1 00:00:01,017 --> 00:00:04,009 Back in Network+, you learned all about firewalls 2 00:00:04,009 --> 00:00:06,497 and we talked about them from a network perspective 3 00:00:06,497 --> 00:00:08,430 where they were dedicated pieces of hardware 4 00:00:08,430 --> 00:00:10,258 that sat at the edge of your network 5 00:00:10,258 --> 00:00:12,876 and controlled what went in and what went out. 6 00:00:12,876 --> 00:00:14,960 Well, here in Security+, we're going to 7 00:00:14,960 --> 00:00:17,134 talk about personal firewalls. 8 00:00:17,134 --> 00:00:19,540 These are software-based applications 9 00:00:19,540 --> 00:00:22,007 that protect just a single computer or server 10 00:00:22,007 --> 00:00:24,200 from unwanted Internet traffic. 11 00:00:24,200 --> 00:00:27,509 Now, these are also referred to as host-based firewalls. 12 00:00:27,509 --> 00:00:29,915 These firewalls work by applying a set of rules 13 00:00:29,915 --> 00:00:31,661 and policies against traffic that's attempting 14 00:00:31,661 --> 00:00:35,077 to come into or go out of our protected computer. 15 00:00:35,077 --> 00:00:38,055 For example, if there's a computer that's a web server, 16 00:00:38,055 --> 00:00:40,123 then it should be accepting incoming traffic 17 00:00:40,123 --> 00:00:44,236 on port 80 and port 443. But if it's a desktop computer, 18 00:00:44,236 --> 00:00:47,730 there's likely no need for these ports to be left open. 19 00:00:47,730 --> 00:00:50,301 Instead, the firewall should reject any inbound 20 00:00:50,301 --> 00:00:52,713 attempts to access these ports. 21 00:00:52,713 --> 00:00:55,240 Because we're talking about software based firewalls, 22 00:00:55,240 --> 00:00:57,256 we also have to consider what operating systems 23 00:00:57,256 --> 00:01:02,100 are being used, whether it's Windows, Mac OSX, or Linux. 24 00:01:02,100 --> 00:01:05,097 With Windows, we have the Windows firewall. 25 00:01:05,097 --> 00:01:08,417 With OSX, with have PF and IPFW firewalls. 26 00:01:08,417 --> 00:01:10,935 And with we Linux, we have iptables. 27 00:01:10,935 --> 00:01:12,916 First, let's discuss Windows. 28 00:01:12,916 --> 00:01:14,836 In every version of Windows, there's its own 29 00:01:14,836 --> 00:01:18,271 software-based firewall already built in and available. 30 00:01:18,271 --> 00:01:20,189 There's usually two types included. 31 00:01:20,189 --> 00:01:22,020 One is a basic version that's found 32 00:01:22,020 --> 00:01:23,458 within your control panel, and then 33 00:01:23,458 --> 00:01:27,013 there's a more advanced version called the Windows firewall 34 00:01:27,013 --> 00:01:28,852 with advanced security. 35 00:01:28,852 --> 00:01:31,438 This advanced firewall can be accessed by typing 36 00:01:31,438 --> 00:01:33,855 wf.msc at the command prompt. 37 00:01:35,266 --> 00:01:38,829 The basic firewall is useful for most home users, 38 00:01:38,829 --> 00:01:40,386 while the more advanced version is well-suited 39 00:01:40,386 --> 00:01:42,520 for businesses and systems where more in-depth 40 00:01:42,520 --> 00:01:44,469 configurations of your inbound and 41 00:01:44,469 --> 00:01:47,136 outbound traffic is required. 42 00:01:47,136 --> 00:01:50,887 Next, we have Apple's operating system, the OSX, 43 00:01:50,887 --> 00:01:53,919 which has a built-in software firewall for Mac users. 44 00:01:53,919 --> 00:01:56,211 A basic version of the firewall is accessed 45 00:01:56,211 --> 00:01:57,971 through the system preference panel 46 00:01:57,971 --> 00:02:00,900 under the security and privacy panel. 47 00:02:00,900 --> 00:02:03,834 In addition to the graphic user interface-based firewall, 48 00:02:03,834 --> 00:02:05,933 there's also a command line version. 49 00:02:05,933 --> 00:02:09,221 This version is called PF for packet filter. 50 00:02:09,221 --> 00:02:13,176 It's available in OSX 10.10 and higher operating systems. 51 00:02:13,176 --> 00:02:15,889 Packet filter is the name because it's essentially 52 00:02:15,889 --> 00:02:17,733 what a firewall is designed to do. 53 00:02:17,733 --> 00:02:19,271 It filters packets. 54 00:02:19,271 --> 00:02:21,265 In older versions of OSX, there was a 55 00:02:21,265 --> 00:02:23,418 different command line firewall used 56 00:02:23,418 --> 00:02:27,550 called IPFW, which stood for Internet protocol firewall, 57 00:02:27,550 --> 00:02:30,375 but that program was replaced by PF 58 00:02:30,375 --> 00:02:33,834 for most modern versions of the OSX operating system. 59 00:02:33,834 --> 00:02:36,571 Both PF and IPFW are also used in 60 00:02:36,571 --> 00:02:39,069 the FreeBSD operating system, 61 00:02:39,069 --> 00:02:42,199 which is what OSX is actually based on. 62 00:02:42,199 --> 00:02:44,495 Just like Windows and OSX, Linux has 63 00:02:44,495 --> 00:02:46,532 its own built-in firewall too. 64 00:02:46,532 --> 00:02:49,853 In Linux systems, this program is called iptables 65 00:02:49,853 --> 00:02:51,822 and can be configured from the command line 66 00:02:51,822 --> 00:02:53,941 using different accept and reject rules 67 00:02:53,941 --> 00:02:56,031 based upon the type of network traffic 68 00:02:56,031 --> 00:02:58,528 that's expected and the port being utilized 69 00:02:58,528 --> 00:03:00,202 for that communication. 70 00:03:00,202 --> 00:03:01,832 Besides these built-in firewalls for 71 00:03:01,832 --> 00:03:03,660 each of these operating systems, 72 00:03:03,660 --> 00:03:06,064 many anti-malware suites also have their own 73 00:03:06,064 --> 00:03:08,402 software firewalls included too. 74 00:03:08,402 --> 00:03:10,202 For example, if you're using Windows, 75 00:03:10,202 --> 00:03:13,174 you may have a firewall from Symantec, Mcafee, 76 00:03:13,174 --> 00:03:14,272 or Zonealarm. 77 00:03:14,272 --> 00:03:16,411 Software firewalls, like all software, 78 00:03:16,411 --> 00:03:18,084 does need to be updated though. 79 00:03:18,084 --> 00:03:20,097 All software is vulnerable to attack, 80 00:03:20,097 --> 00:03:22,023 and therefore, you need to ensure 81 00:03:22,023 --> 00:03:24,296 your host-based firewalls are regularly 82 00:03:24,296 --> 00:03:26,806 updated with service packs and software updates 83 00:03:26,806 --> 00:03:29,583 to ensure that they remain safe and secure. 84 00:03:29,583 --> 00:03:32,572 Some users don't like using host-based firewalls though 85 00:03:32,572 --> 00:03:34,155 because they do end up using some of 86 00:03:34,155 --> 00:03:36,228 your computer's processing power. 87 00:03:36,228 --> 00:03:38,335 This has to happen so that it can check 88 00:03:38,335 --> 00:03:39,451 all of that network traffic 89 00:03:39,451 --> 00:03:40,986 against each of the rules and policies 90 00:03:40,986 --> 00:03:42,470 that it's been assigned. 91 00:03:42,470 --> 00:03:44,586 Because of this, some organizations, 92 00:03:44,586 --> 00:03:46,731 instead, like to rely on dedicated hardware 93 00:03:46,731 --> 00:03:48,709 and network-based firewalls as their 94 00:03:48,709 --> 00:03:50,911 first line of defense. 95 00:03:50,911 --> 00:03:52,884 In fact, most small office and home office 96 00:03:52,884 --> 00:03:54,606 wireless access points and routers 97 00:03:54,606 --> 00:03:56,711 have a built-in hardware firewall 98 00:03:56,711 --> 00:03:59,528 that can provide protection across the entire network 99 00:03:59,528 --> 00:04:01,264 instead of just relying on each 100 00:04:01,264 --> 00:04:03,612 individual computer's software-based firewall. 101 00:04:03,612 --> 00:04:06,186 That being said, it's still better to run 102 00:04:06,186 --> 00:04:08,384 both a personal software-based firewall 103 00:04:08,384 --> 00:04:10,697 and a network-based firewall to provide you 104 00:04:10,697 --> 00:04:13,136 two layers of protection and help establish 105 00:04:13,136 --> 00:04:17,553 a more fortified defense in depth security strategy.