implicit deny
This is a topic that many people are looking for. thevoltreport.com is a channel providing useful information about learning, life, digital marketing and online courses …. it will help you have an overview and solid multi-faceted knowledge . Today, thevoltreport.com would like to introduce to you Firewall Rules – CompTIA Security+ SY0-401: 1.2. Following along are instructions in the video below:
1 00:00:00,000 –> 00:00:02,090 When you work in technology, and especially in security with technology, theres a lot of rules involved. These rules are procedural rules, theyre rules about the way that our devices operate, theyre rules about allowing people access to different things. A lot of the things that we do, really, are procedural. Theyre both technical and non-technical in nature. You need policies and procedures, and what happens when somebody walks into your building and they dont have their badge? You need policies and procedures when a new person is hired. What is the process for getting them the proper credentials to the network? And of course, theres technical procedures as well. When somebody is asking for those credentials, how do you provide those credentials? Theres got to be a way that you provide that into your system. Theyre for environments that are dealing with finances or medical or other sensitive types of data. There are also a lot of very specific rules as well. Some of these rules are things that youve created internally, some of these rules have been created by third parties and are required of you to maintain because of the types of environments that you have. If youre someone who has medical information– thats very private information– there are certain rules and requirements that you must follow to be able to protect your patients data. When we look at our technical devices like firewalls, theres packet filters, even email systems have filtering rules within them. These are, in some cases, very very technical rules. Were dealing with bits and bytes, and so we also have to apply those rules to what were doing as well. Sometimes, in fact almost all the time, our technical rules are going to follow the procedural rules that we set up. When somebody is asking for credentials
to be able to log into the network they might fill out a form, they might visit a web page and add their information, and then youve now got to provide the technical back end to provide them that data. So youre almost always spending a lot of time– before you even touch a keyboard– determining what the process is going to be. Determining what somebody has to provide you in order for you to get them the access that they need. These are things that, hopefully, youre figuring out based on your requirements for your business or your organization. But very often youre taking into account a lot of different requirements from a lot of different people and putting that all together to create the technical answer that you might need. Lets start a technical discussion of rules dealing with firewall rules, because as a security professional you are going to be using firewalls quite a bit, and youre going to be going through the rule bases to allow or deny people access to certain resources. And as we look at the rules of the firewall, were usually making the decisions on what people can do based on a number of different tuples. These are different categorizations of data that well then add information to. So we may decide if somebody is coming from a certain source IP address, they may be going to a certain destination IP address, maybe using a certain kind of port number. It may be a certain time of the day, they may be using a certain application, and on and on and on. Different firewalls have different tuples that you could use to make this determination. And well group that together and say if you match all of these put together, then you are either allowed or denied access to certain resources.
Usually, there is also a logical path that you follow with firewall rules. Almost always, you start at the top of a rule base and you work your way down. Its not that way with every firewall, however. Youll need to look at your particular firewall and how it operates to find out exactly the path that it follows, to be able to determine whether somebody has access to the internet or not. These rules can also be very generalized. Maybe you might want to set a rule that says if youre anybody inside the network, you can surf the internet. Thats a very general rule. Or it might be very specific, that says if you are in the marketing department and you are coming from a particular source IP address, then you have access to this particular resource on the internet that is that another IP address. Thats a very specific role. So you tend to put those specific rules at the top of your firewall list so that theyre fired on first if it applies, and then other more general rules are at the bottom. In almost all firewalls– this is not always the case– but a good firewall, anyway, I like to think that there is something called an implicit deny at the very bottom of that list. And that means that if it goes through your list of rules and at the very bottom of the list it hasnt hit any of those rules, were just going to drop the traffic. It is implicitly denied traffic at the bottom. Some people will put an explicit deny at the bottom. Theyll create a rule at the bottom of their firewall that says if its any-to-any type traffic at the bottom, deny everything. Sometimes thats useful just so you can see it, and know that that rule
is being fired on. Sometimes theyre doing it so that it gets logged, because usually implicit denies dont log traffic. Can you imagine logging everything that comes in from an internet connection thats not intended to come inside of your network? It would be an enormous amount of traffic. Some people, however, would like to see that information. So they may put an explicit deny down at the bottom of the rule base, just so they can capture and log some of that information coming by. If you dont put a rule, then its probably the case that your firewall has an implicit deny, and its going to drop all that traffic anyway. Lets step through a very simple firewall rule base, and lets see whats really involved here. I grabbed this rule set directly from an internet service provider. This is their default configuration for their web servers on their Linux host. And you can see theyre numbered one through seven, all in order. In fact, they start from the top and work their way down. And you can see there is a default policy here. This particular rule set has an implicit deny, which means unless youre allowing it in this list, it gets denied. So lets start with rule number one, which says if youre coming from any remote IP address on any remote port number, and youre connecting to this particular web server on port 22 with the TCP protocol, were going to allow that. If youre a really good person about documenting your particular firewall rules– there may be one of these fields thats a description field– and you may put in here that this rule allows anybody to be able to SSH to our particular firewall. This is how you take those well-known port numbers and apply them back to certain applications that
are used. Now that that matches, well then allow an SSH. So lets go down to the next one, lets say the traffic coming through doesnt match that, then well examine this rule. It says from any remote IP to any remote port number over port 80 thats running TCP, allow that traffic. And of course, port 80 TCP is HTTP based traffic, usually. Thats our web service traffic. So if were running a web server on this machine, somebodys trying to connect to it with a browser, it is the firewall rule number two that will allow that traffic to connect to this server. Lets do one more. Rule number three is remote IP is any talking to any remote port number over port 443. That is the TCP protocol. Allow it, and of course, port 443 is HTTPS. And you would step through this list and make sure that everything here is what you would like it to be. In fact, the next rule that says allow all IPs from any port number to local port 8443 over the TCP protocol, allow it. Thats not one you often see. 8443 is not usually a well known protocol. That is a protocol that is used– a port number thats used– to open up access to the management part of the web server. So if you dont want people managing your web server with that front-end web based management that youve created, you may want to deny traffic if its coming from any remote IP address. So thats a good example of how you can allow or disallow the traffic based on any of these port numbers coming through. And were simply following the rules of our firewall, one after the other, until it either fires or gets to the bottom where traffic is implicitly denied. 196 00:07:52,400 –> 00:07:53,500
tags:
security+, certification, comptia, free, james messer, professor messer, firewall, rule, tuple, implicit deny
Thank you for watching all the articles on the topic Firewall Rules – CompTIA Security+ SY0-401: 1.2. All shares of thevoltreport.com are very good. We hope you are satisfied with the article. For any questions, please leave a comment below. Hopefully you guys support our website even more.
