it's already got.
This is my machine right here that I'm working on. And he's already got it in there. So if I wanted to, I could go ahead and block myself, which would make for a very uninteresting episode. Or I could just leave it as it is and allow it. Next is blocked sites. And in this particular case, what it's talking about is I can type in anybody that I don't want you to be able to get too high, like everybody, how about YouTube?
So I want to I can just type this in. And now No one's going to be able to get to YouTube. So that would be one example of the things I could block but it actually works pretty good. So let's make sure that's turned on. There we go. So now that I've got it turned on, and I could also talk In any type of keyword, as it sees information coming through, they can actually block on that.
Now keep in mind, on this particular situation, especially for webpages, if it says here secure webpage, he's not going to be able to see any of that information. So it doesn't do a whole lot of good in terms of being able to handle that. Also, we can come down here and allow trusted IP addresses. So for example, there are certain machines that I'm using for maintenance and management of this guy, I could type in that IP address. And despite what the blocks are, that one machine or multiple machines will always be able to get through. Next is block services.
And when we talk about the idea of access control list, this is usually what people are talking about. So I'm going to turn on services blocking, and let's block something. So it has user defined but if there's a particular service that you want to stop, you can find it in here. So let's say I don't want anybody using FTP So you'll see that it presets itself for blocking ports, 20, and 21. And that's really all we're doing here. It's a convenient list to allow you to build an access control list without necessarily knowing exactly how that all works, but I like it.
So we'll leave it as it is. And you'll see I can block anybody on my network, I can block a range, or I can block one particular person. So let's go ahead and add FTP. And you'll see I've got that added. Now I can have lots more In fact, access control lists often have lots of lots of these. So we're going to do user defined this time a TCP protocol.
I want to stop people from using their steam servers. not familiar with steam, you don't play online games I do. So what I'm doing as I'm blocking a range of port numbers, and I'm going to put steam in here Again, I can set it for everybody. So you'll see what I'm doing is I'm building up an access control list. This is pretty and it works well. In a more enterprise type firewall access control lists can be very, very complicated.
So let me show you a picture of an access control list for enterprise level Cisco router. Now, this is my idea of a big hairy access control list. So while we may not be super familiar with what all this means, you'll notice that it has port numbers in there. And you'll notice that IPS are in there. So it's actually giving you the same information we're doing right here. But this is more of a robust setup.
And there's no pretty graphical front end for this guy. you're typing that stuff in manually. The last thing I want to show you on a firewall, but the second The last thing is scheduling. So what I can do is I can set up different schedules to do different things. Like if I want to, I can Block anybody from playing any Steam games, from nine to five, but I like playing steam. So after work, I want me in the folks to get together.
And let's play some Age of Empires or whatever it might be. So I can use scheduling tools that will allow me to tweak my access control list, so that I can handle exactly when people are doing certain things or not doing certain things. And last, here we go is email. One of the problems that you have with firewalls is that you're not aware of what a firewall is doing. Now, all firewalls are going to have some kind of login here. Let's see if I can find it on here.
So they all have some form of log that is going to be keeping track of stuff and you can set up these logs to do whatever you want. And you'll see it's like login failures people are trying to get in. If it's passing out DHCP. If you look at the clicks at the bottom, you can actually set up what it's going to show or not show. And logs are great and they're important, but the only way by default, I can get to this log is by actually opening up this web page and going into the router itself. So usually what I'm going to prefer to do is I'm going to let the system email me.
So I like to use these types of tools. On these home routers, they're very, very popular. And you can set up pretty much any firewall system to do things like send you text messages, or depending on you can set levels of importance and say, Well, if it's a level one importance, then go ahead and text me. Otherwise, if it's two through five, just send me an email at the end of the day. And these types of tools become very, very important. All right, so this is just one type of firewall that you have out there.
Make sure that you're comfortable with the idea of a stateful versus stateless. Also keep in mind that when we're talking about firewalls, there is another type of firewall that people often get confused with these types. of network based firewalls. And that is an application based firewall. An application based firewall is designed to protect an application. Probably one of the most famous types of applications that we firewall are web applications.
And what I can do is set up a firewall in front of a web server that's actually protecting just the web server itself, because there's so many unique attacks that they only go for that particular type of application. So a network firewall like this is designed to protect everybody in a network, whereas an application based firewall is usually in front of a web server or something like that. And it's designed to protect just that application.