1

00:00:00,140 --> 00:00:02,430

<v ->In this video, I'm going to show you how to configure</v>



2

00:00:02,430 --> 00:00:04,810

the Windows Firewall and the Mac Firewall.



3

00:00:04,810 --> 00:00:07,750

So, whichever system you're using, you'll know how to do it.



4

00:00:07,750 --> 00:00:09,630

Let's start with the Windows Firewall.



5

00:00:09,630 --> 00:00:11,520

We're going to use the Windows Defender Firewall



6

00:00:11,520 --> 00:00:12,910

with Advanced Security.



7

00:00:12,910 --> 00:00:15,360

To load this up, simply go down to your Windows



8

00:00:15,360 --> 00:00:18,580

key or your start menu, scroll all the way down



9

00:00:18,580 --> 00:00:20,974

to where you see Windows Administrative Tools,



10

00:00:20,974 --> 00:00:24,230

and then scroll down again, once you click on that,



11

00:00:24,230 --> 00:00:26,750

and you will find the Windows Defender Firewall



12

00:00:26,750 --> 00:00:28,720

with Advanced Security.



13

00:00:28,720 --> 00:00:31,480

Once you click on that, it will open.



14

00:00:31,480 --> 00:00:34,300

From here, you can create all of the policies you want,



15

00:00:34,300 --> 00:00:36,900

setting up inbound rules, outbound rules,



16

00:00:36,900 --> 00:00:38,760

monitoring it, etc.



17

00:00:38,760 --> 00:00:40,700

Once you have it set just the way you like,



18

00:00:40,700 --> 00:00:42,760

you can actually export that policy



19

00:00:42,760 --> 00:00:44,450

so you'll have it as a backup anytime



20

00:00:44,450 --> 00:00:46,180

you need to go back to it.



21

00:00:46,180 --> 00:00:48,660

Right now, you can see my domain profile



22

00:00:48,660 --> 00:00:51,410

shows Windows Defender Firewall is off.



23

00:00:51,410 --> 00:00:53,890

My private profile shows that it's on,



24

00:00:53,890 --> 00:00:56,400

and my public profile shows that it's on.



25

00:00:56,400 --> 00:00:59,040

What this means is that in my private network



26

00:00:59,040 --> 00:01:00,610

and my public network, I do have



27

00:01:00,610 --> 00:01:02,510

the Windows Firewall turned on.



28

00:01:02,510 --> 00:01:05,860

In the private network, I don't allow any inbound connections



29

00:01:05,860 --> 00:01:07,630

that don't match my rules.



30

00:01:07,630 --> 00:01:09,300

But I will allow outbound connections



31

00:01:09,300 --> 00:01:10,970

that don't match my rules.



32

00:01:10,970 --> 00:01:14,130

In my public network, I have it set the exact same way.



33

00:01:14,130 --> 00:01:17,580

Now, if I want to change that, I can go into my inbound rules



34

00:01:17,580 --> 00:01:21,010

or my outbound rules and decide how I want that to be done.



35

00:01:21,010 --> 00:01:23,200

Let's take a look at some of these rules.



36

00:01:23,200 --> 00:01:26,340

For example, we have this one here which is SSH,



37

00:01:26,340 --> 00:01:28,120

which is secure shell.



38

00:01:28,120 --> 00:01:29,860

All of my profiles allow it.



39

00:01:29,860 --> 00:01:31,560

It's enabled for all of them.



40

00:01:31,560 --> 00:01:33,390

It will do an allow action.



41

00:01:33,390 --> 00:01:35,810

And it's going to allow any program to be run



42

00:01:35,810 --> 00:01:38,910

from any address locally to any address remotely



43

00:01:38,910 --> 00:01:41,120

over port 22.



44

00:01:41,120 --> 00:01:42,640

That may be what you want to do



45

00:01:42,640 --> 00:01:44,950

or it may be something you want to block.



46

00:01:44,950 --> 00:01:47,090

Let's go ahead and look at some other ones.



47

00:01:47,090 --> 00:01:49,190

Down here we have App Installer.



48

00:01:49,190 --> 00:01:53,150

For App Installer, it's allowing it to go any local address



49

00:01:53,150 --> 00:01:57,030

to any remote address, any protocol, and any port.



50

00:01:57,030 --> 00:01:58,580

This type of an any any rule



51

00:01:58,580 --> 00:02:00,480

allows it to have a lot of ability.



52

00:02:00,480 --> 00:02:02,438

And so, this is going to allow



53

00:02:02,438 --> 00:02:05,130

a lot of things through that we might not want.



54

00:02:05,130 --> 00:02:06,490

Now, let's say you have a program



55

00:02:06,490 --> 00:02:07,720

that you want to add to this.



56

00:02:07,720 --> 00:02:09,460

Maybe you have a new web server on this



57

00:02:09,460 --> 00:02:11,420

and you're going to run it on port 80.



58

00:02:11,420 --> 00:02:13,170

You can hit New.



59

00:02:13,170 --> 00:02:16,020

You can then select a Program, a Port,



60

00:02:16,020 --> 00:02:18,060

a Predefined, or a Custom.



61

00:02:18,060 --> 00:02:19,630

In this case, if it's a web server,



62

00:02:19,630 --> 00:02:22,090

we would want to do it based on port 80.



63

00:02:22,090 --> 00:02:23,840

Then, we'll click on Next.



64

00:02:23,840 --> 00:02:26,730

Do we want it for TCP traffic or UDP traffic?



65

00:02:26,730 --> 00:02:29,190

If the web server again, it's TCP.



66

00:02:29,190 --> 00:02:30,860

If it's something else that might use UDP,



67

00:02:30,860 --> 00:02:32,020

you can set that up.



68

00:02:32,020 --> 00:02:34,160

And then what ports is that going to work for?



69

00:02:34,160 --> 00:02:36,800

For all of your local ports or specific ports?



70

00:02:36,800 --> 00:02:38,410

Well, if it's a web server,



71

00:02:38,410 --> 00:02:40,170

it again should be port 80,



72

00:02:40,170 --> 00:02:42,270

and for secure port 443.



73

00:02:42,270 --> 00:02:44,770

Then, we can go Next.



74

00:02:44,770 --> 00:02:46,420

We can allow that connection.



75

00:02:46,420 --> 00:02:48,300

We can allow the connection if it's secure,



76

00:02:48,300 --> 00:02:49,360

meaning it has to use something



77

00:02:49,360 --> 00:02:51,560

like a VPN tunnel with IPsec.



78

00:02:51,560 --> 00:02:53,070

Or we can block the connection



79

00:02:53,070 --> 00:02:54,960

and not allow any web traffic in.



80

00:02:54,960 --> 00:02:57,730

In our case, we want to allow the connection.



81

00:02:57,730 --> 00:02:59,890

Then, we click on Next and you can see



82

00:02:59,890 --> 00:03:01,940

which of those three networks it's going to apply to.



83

00:03:01,940 --> 00:03:04,440

I'm going to allow all three of them to have it applied to it.



84

00:03:04,440 --> 00:03:06,357

And then, I'll give it a rule.



85

00:03:06,357 --> 00:03:08,233

Jason's Web Server.



86

00:03:09,997 --> 00:03:11,370

And that's it.



87

00:03:11,370 --> 00:03:13,000

Now, you can see that Jason's Web Server



88

00:03:13,000 --> 00:03:16,340

is now going to allow traffic from any program,



89

00:03:16,340 --> 00:03:18,890

from any local address, and any remote address,



90

00:03:18,890 --> 00:03:23,290

over protocol TCP and on port 80 and 443.



91

00:03:23,290 --> 00:03:27,130

Now, conversely, if I want to block things from getting in,



92

00:03:27,130 --> 00:03:29,420

we would do the exact same thing except we would set it up



93

00:03:29,420 --> 00:03:31,240

as a block or a deny.



94

00:03:31,240 --> 00:03:33,360

For example, I don't want to allow anybody



95

00:03:33,360 --> 00:03:35,030

to do Telnet into my network,



96

00:03:35,030 --> 00:03:37,060

because Telnet is unsecure.



97

00:03:37,060 --> 00:03:38,738

So, I would set up a new rule.



98

00:03:38,738 --> 00:03:42,420

And from there, I can block anything on port 23,



99

00:03:42,420 --> 00:03:45,640

which is TCP traffic on port 23.



100

00:03:45,640 --> 00:03:47,060

And then, I'll hit next.



101

00:03:47,060 --> 00:03:48,850

I'll block that connection



102

00:03:48,850 --> 00:03:51,400

and I'll block it for all three of those networks.



103

00:03:51,400 --> 00:03:53,263

And I'm going to say Blocking Telnet.



104

00:03:55,940 --> 00:03:56,773

And that's it.



105

00:03:56,773 --> 00:03:59,330

You can see how easy it is to set up these rules.



106

00:03:59,330 --> 00:04:02,240

For the Security+ exam, you should feel very comfortable



107

00:04:02,240 --> 00:04:04,000

with setting up these type of rules.



108

00:04:04,000 --> 00:04:07,930

If somebody says I want to block TCP on port 23



109

00:04:07,930 --> 00:04:10,170

or I want to block Telnet, then you should be able to say



110

00:04:10,170 --> 00:04:13,860

I want to block it from this area and let it go to that area.



111

00:04:13,860 --> 00:04:15,680

Now, one more area of the Windows Firewall



112

00:04:15,680 --> 00:04:18,240

that I want to show you is down here in Monitoring.



113

00:04:18,240 --> 00:04:20,680

Down in Monitoring, you can see which profile is active,



114

00:04:20,680 --> 00:04:21,930

as I showed you before,



115

00:04:21,930 --> 00:04:23,940

but you also have access to the log file.



116

00:04:23,940 --> 00:04:25,670

And if you click on that, you'll be able to see



117

00:04:25,670 --> 00:04:27,090

what's currently there.



118

00:04:27,090 --> 00:04:28,340

What is being logged right now?



119

00:04:28,340 --> 00:04:31,040

Is it logging drop packets and successful connections?



120

00:04:31,040 --> 00:04:32,370

Right now, it's not.



121

00:04:32,370 --> 00:04:34,221

But we can change that if we wanted to.



122

00:04:34,221 --> 00:04:37,660

Now, we can also view our active rules.



123

00:04:37,660 --> 00:04:40,460

This again brings us back to what those inbound rules are



124

00:04:40,460 --> 00:04:43,690

and seeing which ones are actually active on this profile.



125

00:04:43,690 --> 00:04:45,820

So, you'll notice anything that's all or public



126

00:04:45,820 --> 00:04:47,100

is being shown here.



127

00:04:47,100 --> 00:04:50,410

Anything that was just private or domain is not



128

00:04:50,410 --> 00:04:54,070

because they're not active for this particular connection.



129

00:04:54,070 --> 00:04:57,260

Next, we're going to configure a Firewall on a Mac machine.



130

00:04:57,260 --> 00:05:00,170

To do that, simply go to the Apple in the upper left corner



131

00:05:00,170 --> 00:05:01,930

and go to System Preferences.



132

00:05:01,930 --> 00:05:04,840

From here, you're going to click Security and Privacy.



133

00:05:04,840 --> 00:05:08,240

And then, you're going to click on the Firewall tab.



134

00:05:08,240 --> 00:05:10,570

You can notice that my firewall is on,



135

00:05:10,570 --> 00:05:13,280

but I can't click any of the firewall options right now.



136

00:05:13,280 --> 00:05:16,020

That's because you have to unlock it by clicking the lock



137

00:05:16,020 --> 00:05:18,070

and adding your username and password



138

00:05:18,070 --> 00:05:19,170

for the admin account.



139

00:05:20,980 --> 00:05:23,440

Once you do that, you can turn off your firewall.



140

00:05:23,440 --> 00:05:24,930

Or you can turn on your firewall.



141

00:05:24,930 --> 00:05:27,520

And you can configure the options.



142

00:05:27,520 --> 00:05:30,570

In here, you can block all incoming connections,



143

00:05:30,570 --> 00:05:32,180

you can see what applications



144

00:05:32,180 --> 00:05:33,550

have been allowed through the firewall.



145

00:05:33,550 --> 00:05:35,840

In my case, Skype and Google Drive



146

00:05:35,840 --> 00:05:38,410

are allowed to have connections into my computer.



147

00:05:38,410 --> 00:05:41,180

And then, you can automatically allow built-in software,



148

00:05:41,180 --> 00:05:43,890

meaning Apple Software, to receive incoming connections,



149

00:05:43,890 --> 00:05:46,080

things like iTunes and iMessage.



150

00:05:46,080 --> 00:05:48,860

And you can automatically allow downloaded signed software



151

00:05:48,860 --> 00:05:50,490

to receive incoming connections,



152

00:05:50,490 --> 00:05:52,410

meaning, this is software that you trust.



153

00:05:52,410 --> 00:05:54,460

And finally, we have stealth mode.



154

00:05:54,460 --> 00:05:56,910

What stealth mode does is it makes your firewall



155

00:05:56,910 --> 00:05:59,940

not respond and not acknowledge any attempts



156

00:05:59,940 --> 00:06:01,820

from somebody to ping your network.



157

00:06:01,820 --> 00:06:03,820

So, somebody is doing a ping sweep of your network,



158

00:06:03,820 --> 00:06:06,150

my computer is simply not even going to answer.



159

00:06:06,150 --> 00:06:08,880

So, you won't know it's up, down, or even there.



160

00:06:08,880 --> 00:06:11,210

So, how do we add an application to this list



161

00:06:11,210 --> 00:06:12,980

to allow incoming connections?



162

00:06:12,980 --> 00:06:15,040

Well, Mac makes it fairly easy.



163

00:06:15,040 --> 00:06:16,730

You click on the plus sign,



164

00:06:16,730 --> 00:06:18,100

you find the application,



165

00:06:18,100 --> 00:06:20,060

for example, my Chess application,



166

00:06:20,060 --> 00:06:21,730

and then hit add.



167

00:06:21,730 --> 00:06:23,540

When you do that, it by default



168

00:06:23,540 --> 00:06:25,570

is going to allow incoming connections.



169

00:06:25,570 --> 00:06:27,080

Now, if I don't want that anymore,



170

00:06:27,080 --> 00:06:29,370

I could simply click on it and subtract it



171

00:06:29,370 --> 00:06:31,290

and it won't answer up.



172

00:06:31,290 --> 00:06:33,860

As you can see, you don't have the level of fidelity



173

00:06:33,860 --> 00:06:37,260

that you have on a Windows machine here in Mac machine.



174

00:06:37,260 --> 00:06:38,690

To get that level of fidelity,



175

00:06:38,690 --> 00:06:41,320

you'd have to use the command line firewall tools



176

00:06:41,320 --> 00:06:44,583

that are provided, such as PF or IPFW.