Host-Based Firewalls

CompTIA Security+ (SY601) Domain:
Domain 3.0: Implementation

CompTIA Security+ (SY601) Objective Mapping:
Objective 3.3: Given a scenario, implement secure network designs.

Overview

This lab will explore firewalls in the IT environment at the host. Students will view and configure the two host-based firewalls that are packaged with the Windows operating systems as well as create a firewall rule within the Linux Ubuntu operating system using the uncomplicated firewall (UFW). Figure 1 shows the topology for this lab.

OUTCOMES:

In this lab, students will learn to:

Learn how the hacker enters the network
Write rules to protect the network
Learn how the hacker triggers alerts

Courses

Network Security Fundamentals - Skill Labs

College Pro - Core Cyber Defense

Key terms and descriptions

Wireshark

A protocol analyzer that read binary capture files. Wireshark will also allow you to capture network traffic and runs on Windows, Linux, and on Mac OS X.

snort

Snort, an Intrusion Detection System (IDS), can be used to analyze and capture traffic. By using signatures, snort can provide information about activity within a capture file. Snort can be downloaded from www.snort.org and is a free and commercial tool. Sourcefire, a Columbia, Maryland based company, maintains and develops snort.

tcpdump

A Linux/UNIX program that allows you to capture network traffic. The tcpdump program comes installed on many Linux distributions by default.

Sniffer

A Sniffer is used to capture network traffic on a Network. Software programs like tcpdump, Wireshark, and Network Miner can be used to sniff traffic.

PCAP File

Programs that can sniff network traffic like tcpdump, Wireshark, and Network Miner allow you to save the network capture to a PCAP file format. In order to read the PCAP format, you need a tool like Wireshark or Network Miner.