Walls of Fire and Network Traffic

What Does "Data" Look Like?

Data is sent across networks in a series of packets.

What Does "Data" Look Like (really)?

Data is sent across networks in a series of packets.

What Does "Data" Look Like (reeeaaaally)?

Data is sent across networks in a series of packets.

Still not sure.....

Let's Look!

Download Me!!!!
https://www.wireshark.org/

What is a Firewall?

A firewall can be either a physical device or piece of software that allows us to set rules on what types of network traffic we allow into our networks or to communicate with hosts(computers/servers) on our network.

Three Main Types of Firewalls

Network Based Firewalls

A network based firewall is usually a physical device placed at strategic locations on the network to allow/deny traffic from entering segments of the network. 

Host Based Firewalls
A host based firewall is usually a virtualized piece of software on a computer/server that will allow/deny network traffic to communicate with services on that machine.

Application Based Firewalls
An application based firewall is a virtualized piece of software that analyzes the contents of a data packet to allow/deny that data to reach the application.

Firewall Rules

Ingress Traffic

Ingress or inbound traffic are data packets that have originated from another location and are targeting a machine on your network. 

Egress Traffic

Egress or outbound traffic are data packets that are originating from a machine on your network and have another destination.

How To: Firewall Rules

Network and host based firewall rules generally filter traffic on a few criteria:

  • Source IP Address
  • Source IP Subnet
  • Destination IP Address
  • Destination IP Subnet
  • Destination Port
  • Protocol
  • Application

In Windows, you can filter by network "type" as well.

How To: Linux Firewall Rules

iptables (kinda)

ufw

$ sudo ufw enable
$ sudo ufw status

Block a single IP:

$ sudo ufw deny from 15.15.15.51 # Block on ALL interfaces
$ sudo ufw deny in on eth0 from 15.15.15.51 # Block only on a single interface

Allow traffic to a certain port:

# Allow all traffic to a single port from a network
$ sudo ufw allow from 15.15.15.0/24  to any port 22 

How To: Linux Firewall Rules

Block outgoing mail:

$ sudo ufw deny out 25,587

Allow traffic to a certain port:

# Allow only tcp traffic to a single port from a network range
$ sudo ufw allow proto tcp from 15.15.15.0/24 to any port 22 

Default Policies:

$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming

NOTE: This could lock YOU out too...

How To: Windows Firewall

How To: Windows Firewall 

Select Program or Ports and finish steps

practice!

Walls of Fire and Scanning Networks

By Jason Sewell

Walls of Fire and Scanning Networks

  • 2,082