WEBVTT 1 00:00:00.660 --> 00:00:02.700 While routers can use Access Control Lists 2 00:00:02.700 --> 00:00:05.280 to provide some protection filtering for our networks, 3 00:00:05.280 --> 00:00:08.100 it's really a dedicated device known as a firewall 4 00:00:08.100 --> 00:00:10.680 that excels at using Access Control Lists. 5 00:00:10.680 --> 00:00:13.230 Now, Access Control Lists are very important for us 6 00:00:13.230 --> 00:00:14.820 to be able to secure our networks 7 00:00:14.820 --> 00:00:16.440 from unwanted traffic. 8 00:00:16.440 --> 00:00:17.820 A large portion of the permit 9 00:00:17.820 --> 00:00:20.520 and deny statements that we utilize in our ACLs 10 00:00:20.520 --> 00:00:23.430 are based on port numbers, because these directly correlate 11 00:00:23.430 --> 00:00:26.130 with an application or service that we wish to allow, 12 00:00:26.130 --> 00:00:27.540 or to block. 13 00:00:27.540 --> 00:00:30.270 Access Control List, or ACLs are the rule sets 14 00:00:30.270 --> 00:00:32.400 that are placed on the firewalls, routers, 15 00:00:32.400 --> 00:00:34.800 and other network infrastructure devices that permit 16 00:00:34.800 --> 00:00:37.380 or allow traffic through a particular interface. 17 00:00:37.380 --> 00:00:39.210 These rule sets will control the flow 18 00:00:39.210 --> 00:00:41.610 of traffic into or out of our networks. 19 00:00:41.610 --> 00:00:44.490 Now, to configure the Access Control List on our firewalls, 20 00:00:44.490 --> 00:00:46.620 we're either going to be using a web-based interface, 21 00:00:46.620 --> 00:00:49.140 or a text-based command line interface. 22 00:00:49.140 --> 00:00:50.760 When configuring these ACLs, 23 00:00:50.760 --> 00:00:52.500 it's important to remember that the order in which 24 00:00:52.500 --> 00:00:54.483 they're listed specifies the order of the actions 25 00:00:54.483 --> 00:00:57.780 that are taken on a particular piece of traffic. 26 00:00:57.780 --> 00:01:00.540 Actions are always performed top down inside 27 00:01:00.540 --> 00:01:02.280 of an Access Control List. 28 00:01:02.280 --> 00:01:04.320 The traffic is compared against the first rule, 29 00:01:04.320 --> 00:01:06.180 and if it matches the conditions for the action 30 00:01:06.180 --> 00:01:08.160 to be applied, it's going to be performed, 31 00:01:08.160 --> 00:01:10.470 and no other ACLs will be checked. 32 00:01:10.470 --> 00:01:11.310 For this reason, 33 00:01:11.310 --> 00:01:13.590 our most specific rules should always be placed 34 00:01:13.590 --> 00:01:14.820 at the top of the list, 35 00:01:14.820 --> 00:01:17.730 with more generic rules located towards the bottom. 36 00:01:17.730 --> 00:01:20.040 Now, routers can provide basic security using 37 00:01:20.040 --> 00:01:22.530 these Access Control Lists and filtering rules. 38 00:01:22.530 --> 00:01:24.870 But it is really our network firewalls that are 39 00:01:24.870 --> 00:01:26.130 most commonly going to be used 40 00:01:26.130 --> 00:01:29.670 for network security and bulk blocking and allowing. 41 00:01:29.670 --> 00:01:31.890 Firewalls can be hardware-based appliances, 42 00:01:31.890 --> 00:01:34.860 or specialized software installed on a client or server, 43 00:01:34.860 --> 00:01:36.540 to perform this function. 44 00:01:36.540 --> 00:01:38.910 The primary role of a firewall is to inspect 45 00:01:38.910 --> 00:01:40.590 and control traffic trying to enter 46 00:01:40.590 --> 00:01:42.450 or leave a network's boundary. 47 00:01:42.450 --> 00:01:44.340 There are many different types of firewalls, 48 00:01:44.340 --> 00:01:47.430 including packet-filtering, stateful, proxy, 49 00:01:47.430 --> 00:01:51.180 dynamic packet filtering, and kernel proxy firewalls. 50 00:01:51.180 --> 00:01:53.880 Each type of firewall is going to focus on either a more 51 00:01:53.880 --> 00:01:56.370 or less thorough inspection of the traffic. 52 00:01:56.370 --> 00:01:58.890 As with everything in network security, there is going to be 53 00:01:58.890 --> 00:02:01.230 a performance trade off based upon how deep 54 00:02:01.230 --> 00:02:02.700 of an inspection we do. 55 00:02:02.700 --> 00:02:05.070 If a firewall does a more in depth inspection, 56 00:02:05.070 --> 00:02:07.470 then the device can achieve as high of a throughput, 57 00:02:07.470 --> 00:02:10.080 because it's going to take more time to go through every one 58 00:02:10.080 --> 00:02:12.990 of those ACL rules, and inspect each of those packets. 59 00:02:12.990 --> 00:02:15.390 This can negatively affect our network's efficiency 60 00:02:15.390 --> 00:02:17.400 and increase the network latency. 61 00:02:17.400 --> 00:02:20.370 Now, because firewalls are such integral security devices 62 00:02:20.370 --> 00:02:22.890 for our networks, they are constantly being evolved 63 00:02:22.890 --> 00:02:25.620 to provide us with better features and more security. 64 00:02:25.620 --> 00:02:27.780 It's important to note that many organizations 65 00:02:27.780 --> 00:02:29.070 have been migrating towards 66 00:02:29.070 --> 00:02:32.400 a Unified Threat Management firewall, or UTM. 67 00:02:32.400 --> 00:02:34.950 Unified Threat Management devices provide the ability 68 00:02:34.950 --> 00:02:37.110 to conduct numerous security functions within 69 00:02:37.110 --> 00:02:39.420 a single device or network appliance. 70 00:02:39.420 --> 00:02:41.340 These devices include the functionality 71 00:02:41.340 --> 00:02:44.580 of multiple specialized devices, such as network firewalls, 72 00:02:44.580 --> 00:02:47.550 network intrusion prevention systems, gateway antivirus 73 00:02:47.550 --> 00:02:50.820 and anti-spam, virtual private network concentration, 74 00:02:50.820 --> 00:02:54.360 content filtering, load balancing, and data loss prevention, 75 00:02:54.360 --> 00:02:56.970 all within a single network appliance. 76 00:02:56.970 --> 00:02:58.890 These Unified Threat Management devices have 77 00:02:58.890 --> 00:03:00.390 a lot of benefits as well, 78 00:03:00.390 --> 00:03:02.130 such as reducing the number of devices 79 00:03:02.130 --> 00:03:05.130 that technicians need to learn, operate, and maintain. 80 00:03:05.130 --> 00:03:07.020 This can help to decrease the overall cost 81 00:03:07.020 --> 00:03:08.460 of providing these protections, 82 00:03:08.460 --> 00:03:11.070 but there's still going to be some drawbacks here. 83 00:03:11.070 --> 00:03:11.910 The largest issue 84 00:03:11.910 --> 00:03:15.210 with UTM devices, is that they're a single point of failure. 85 00:03:15.210 --> 00:03:16.980 If the device fails, for example, 86 00:03:16.980 --> 00:03:18.930 we don't just lose our firewall anymore. 87 00:03:18.930 --> 00:03:21.300 We're now losing our firewall, our antivirus, 88 00:03:21.300 --> 00:03:24.060 our intrusion prevention system, and things like that. 89 00:03:24.060 --> 00:03:25.890 All of our security stack can be wrapped up 90 00:03:25.890 --> 00:03:28.200 in this one device, which means, if we lose it, 91 00:03:28.200 --> 00:03:30.300 we lose our entire security stack. 92 00:03:30.300 --> 00:03:32.520 So, our organization needs to consider 93 00:03:32.520 --> 00:03:34.860 both the advantages and disadvantages 94 00:03:34.860 --> 00:03:37.440 of Unified Threat Management before deciding to implement 95 00:03:37.440 --> 00:03:39.210 that in our architecture. 96 00:03:39.210 --> 00:03:42.870 Some advantages of using a UTM include lower upfront costs, 97 00:03:42.870 --> 00:03:44.580 maintenance, and power consumption. 98 00:03:44.580 --> 00:03:46.140 Because all of these functions reside 99 00:03:46.140 --> 00:03:48.180 in a single rack-mounted device. 100 00:03:48.180 --> 00:03:50.370 They're also going to be easier to install and configure, 101 00:03:50.370 --> 00:03:53.580 than having to do multiple devices for each single function. 102 00:03:53.580 --> 00:03:55.230 And they can be fully integrated, 103 00:03:55.230 --> 00:03:57.090 which has a lot of benefits too. 104 00:03:57.090 --> 00:03:59.040 The big disadvantage here is that they are 105 00:03:59.040 --> 00:04:00.300 a single point of failure, 106 00:04:00.300 --> 00:04:02.250 and they often lack the detail provided by 107 00:04:02.250 --> 00:04:03.660 a more specialized tool, 108 00:04:03.660 --> 00:04:06.840 and their performance can oftentimes not be as efficient 109 00:04:06.840 --> 00:04:09.090 as a single function device would. 110 00:04:09.090 --> 00:04:11.640 While UTM devices work well for the most part, 111 00:04:11.640 --> 00:04:13.860 they do utilize separate individual engines 112 00:04:13.860 --> 00:04:15.870 for each function they're trying to perform 113 00:04:15.870 --> 00:04:17.490 in their security inspections. 114 00:04:17.490 --> 00:04:19.590 Whereas, when you're using a next-gen firewall, 115 00:04:19.590 --> 00:04:22.110 you're going to be using a single more efficient engine. 116 00:04:22.110 --> 00:04:23.430 And so if network speed 117 00:04:23.430 --> 00:04:25.470 and efficiency are your primary concern 118 00:04:25.470 --> 00:04:26.640 for your organization, 119 00:04:26.640 --> 00:04:29.250 you want to consider using a next-gen firewall 120 00:04:29.250 --> 00:04:32.010 over a Unified Threat Management device. 121 00:04:32.010 --> 00:04:33.870 Now, if your organization decides to go 122 00:04:33.870 --> 00:04:35.790 with a Unified Threat Management device, 123 00:04:35.790 --> 00:04:37.680 you're going to place it in between your LAN 124 00:04:37.680 --> 00:04:39.240 and the connection to the internet, 125 00:04:39.240 --> 00:04:42.630 just as if it was a firewall in an inline configuration. 126 00:04:42.630 --> 00:04:44.880 As you can see, there are a lot of different choices 127 00:04:44.880 --> 00:04:46.710 when it comes to firewalls when you're designing 128 00:04:46.710 --> 00:04:48.363 the architecture of your network.