SlideShare a Scribd company logo

Intro to firewalls

J
Joshua Johnston

Free Geek Class Advanced Topics in Security: Intro to Firewalls ke0crj.wordpress.com

Technology
1 of 36
Download to read offline
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 1 Intro to Firewalls
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 2 The Theory Bit Boring but Pretty Important
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 3 Key Acronyms and Terminology • NIC- Network Interface Card – Physical device used to communicate across networks • Gateway • DNS – Domain Name service – Google • 8.8.8.8 • 8.8.4.4 – OpenDNS • 208.67.222.222 • 208.67.220.220 • 208.67.222.220 • 208.67.220.222 – OpenDNS (Family Shield) • 208.67.222.123 • 208.67.220.123 • DMZ • LAN • WAN • VLAN • Network Diagram
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 4 How an example network diagram with all the previous terms together might fit together
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 5 IP address Schema • Internal – 10.0.0.0 /8 (10.0.0.0-10.255.255.255) – 172.16.0.0/12 (172.16.0.0 -172.31.255.255) – 192.168.0.0./16 (192.168.0.0-192.168.255.255) • External – Basically anything else that’s not reserved. • NAT – How you go from an internal address to an external address 5
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 6 DHCP • The Dynamic Host Configuration Protocol (DHCP)… is controlled by a DHCP server that dynamically distributes network configuration parameters, such as IP addresses, for interfaces and services. – How most networks assign an IP address. • DHCP Reservation- Reserves specific IP’s for specific machines within in the DHCP protocol • Static Assignment- All IP’s are configured by an administrator manually • *Note* if DHCP assignment fails and the IP address is not set manually, the computer will be assign a link-local address: (169.254.1.0-169-254.254.255)
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 7 Ports • A network port is a number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered. – If an IP address is like a street address, the port is like a suite or room number. • Routing Traffic to a specific port – 192.168.0.1:8080 • Port Forwarding: – is a method of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside using a NAT- enabled router. – Was used a lot with video games
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 8 Common ports • 1 ICMP (ping) • 6 TCP • 17 UDP • 47 GRE (PPTP) • 50 ESP (IPSec) • 51 AH (IPSec) Common TCP and UDP Ports • Protocol Port Name • TCP 20/21 FTP • TCP 22 SSH • TCP 23 Telnet • TCP 25 SMTP (E-mail) • TCP/UDP 53 DNS query • UDP 67/68 DHCP (Dynamic IP address configuration) • TCP 80 HTTP (Web) • TCP 110 POP3 (E-mail) • TCP 119 NNTP (Newsgroups) • TCP 143 IMAP4 (E-mail) • TCP 161/162 SNMP • TCP 389 LDAP (Directory service) • TCP 443 HTTPS (Web SSL) • TCP 445 SMB (WANNA_CRY) • TCP 8080 Alternative Web Server Port • TCP 9100 Printer RAW port Look up any port http://www.grc.com/port_XXXX.htm (Where XXXX is the port number)
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 9 Network Devices • Hub - The simplest of these devices. Any data packet coming from one Ethernet port is sent to all other Ethernet ports. Largely obsolete now. • Switch – Connects all devices associated with it on one collision domain. Forwards traffic to only one port based off of address. Works on layer 2 and 3. • Router- Also forwards traffic based off of an address. Can work on the application layer (layer 7). Break up collision domains. Can switch between protocols. Often used as the gateway in a home network. 9
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 10 Firewalls • In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. • Its basically the bouncer, deciding what packets can come dance and which ones cant based off of it’s provided list. 10
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 11 Why Use a Firewall? • It creates a barrier between you and the rest of the internet – Restrict what type of connections you allow into your network and from where. – Can block unwanted content – Create a VPN for use when not at home – Packet inspection – Offers a point to set up additional security tools • As always, defense in depth • Printer Example 11
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 12 What can a Firewall not do? • It cannot stop the installation of malware locally. – i.e. You find a new package of desktop backgrounds you really really want. So you force the download. Maybe you even go around the firewall, or turn off the blocking so you can establish a connection with the site. You download the file and install your new backgrounds. – Oops. That package had some malware on it. – Your firewall might now block the backdoor access you just installed, but it might not against a dedicated attacker. • Also, a mismanaged firewall could create a false sense of security or worse an actual attack vector. 12
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 13 Workshop Bit The Fun Part 13
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 14 How can I set one up? 14
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 15 You could buy one… https://www.netgate.com/products/sg-1000.html 15
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 16 Or build your own! .iso I used: • Freegeek “freakbox” • pfSense ISO (free) • Freegeek NIC card ($10) • Linksys SE1500 ($18.99) 16
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 17 Network Diagram of My Simple Setup Guest/IOT wireless Super Secure Home Wireless (I don’t actually have this part yet) 17
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 18 pfSense Install 18
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 19 pfSense Install 19
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 20 20
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 21 21
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 22 22
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 23 23
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 24 24
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 25 25
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 26 26
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 27 27
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 28 28
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 29 29
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 30 30
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 31 Initial Rule Configuration • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. • https://doc.pfsense.org/index.php/Example_basic_configuration 31
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 32 pfSense Packages • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. 32
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 33 SquidGuard • URL Blocker • Blacklists • https://doc.pfsense.org/index.php/SquidGuard_package 33
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 34 pfBlocker • Country Blocks • https://doc.pfsense.org/index.php/Pfblocker 34
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 35 Useful Troubleshooting Commands • ping • ipconfig (windows)/ ifconfig (linux/unix) • nslookup 35
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 36 Final Tips • Update your system regularly. • There are advanced add-ins you can put on your firewall such as an IDS system like snort or openVPN • Browse through the packages and read the pfSense subreddits/forums for additional tips and tricks not covered in this class! 36

Recommended

OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 

Recommended

OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
Wpa3
Wpa3Wpa3
Wpa3Bhavya Dashora
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?Tom Isaacson
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Breaking SSL using time synchronisation attacks
Breaking SSL using time synchronisation attacksBreaking SSL using time synchronisation attacks
Breaking SSL using time synchronisation attacksjselvi
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Kracking WPA2
Kracking WPA2Kracking WPA2
Kracking WPA2BU - PG Master Computing Conference
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunterAndrew McNicol
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows Vrushank Narola
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksHammam Samara
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapalibuildersreviews
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
Bettercap
BettercapBettercap
BettercapShritesh Bhattarai
 
MITM Attacks with Ettercap : TTU CyberEagles Club
MITM Attacks with Ettercap : TTU CyberEagles ClubMITM Attacks with Ettercap : TTU CyberEagles Club
MITM Attacks with Ettercap : TTU CyberEagles ClubShritesh Bhattarai
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 

More Related Content

What's hot

How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Breaking SSL using time synchronisation attacks
Breaking SSL using time synchronisation attacksBreaking SSL using time synchronisation attacks
Breaking SSL using time synchronisation attacksjselvi
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows Vrushank Narola
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksHammam Samara
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapalibuildersreviews
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Mandeep Jadon
 
MITM Attacks with Ettercap : TTU CyberEagles Club
MITM Attacks with Ettercap : TTU CyberEagles ClubMITM Attacks with Ettercap : TTU CyberEagles Club
MITM Attacks with Ettercap : TTU CyberEagles ClubShritesh Bhattarai
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 

What's hot (20)

How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Aircrack
AircrackAircrack
Aircrack
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Breaking SSL using time synchronisation attacks
Breaking SSL using time synchronisation attacksBreaking SSL using time synchronisation attacks
Breaking SSL using time synchronisation attacks
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-room
 
Kracking WPA2
Kracking WPA2Kracking WPA2
Kracking WPA2
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
Bettercap
BettercapBettercap
Bettercap
 
MITM Attacks with Ettercap : TTU CyberEagles Club
MITM Attacks with Ettercap : TTU CyberEagles ClubMITM Attacks with Ettercap : TTU CyberEagles Club
MITM Attacks with Ettercap : TTU CyberEagles Club
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
 

Similar to Intro to firewalls

OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
ch5-Fog Networks and Cloud Computing
ch5-Fog Networks and Cloud Computingch5-Fog Networks and Cloud Computing
ch5-Fog Networks and Cloud Computingssuser06ea42
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloudshira koper
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshopKathleen Ludewig Omollo
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat ManagementTapas Shome
 

Similar to Intro to firewalls (20)

OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Divyanshu.pptx
Divyanshu.pptxDivyanshu.pptx
Divyanshu.pptx
 
ch5-Fog Networks and Cloud Computing
ch5-Fog Networks and Cloud Computingch5-Fog Networks and Cloud Computing
ch5-Fog Networks and Cloud Computing
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop2015_01 - Networking Session - SPHMMC ICT workshop
2015_01 - Networking Session - SPHMMC ICT workshop
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat Management
 

More from Joshua Johnston

Free geek class on Data privacy
Free geek class on Data privacyFree geek class on Data privacy
Free geek class on Data privacyJoshua Johnston
 
FreeGeek -Cryptocurrency and Blockchain
FreeGeek -Cryptocurrency and BlockchainFreeGeek -Cryptocurrency and Blockchain
FreeGeek -Cryptocurrency and BlockchainJoshua Johnston
 

More from Joshua Johnston (7)

Free geek class on Data privacy
Free geek class on Data privacyFree geek class on Data privacy
Free geek class on Data privacy
 
Holiday scams
Holiday scamsHoliday scams
Holiday scams
 
Wireless v2
Wireless v2Wireless v2
Wireless v2
 
IoT -Internet of Things
IoT -Internet of ThingsIoT -Internet of Things
IoT -Internet of Things
 
FreeGeek -Cryptocurrency and Blockchain
FreeGeek -Cryptocurrency and BlockchainFreeGeek -Cryptocurrency and Blockchain
FreeGeek -Cryptocurrency and Blockchain
 
Holiday scams
Holiday scamsHoliday scams
Holiday scams
 
Home computing security
Home computing securityHome computing security
Home computing security
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

Intro to firewalls

  • 1. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 1 Intro to Firewalls
  • 2. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 2 The Theory Bit Boring but Pretty Important
  • 3. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 3 Key Acronyms and Terminology • NIC- Network Interface Card – Physical device used to communicate across networks • Gateway • DNS – Domain Name service – Google • 8.8.8.8 • 8.8.4.4 – OpenDNS • 208.67.222.222 • 208.67.220.220 • 208.67.222.220 • 208.67.220.222 – OpenDNS (Family Shield) • 208.67.222.123 • 208.67.220.123 • DMZ • LAN • WAN • VLAN • Network Diagram
  • 4. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 4 How an example network diagram with all the previous terms together might fit together
  • 5. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 5 IP address Schema • Internal – 10.0.0.0 /8 (10.0.0.0-10.255.255.255) – 172.16.0.0/12 (172.16.0.0 -172.31.255.255) – 192.168.0.0./16 (192.168.0.0-192.168.255.255) • External – Basically anything else that’s not reserved. • NAT – How you go from an internal address to an external address 5
  • 6. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 6 DHCP • The Dynamic Host Configuration Protocol (DHCP)… is controlled by a DHCP server that dynamically distributes network configuration parameters, such as IP addresses, for interfaces and services. – How most networks assign an IP address. • DHCP Reservation- Reserves specific IP’s for specific machines within in the DHCP protocol • Static Assignment- All IP’s are configured by an administrator manually • *Note* if DHCP assignment fails and the IP address is not set manually, the computer will be assign a link-local address: (169.254.1.0-169-254.254.255)
  • 7. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 7 Ports • A network port is a number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered. – If an IP address is like a street address, the port is like a suite or room number. • Routing Traffic to a specific port – 192.168.0.1:8080 • Port Forwarding: – is a method of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside using a NAT- enabled router. – Was used a lot with video games
  • 8. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 8 Common ports • 1 ICMP (ping) • 6 TCP • 17 UDP • 47 GRE (PPTP) • 50 ESP (IPSec) • 51 AH (IPSec) Common TCP and UDP Ports • Protocol Port Name • TCP 20/21 FTP • TCP 22 SSH • TCP 23 Telnet • TCP 25 SMTP (E-mail) • TCP/UDP 53 DNS query • UDP 67/68 DHCP (Dynamic IP address configuration) • TCP 80 HTTP (Web) • TCP 110 POP3 (E-mail) • TCP 119 NNTP (Newsgroups) • TCP 143 IMAP4 (E-mail) • TCP 161/162 SNMP • TCP 389 LDAP (Directory service) • TCP 443 HTTPS (Web SSL) • TCP 445 SMB (WANNA_CRY) • TCP 8080 Alternative Web Server Port • TCP 9100 Printer RAW port Look up any port http://www.grc.com/port_XXXX.htm (Where XXXX is the port number)
  • 9. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 9 Network Devices • Hub - The simplest of these devices. Any data packet coming from one Ethernet port is sent to all other Ethernet ports. Largely obsolete now. • Switch – Connects all devices associated with it on one collision domain. Forwards traffic to only one port based off of address. Works on layer 2 and 3. • Router- Also forwards traffic based off of an address. Can work on the application layer (layer 7). Break up collision domains. Can switch between protocols. Often used as the gateway in a home network. 9
  • 10. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 10 Firewalls • In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. • Its basically the bouncer, deciding what packets can come dance and which ones cant based off of it’s provided list. 10
  • 11. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 11 Why Use a Firewall? • It creates a barrier between you and the rest of the internet – Restrict what type of connections you allow into your network and from where. – Can block unwanted content – Create a VPN for use when not at home – Packet inspection – Offers a point to set up additional security tools • As always, defense in depth • Printer Example 11
  • 12. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 12 What can a Firewall not do? • It cannot stop the installation of malware locally. – i.e. You find a new package of desktop backgrounds you really really want. So you force the download. Maybe you even go around the firewall, or turn off the blocking so you can establish a connection with the site. You download the file and install your new backgrounds. – Oops. That package had some malware on it. – Your firewall might now block the backdoor access you just installed, but it might not against a dedicated attacker. • Also, a mismanaged firewall could create a false sense of security or worse an actual attack vector. 12
  • 13. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 13 Workshop Bit The Fun Part 13
  • 14. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 14 How can I set one up? 14
  • 15. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 15 You could buy one… https://www.netgate.com/products/sg-1000.html 15
  • 16. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 16 Or build your own! .iso I used: • Freegeek “freakbox” • pfSense ISO (free) • Freegeek NIC card ($10) • Linksys SE1500 ($18.99) 16
  • 17. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 17 Network Diagram of My Simple Setup Guest/IOT wireless Super Secure Home Wireless (I don’t actually have this part yet) 17
  • 18. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 18 pfSense Install 18
  • 19. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 19 pfSense Install 19
  • 20. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 20 20
  • 21. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 21 21
  • 22. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 22 22
  • 23. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 23 23
  • 24. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 24 24
  • 25. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 25 25
  • 26. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 26 26
  • 27. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 27 27
  • 28. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 28 28
  • 29. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 29 29
  • 30. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 30 30
  • 31. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 31 Initial Rule Configuration • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. • https://doc.pfsense.org/index.php/Example_basic_configuration 31
  • 32. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 32 pfSense Packages • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. 32
  • 33. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 33 SquidGuard • URL Blocker • Blacklists • https://doc.pfsense.org/index.php/SquidGuard_package 33
  • 34. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 34 pfBlocker • Country Blocks • https://doc.pfsense.org/index.php/Pfblocker 34
  • 35. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 35 Useful Troubleshooting Commands • ping • ipconfig (windows)/ ifconfig (linux/unix) • nslookup 35
  • 36. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 36 Final Tips • Update your system regularly. • There are advanced add-ins you can put on your firewall such as an IDS system like snort or openVPN • Browse through the packages and read the pfSense subreddits/forums for additional tips and tricks not covered in this class! 36