A firewall may be able to secure the barrier between your private network and the public internet, but it can’t do everything you might expect. Learn how a firewall cannot protect you and why.
- [Instructor] A firewall may be a secure barrier between your private network and the public internet, but it can't do everything you might expect. A firewall by itself won't necessarily have virus protection built into it, for example. Let's look at why to illustrate the point. A traditional firewall works by controlling access through ports at an entry and exit point to a device or network. Ever wonder why you need to configure a port number in your advanced mail settings sometimes to make your email client work? Well, it's because mail is a combination of usually, IMAP and SMTP, though there can be others. IMAP is for receiving and SMTP is for sending. So you could imagine that if there is a mail server being protected by a firewall, it'll be important for the firewall administrator to configure the port for IMAP and the port for SMTP to pass traffic through those ports. Because everyone on the internet has agreed that there will be specific ports associated with IMAP and SMTP, traffic sent to those ports can be defined as being associated with those services. But, in its simplest form, a firewall isn't looking at what is in those packets being sent through those ports. The firewall is just opening or closing the ports based on the rules you set. If some clever person decided to send another kind of traffic through those ports, or, if someone decided to send SMTP, for example, through an unexpected port, the firewall could be used to pass traffic only for devices configured with the uncommon port configuration for that service. As long as the traffic that hits that uncommon open port on the firewall is forwarded to a port on the server that is configured to listen for the right kind of traffic on that port, it all works. In fact, this was, and still is, a technique some mail administrators would use to keep spam from entering their networks. They would close the standard ports for SMTP and custom configure uncommon ports to handle that kind of traffic only for their mail traffic. If the admins can control the devices being used to access mail on their network, everything would work fine, and the custom design would work pretty well at cutting out a common intrusion point onto their network. There're all kinds of tricks you can play with. Services, port numbers, routing, and firewalls. I just want you to understand that a firewall is not a panacea. Just putting a firewall in place and turning it on will not magically protect you from every possible threat. It will, however, give you one of many necessary tools that you can use to protect the information for which you're responsible.
- Designing your network
- Creating firewall schedules and rules
- Setting up a virtual IP
- Using aliases to group hosts
- Preventing local traffic from exiting to the internet
- Using Snort and other intrusion detection systems
- Prioritizing VoIP traffic
- Blocking access to specific websites
- Troubleshooting gaming performance issues
- Interpreting TCP flag definitions