CCT 132: Firewalls, NGFW, Static Packet Filtering, Application, Circuit Level, Proxy's, URL Filtering (D7.7.1)

Apr 15, 2024
 

Dive into the digital trenches with me, Sean Gerber, and ward off cyber threats as we dissect the intricate design of firewalls. Cybersecurity isn't just tech jargon; it's a barricade guarding our financial fortresses from trillion-dollar breaches. In this comprehensive session, we don't just skim through firewall types and setups; we equip you for the frontlines of data protection and cybersecurity leadership. Whether you're a CISSP candidate or a seasoned pro looking to sharpen your skills, this episode promises insights that blend exam prep with real-world network defense strategies.

Imagine safeguarding a hypothetical nuclear plant in Sri Lanka; it's a gargantuan task that parallels the complex compliance and architectural challenges we unpack here. Firewalls serve as the bulwark for critical infrastructure, and we delve into the art of balancing stringent government mandates with the innovative architecture of firewall systems. From log management to scaling secure network environments, we address the technicalities and managerial acumen needed to navigate these waters successfully. This episode is a treasure trove for anyone in the cybersecurity field, brimming with knowledge on how to align security tools with organizational needs and capabilities.

As we wrap up, I lay out the roadmap for conquering the CISSP exam. It's not just about mastering the material; it's about embracing a strategic mindset to tackle the broad spectrum of concepts. With CISSPcybertraining.com in your arsenal, we prepare you to face your Achilles' heel head-on. Our conversation is more than a study session; it's a call to arms for cybersecurity warriors ready to rise through the ranks and shield their networks from the onslaught of cyber threats. Tune in, fortify your knowledge, and transform your understanding of cybersecurity with every minute of this episode.

TRANSCRIPT

Speaker 1:  

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go.

Speaker 2:  

Cybersecurity knowledge All right, let's get started. Hey, I'm Sean Gerber with CISSP Cyber Training, and hope you all are having a blessed day today. Today we're going to get into some great things around firewalls. Now this follows into domain 7.7.1 of the CISSP, isc squared study guide, and so so we're going to go into various aspects around that, and then on Thursday you will have the CISSP cyber trading uh, what do they call it? The questions of the day and they're going to be focused off of the podcast 7.71 as well. So what are we? What should we do? How are we going to get going here?

Speaker 2:  

Well, let's get rolling into an article that I saw within security week. Now, this won't be a shocker to people, but they're. They're saying the financial firms lost about 12 billion dollars to cyber attacks over a span of two decades, which is basically 20 years, and they're saying that this has been something they've been able to dig up from the imf, the international monetary fund, and calling out various different cyber attacks that have affected those financial organizations across the globe. Now, so $12 billion in the overall grand scheme of things is a lot of money, but they're saying that close to a trillion dollars in financial loss has been hit with the economies various economies around the globe because of cyber type incidents. So the ultimate point of this is is that your guys' ability to learn the CISSP is a very important factor, as well as your time that you spend in cybersecurity. I've seen this only increase and I'd say the $12 billion if they put that on a sliding scale was probably very low at the beginning and then kind of worked and ramped its way up. So something to just always keep in the back of your mind, I would highly recommend that if you are a security person within your organization, that you go and look up various security incidents that have occurred and provide that information to your senior leaders.

Speaker 2:  

Also, if you're trying to get a job in security and let's just say you are an IT professional that's been around for a while by you getting this information and then feeding it to your leadership would be very valuable for you and your career. And the reason I also say that is in many cases they don't even know if you're interested in the security piece until they start hearing from you. So if you're in a traditional IT role and you don't know how to break through into the security, obviously taking the CISSP is an important factor. Being part of this podcast is another really important factor. And then the third one is tied into is if you get information you research information give this to your current security person. Pass this on saying, hey, this is what I've seen, this is what I'm reading, this is my synopsis of it. Pass it on to that individual. Or, if you don't have a security person, pass it on to the person who leads IT for your company. Again, if people don't know that you're interested in this stuff, they're not going to come looking for you.

Speaker 2:  

One thing I've learned out of life is that the knowledge you have is extremely valuable, super valuable, but if you don't market yourself, and you don't market yourself to your organization and to your people as a security professional or that you had this information, they don't know it and therefore they won't come and tap you on the shoulder. So bottom line is market yourself. You have to market what you know and where you're going to go with it. So that's, I'll leave that at that point, right there. So let's get rolling into our lesson for today, okay, so you're going to go with it. So that's, I'll leave that at that point, right there. So let's get rolling into our lesson for today. Okay, so we're going to get into firewalls Now.

Speaker 2:  

You all have probably heard of firewalls and some people I shouldn't say that not everybody has they probably know of them, but they may not know what they do. I've had a lot of people that are in the development space. They understand them, they tangentially, but they're not actually don't know how to deal with them a whole lot. So we're going to go over. This episode is going to be around firewalls and some key terms and concepts that you need to be aware of, especially as it relates to the CISSP, and also to keep in mind as I put this, these articles together, or this, this outline, I'm taking content out of the CISSP book and putting this in the overall podcast itself. So this is key terms that are coming out of the book. There are also things that have been additional, that I've dug up over the years, as well as things that we've been able to search on the internet to provide you this outline. So, again, if you're watching from this, you can see this outline. Specifically, see the video at CISSP Cyber Training. You can head there and you can go to my blog. It'll have all the videos that are going to be there as well as if you are on youtube. It'll be published on youtube in a period of a few, probably about three or four weeks. So, again, go check it out cissp, cyber training and you can see what we've got out there for you.

Speaker 2:  

Okay, so firewalls what is the purpose of a firewall? Now, the overall goal of a firewall is, like what it says it's to protect you from fire. No, not really. It's designed to shield your company, your organization, from incoming threats that might be damaging to your organization. It also, then, does aspects of any data that's leaving your organization. It can use that as a buffer for the data that's going out. So it's really an important part of your overall network security perimeter and therefore they're highly important to put within your organization. Now I have seen it where individuals will have, let's just say, their business network. There's no firewall. They just connect to the internet and they have a router that connects to the internet and they just go on out. Bad idea, just a really bad idea, because this is the first step in protecting your organization.

Speaker 2:  

Now, these can be very simple, but they can also be very complex. It really comes down to your size of your company, your capability to be able to make changes to these things, and also your budget. How much are you willing to spend? So it's an important factor in any company that you put in firewalls. Now it's not just the one firewall that protects you from the internet, it's also you may have firewalls internally to your network, depending upon if you have traffic that's coming in from multiple different places, and maybe if there's an area that you want to kind of create a walled garden and segregate it off, then you may put firewalls or a virtual type firewall in that position. So, as we're dealing with cybersecurity, they do. They act as a barrier and they protect sensitive data in your network from controlling the traffic that's coming in and out of your company. Now they do have monitoring. That's enabled, and we'll get into different types of traffic monitoring that are available to you. But what it does is it scrutinizes both the inbound and the outbound traffic and it allows that.

Speaker 2:  

The goal is to allow only legitimate traffic into your organization or out. Now we talk about legitimate traffic. The bad guys and girls can hide themselves in what they call legitimate traffic. One of the things they did as an attacker was that you would go in and you would try to get through the firewall. Once you got through the firewall, then you would want to get the data out of your organization. Well, as you're getting the data out of the company, you want to hide that information, leaving the company in a way that doesn't. It looks like normal, specific data, it looks like normal traffic that you would see coming and going from your company.

Speaker 2:  

The goal is that because, if I made it really broad, so let's just say, for example, I don't, your company does not allow any sort of file transfers to Google Drive, whatever. But any of the drive companies, right, go, not go to any can't think of the name of it but any of the drives, right, google Azure, any of those places where they have external file storage, external file access. If your company does not allow that, and then all of a sudden but let's say you don't put in rules to protect it all of a sudden you start seeing data going out to these file storage locations. Well, that would be an indicator that maybe somebody has gotten access to some data they shouldn't and is shoveling it out to your organization, gotten access to some data they shouldn't and is shoveling it out your organization. So that's what a firewall would help determine some of that information that's actually going out. So it's important that you you control the size of your company and what you're doing and the data that's leaving your organization.

Speaker 2:  

Also, what do firewalls do? They protect against the various threats that we just talked about coming and going from your network. Now, this concludes malware, ransomware, any sort of attacking attempts that may occur, and, depending upon the type of firewall that you have, it could be very rudimentary, the amount of protection you have on that firewall, or it could be very complex where the actual firewall itself is acting and actively shutting things down, depending upon the attack structure that's coming in. So it really depends on the system that you've purchased, just like you mentioned. Like anything else, if you buy a very basic car, it's going to cost you X. If you buy a really Gucci car with lots of bells and whistles and buttons and knobs, it's going to cost X plus Y, so just know, and then actually plus Z because you got to pay for somebody to manage it. So it's three times the cost, right, but potentially could be three times the protection, depending upon your company and what you value in your company.

Speaker 2:  

Another around that is data security. So it helps does safeguard sensitive data by preventing intrusions that could lead to breaches. It also monitors the data that is leaving your organization, as I mentioned earlier. So it's watching all of that and it has the ability to is leaving your organization, as I mentioned earlier. So it's watching all of that and it has the ability to help protect your company.

Speaker 2:  

Another piece that is commonly used, but may not be used in the most effective manner, is regulatory compliance. Depending upon what your company does, if you're in the healthcare industry, you may need to have a certain type of firewall. I know when I was in the manufacturing environment, you had to have a specific type of firewall. I know when I was in the manufacturing environment, you had to have a specific type of firewall for critical infrastructure. So you may have to have specific firewalls that can do certain things, depending upon what your company can do. I will give you an example where there are certain firewalls out there that do not let bidirectional traffic. They only are let unidirectional traffic, which basically means you have one set of firewalls that allows data in and you have another set of firewalls that allows data out.

Speaker 2:  

Now, those are typically what you would see within the critical infrastructure, within systems that are extremely highly volatile, you may have those types of firewalls in place. That would be a regulatory compliance type activity. And why do I say that? Well, if I'm a government of, I don't know, sri Lanka, for an example, and Sri Lanka is saying you have to have access to these, this nuclear power plant which I don't think they have one, but let's just say they do you have to have allow access to these two firewalls that allow access in and another firewall that allows access out. And they're saying you must go do that. So that's a regulatory compliance that must be in place.

Speaker 2:  

Now, if they don't have that, if they're not requiring that type of activity, then in many cases people will buy just a regular. I say a regular, it's not just regular, but they'll most likely buy a more advanced firewall that allows bi-directional communication, because one, it's cheaper. Two, I don't have to have people that manage it. It's again, there's there's different scales that you have to deal with when it comes to putting in these types of pieces of these pieces of equipment. So regulatory compliance is a big factor in a driver. Now the goal is is that if you're, if you want to you, you want to use regulatory compliance to help guide and shape your architecture. Overall, if there is a requirement from the government, you need to put it in place and you need to do it the way they're asking you to do it One to meet the compliance, but odds are high in most cases not always, but they have a specific reason on why they want you to do that.

Speaker 2:  

The whole firewall, where it has going in and then going out through separate channels. The important part of that is that if an attacker was to be able to get into your environment, it isn't just they don't just set up a bi-directional communication which allows them to pass traffic to and from. They've got to leapfrog over to another set of firewalls to do that outbound traffic. So it's very complicated. Again, the ultimate goal of these pieces of equipment that you're putting in is to want to detect these bad guys and gals, to stop them from doing it, and and you can detect them by these different layers of security you put in place, because people, the bad guys, are going to get around this. The goal is that you create blocks or barriers so that they trip up and that you get an alert that says that somebody is within your environment, in your network.

Speaker 2:  

So, as for the activities they log and manage, firewalls will typically record a wide range of data, and what that may include is you have traffic details, right. So source, type, data, destination, all of those pieces will be stored within a firewall. So, but now, as we all talk about infrastructure, even though they say you have Bill that's sitting in China and he attacks your system, bill has an IP address. Well, that IP address has probably been obfuscated multiple times trying to come and attack you, but it will tell you the source and the destination of where this attack is coming from. If it's a person in China, they could be using a server that's in Sri Lanka or even in Venezuela that could be attacking you. But at least it will tell you some level of information around where the data is coming from. And it will also tell you what kind of traffic so we talked about a couple weeks ago or last week, I can't remember is TCP, syn and ACK and the whole TCP handshake process. Well, it'll tell you if it's TCP, udp, any of those that vary as aspects of connections within your environment.

Speaker 2:  

So it's important to to have these types of logging enabled. Now that's one question I'm going to come back to is when you have all these details, these traffic details, if you don't have, don't have a good logging system in place, hence the logs are coming in, it's saying, hey, yes, I got a problem. Well. Well, these things don't have a lot of internal storage for logs. So what do they typically do is they will keep it for a period of time, depending upon the storage they have, and then, from there, what they will do is they'll overwrite that data. So if, if you don't have it set up so that this information is going to what they call a syslog server, it's going to another destination, the logs are going someplace else to be aggregated. If you don't have that, your logs are going to be overriding themselves, and if that's the case, you're really not going to have much use for the data. So, as you can see, this tail goes from having well, I have a firewall, I'm excited. You go from having a firewall to now having a storage location for the logs, to then having something that will actually aggregate the logs, and then you have to have something else that will then alert on the logs, some level of automation around that. So, as you can see, it goes on, it just keeps on going and it all keeps going in price and cost. So it's just important for you to really get this is that if you're a security professional, you need to understand the full source of the whole, the whole chain from just your firewall on out to really creating this overall secure environment.

Speaker 2:  

Firewalls will also fight for security attempts. Any sort of unauthorized access, intrusion attempts or other security related incidents will occur as well. You can they'll alert on those. Now, if you have your firewall set up for basic, you just pull it out of the box, you rack it and stack it and turn it on. You're probably going to detect things that are the basic stuff on the internet that's constantly out there. It's just noise. The more advanced attackers you may or may not be able to detect those because, depending on the firewall you purchased and how you configured it, they may get around some of the things you have in place. But I say that there's a lot of really great capabilities that are coming out right now that you'll see within these firewalls and these hardware devices that will help you protect your environment much better than it has in the past.

Speaker 2:  

There's system changes, modifications to firewall rules and policies, which are essential to maintaining your overall protective measures. Again, you want to ensure that you have any sort of system changes. You make modifications to your firewall and then also, when it comes to, it'll provide you user activities of who accessed your firewall, who was utilized, made changes to it and so forth. No-transcript you need to have a way of tracking who these people are, because if you allow just anybody access to your firewall, you now are potentially setting up a situation where someone can just come in and go and turn off different features for you. So again, you just grab the box. The box is great, but now there's all the things around logging. There's all around user controls, role-based access controls, there's aspects, where do you put it within your network.

Speaker 2:  

All of those pieces really need to be thought about before you actually just go out and buy the firewall itself. You want to really think about architecturally where all these things are going to go. And then, how do I put processes in place to make sure I utilize it to the maximum potential? Okay, so now we're going to go. And then how do I put processes in place to make sure I utilize it to the maximum potential? Okay, so now we're going to get into what are the different types of firewalls that are available to you, for the first one we're just going to get is the traditional firewall, which I've been kind of talking about, and they do packet inspections without maintaining this basically state of the connection they're. They're just taking data in, they're looking at the packets, they tear them down, they look at the ip addresses, the source ip, destination ip, the potential payload itself. They will look at all these different things of the actual overall packet and that is a traditional firewall. In many cases. Those will be just fine for most organ, most organizations.

Speaker 2:  

However, depending upon what your company does, or if you have a little bit more money you want to spend and or you feel maybe you're targeted, you may want to look at what they call a next generation firewall. Now, the next generation firewalls. These obviously can be done in many different ways. Now, my first one mention I want to bring up is that, when it comes to traditional firewalls versus next generation firewalls, all of these systems now are in a almost virtualized mode. If you utilize Azure, if you utilize Amazon AWS, you can utilize, get these different types of firewalls in a application type state or in a virtual format. That will allow you to give you some of the same type of capability as you would have on a hardware type device. So, depending upon, again, the architecture, if you want a hardware device, those are available. If you want the ability where maybe all of your data is within the cloud, you can get this capability in the various cloud platforms that are out there. So I say, that is, they're not ubiquitous of similar where, hey, I've got a regular firewall and I've got a cloud firewall. They're exactly the same. In many cases they are, but depending upon the functions and what you need from a hardware type platform, you may not get all of that with a virtual type platform. But know that many of these firewalls can be it's a hardware version can be virtualized as well. I kind of beat that horse to death, sorry, okay. So next generation can be. It's a hardware version, can be virtualized as well. I kind of beat that horse to death, sorry, okay.

Speaker 2:  

So Next Generation Firewall these offer you advanced features such as application awareness, integration with your intrusion detection and prevention systems, threat intelligence. They have robust protections against other modern threats that are out there and all of this stuff can be fed into this brain, this big old throbbing brain that will be able to look at the traffic that's coming and going from your company. Now, traditional firewalls they will operate up to layer four, which is the transport layer. Like we talk about the OSI seven layer burrito. These will operate from your physical layer all the way up to your transport layer, which is your layer four. The next generation firewalls will extend that protection up to layer seven, which is your application layer, which allows them to understand the traffic better that's coming and going from your organization.

Speaker 2:  

So, as an example, let's say you have a firewall that is looking at basic data. Well, if you have applications that are communicating through that firewall, it's only going to be part of the data stream that's going in and out. It's not going to actually understand what that application is doing. If you have an application that maybe has to communicate over port 80 to a web server, it's not going to know that. On a traditional firewall it's just going to see the communication stream between one and the other and it's going to leave it at that, whereas a next generation firewall will know that you have it, that it's specifically communicating over port 80, this application is, and it can get much more granular with the protections and the visibility into that specific communication path.

Speaker 2:  

The downside is is that okay? So now you go from having I've got this single port that's got lots of little noise going through it to go, okay, well, I'd really like more visibility. So now you open up the aperture and you're seeing all kinds of stuff that's very detailed, well, okay. So now, how do you deal with that? So then it becomes overwhelming. So then you got to hire somebody to help you deal with that, or you got to hire software to help you deal with that. As you can see, there's that sweet spot where, okay, I'd like to have more information, but I can't have all this information because I just can't do much with it. So you have to keep that in mind as you are putting these types of devices within your environment, your network. Again, that's a little bit beyond what the CISSP is currently saying.

Speaker 2:  

However, you may get asked a question that is similar to that. So that's why it's important to understand that I had a friend or an individual a why it's important to understand that I had a friend or an individual, that a friend, that is, took my courses and you know what? He didn't pass. I'm not going to say out there, everybody who takes my courses passes? They don't. And it can be done through a lot of different reasons. One could be you know the products are there, it's available for you, but you have to do the extra studying. Okay so, and I know that he did, but maybe some areas he was weaker on and he could have been a little bit more studied in a few more of those areas. Well, what ends up happening is, let's say, for example, he struggled within the software development space and he didn't understand the questions that they were asking him. Well, he understood this piece of it, but he didn't understand how this question that they're asking him, one in software development. And then two, he understood a little bit of software development, but not enough to really feel confident in it.

Speaker 2:  

And in the CISSP they ask you questions from a manager or a CISO type level or a leader type level about these various questions that you're dealing with. They want to see how you're going to react. So I kind of went down this little bit of a rabbit hole, to kind of say. The ultimate goal is that I'm trying to pass this information on to you from a higher level expectation. Here's the data. Yes, it will go. Next generation firewall will go from zero to layer seven. Okay, from one to layer seven, it'll go from one to layer seven. But when you're dealing with how does that all interact from a management standpoint? This is the part where many people fail within the CISSP because they want to just think it's binary, it's on or off. Right, I understand this data, I take this test. The CISSP doesn't act that way. You have to think through what are the challenges that I'm running into and how do I address those challenges? Okay, sorry for the diatribe, it's just an important factor that you need to be aware of when you're studying and taking the CISSP exam Application awareness.

Speaker 2:  

Unlike traditional firewalls, next generation firewalls will have the application level awareness Again, which allows them to identify applications running over your network, doesn't matter which port and protocol they're used. Again, though, you have to have somebody that comes in that has to be able to understand what you're actually looking at. They have integrated security functions, which means they can have deep packet inspections, dpi. You can have intrusion prevention systems. They have antivirus, anti-spam, all of those things that are built in and baked into these various firewalls. Now it's like everything else.

Speaker 2:  

You can go and say I have a Swiss Army knife that covers all the different things. I've got scissors, I've got a knife, I've got a corkscrew and those are great and that helps you. The problem is I had it as a kid. It's like five inches thick and you're trying to carry it in your pocket. But you've got every tool under the sun that you can use, but you're not gonna use most of those. So the question you just have to ask is what are you trying to accomplish? What are you trying to solve?

Speaker 2:  

Deep packet inspection is an important factor, especially if you have a security operations center and you have ways to look at that data. But if you don't have that capability, well, that doesn't really help you any. I mean, it just adds on. So maybe you don't need to spend all the money on the big bells and whistles. You can actually do something a little bit less SSL inspection, obviously.

Speaker 2:  

Next generation firewalls decrypt and inspect SSL traffic, depending upon what kind of traffic it is. I'm doing a decryption project right now and I'm learning a lot about SSL and TLS encryption and, yeah, they're not all the same. It's very, very interesting. But traditional firewalls cannot do SSL decryption, whereas these firewalls can. I know Palo Alto's got some really good firewalls that can do that. A lot of other companies do as well. So if that's something you need, maybe that's something you want to have incorporated within your firewalls. Identity services many of these will go into a single sign-on type capability and they'll have that ability for you to integrate them within your organization. And then next generation firewalls typically are much beefier, they have a lot more horsepower behind them and they work very, very well.

Speaker 2:  

It's just a couple of examples. There's a perimeter 81 firewall as a service. You've got Fortinet, fortigate systems You've worked on those. Palo Altos those are very good systems as well. Juniper I have not dealt much with the Juniper series as well, but I know that obviously Cisco has been around for quite some time. I've got a friend that's a CCIE. He obviously swears by Cisco because he's a CCIE, but he also knows his firewalls very well. He wouldn't lie to me about these. He's been very happy with the Cisco systems. So Palo, fortinet they're all really I mean bottom line. There aren't many out there that are bad. What you do want to keep in mind is the fact that when you are looking at a firewall, you want to ensure that there are there any alerts out there for that from the government? Are there any updates that are needed as well? Because, again, all of that, if they're constantly being attacked and they're not updating their systems, it may not be a firewall that you want to incorporate within your company.

Speaker 2:  

So you'll hear the term static packet filtering. Okay, what is a static pad packet filtering? So when a packet comes in, when you have it set up a connection, there's a packet that is actually created and this packet is then going through the wire and then in that that data packet, it has various pieces that are built into it. You have your data itself and then you have your headers of your packet and these headers are what will tell you a little bit about the overall data itself talks about the protocol. It talks about what is the application. It kind of talks a little bit about all that information that's in there. You can set rules based on the packet that's coming in, so it'll make these decisions based on that. That's static packet filtering. That is many of the systems out there, they all come with static packet filtering. You can decide if you want some level of dynamic packet filtering to basically and we'll get into that in just a minute, but they all come that way. You just have to decide if you buy the bargain basement version versus the more expensive version, what kind of capability you get. Now I say the bargain basement.

Speaker 2:  

I put in very small firewalls that I would take when I'm on the road for my small networks. They can do a lot. They really can. They have a lot of capability built into them, just in a small little network environment. One piece is that I know TP-Link's got some very good ones. There's a couple other ones out there that I've just drawn a blank on but bottom line is there's a lot more flexibility you can do with these firewalls than just go ahead and set them in and not do anything with them. But again, static packet filtering they examine the header of the packets and then you can make decisions based on the rules without having to track your overall network connections. Application firewalls these again scrutinize the application layer, offering tailored protections, and these are crucial, as the notes say, to e-commerce platforms. They also are important as you get into systems that are highly regulated. You will have application level inspection and it's an important part of your overall plan going forward. So application layer is something I would recommend if you're going to be putting in some level of firewall within your company.

Speaker 2:  

Now, circuit level firewalls these will establish secure connections and then validate the overall session without inspecting the contents of the data. So they're just basically setting the connection up and they don't inspect what's going on inside the data. In many cases it's actually encrypted, but they're not inspecting that data. All they're doing is they're setting up from point a to point b. A good example of that would be vpn connections. These often use a circuit level type connection, specifically at the sessions layer, where they will then set the secure remote access up between these two companies or two individuals. And so that's typically what you'll see within the circuit level firewall. Again, they're a firewall that establishes secure communications and they validate the various sessions without inspecting the contents of the packets. Now, again, it depends. You can have that set up if you wanted that too, but that's typically the the bar or the the book answer to something along those lines.

Speaker 2:  

Next thing is proxy servers. Now, this isn't really a firewall, but it can act as a firewall in some. In some cases they will act as the intermediary between two points, right? So if I have to get into, let's say, company X, and they have a way to get in there through your VPN and you connect your VPN, it will typically go through what they call a proxy, and that proxy is acting as someone in between and it allows you to go and get direct access into a company, as an example, but it dumps you in there instead of going directly in through the front door. It basically is like saying you have a side door or a back door that allows you in and it's the only way you can get in, as many companies is through this proxy. They don't allow anything coming in or out through the normal channels. You have to go through this proxy to get into their environment, and there's a lot of reasons behind that, but the ultimate goal is that one, you ensure the security by having credentials that go into it. Two, it gives you a choke point to monitor traffic that's going into your company. In many cases it's a remote connection of some kind. So if I know there's bad guys and girls that are coming after our networks, what I will do is then you put them through a proxy, so now you can inspect who's coming and going from that one location, versus a bazillion locations if you just allow everything open. So they work as a key thing to remember is is they work as an intermediary between for your company, they use in different ways that can be used for anonymous browsing, geo-restricted content, balancing network traffic, as well as a lot of a remote access.

Speaker 2:  

We'll use a proxy, coming in, url filtering. Url filtering allows organizations to block access to certain websites. One of these that you say is so, within your organization, like we mentioned before, you have a file sharing website and this file sharing website is your typical. What I can't think of I brought a blank in your OneDrive, or I'm losing Google Drive. I'm losing the idea of what it is. Five again. It's five o'clock. No, it's only six right now. So what it basically does is it allows you to go. I do not want the Google Drive to be allowed within my company, so you can click a switch and it'll not allow Google Drive.

Speaker 2:  

Now, depending upon the capability of your URL filtering, it may be smart enough to know. Hey, because how this works is they categorize a website. So Google filtering or Google filtering, google Drive would be considered a file sharing or file upload site. Well, then you have the OneDrive and that's considered a file upload file sharing site. Well, if you sit with your organization block that, it will block access to that. Now, if you utilize Microsoft, you may all of a sudden just block all of your OneDrive access because you now can't get access to it because it's a file sharing site. It's categorized as that. You may all of a sudden just block all of your OneDrive access because you now can't get access to it because it's a file sharing site. It's categorized as that. You may have to go in and whitelist the OneDrive and allow OneDrive. Any communication to OneDrive is going to be allowed because it is necessary for business operations. You can do it vice versa for Google Drive. If you use Google, the ultimate goal is that it categorizes what these different content places are Porn, gambling. All of those get rated as certain criteria.

Speaker 2:  

Now, is it foolproof? No, it's not foolproof, and it will. There'll be times. So I'll give you an example where it's not foolproof. Say, you do not allow file uploads to a certain location, but you do allow web content because you're a web developer and you need to allow people to develop webs on WordPress, for example. Well, if you upload, you need to be able to have the ability to upload content to WordPress to be able to use it.

Speaker 2:  

Well, the challenge is, wordpress isn't labeled as a file sharing website. So if I've got a bad person within my company, so this is kind of sharing website. So if I've got a bad person within my company, so this is kind of the insider threat issue. I've got a bad person within my company and they're uploading data to WordPress. Well then they go home and they go into their WordPress environment, they download it. I wouldn't know it, I would not have any idea, unless you put other side of technologies in of going. Well, typical WordPress uploads is, let's say, five meg. Okay, just as an example, it's probably more than that, but let's just say five typical upload is five meg. All of a sudden, I see an upload of a hundred meg. Okay, that is something that I would go and check on because that should not occur, but that it requires someone to have very good, detailed knowledge of what is actually occurring within their environment and what should they implement to make their insider risk program more effective or at least limiting access to the outside. So again, that's url filtering, it's tool to enforce corporate internet usage policies, and then, obviously, non-compliance and harmful websites. And it depends on your company, depends if you're in europe. Some places in europe actually allow porn, just depends where you're at Firewall technologies.

Speaker 2:  

One thing you want to understand is that you use careful planning, regular updates and you integrate all of these firewalls and you keep them updated on a routine basis. As you can see, in today's world there's constant attacks against firewalls, all kinds of internal systems systems, and it's imperative that you update these systems. Also, you update the hardware as time goes on. If you're dealing with a virtual environment, okay, that's not as big of a deal, but you still need to update the virtual, yeah, platform. But when it comes to hardware, you need to keep a sense of how long is that hardware kept, how long is it updated and should it be replaced at some point in time. Again, that defense of what you have from these cyber threats is really important and by updating systems and keeping them patched and firmware updated is going to go a long way in protecting your overall company.

Speaker 2:  

Again, configuration and maintenance you need to be be it's an important part of your overall firework firewall schema. One thing that happens, I see typically is they will buy the product. They'll buy maintenance for a period of time. Maintenance is that ongoing subscription. It gets to a point where you know what it's just expensive to maintain this, the subscription, let's turn off the maintenance. We got the firewall, it's in good shape, it's bulletproof, we're awesome. And then they turn off the subscription for maintenance and one year goes by, they're okay. Two years go by not so good. Three years and they get popped. And it could be shorter than the three years, but let's say the three-year point. They get popped and the reason is is they didn't do continue updates to these systems because they didn't have an ongoing maintenance program set up for these firewalls.

Speaker 2:  

So it's important that you keep these things updated because they are, in some cases, these firewalls specifically, they're the front end of your environment of people coming in. So if you're going to say you know what, I don't want to patch stuff and I don't want to update stuff because it's expensive, then which probably isn't a good idea. But you take a risk-based approach and go, the risk is really low on this system that's sitting in the bowels of my company, but and you decide you don't want to update it. Okay, that may be okay, depending upon the age, what it does, the data it has, maybe you make that decision. Do not make that decision with firewalls or anything that's front facing, do not Pay the money. It will pay itself off in spades over time by doing the right thing and updating those systems. If you decide not to, you're just setting yourself up to get hit at some point in time and it will hit you and it will crush you and it will set you down. So just again, just throwing out what I know and what I've dealt with. It's an important factor. So when you're looking at I kind of want to bring up some, just some as we close here some real world examples of how you're going to deal with firewalls and what you should consider when you're putting them in.

Speaker 2:  

We talked about as far as maintaining and then updating these systems. You want to ensure that, as you're putting a firewall in place that, let's say, for instance, you haven't put one in, you have to figure then in your change process of which you're going to put in this firewall. So what I mean by that is that okay for you to put a firewall in place. We call it a bump on the wire. So you have your wire that goes into your environment. You're going to put a firewall as a bump on the wire. So you have your wire that goes into your environment. You're going to put a firewall on the bump. As a bump on the wire within your network, you're going to have to do what they call an outage. You're going to have to shut down your environment to put this thing in place. So that's something you want to keep in mind is that, if you're going to do this, that you have a planned outage in time, that you will allow this to occur. Many times this will happen over the weekends or it'll happen late at night, depending upon when your people, your customers, need your website. So that's something to keep in mind.

Speaker 2:  

The other part that you need to also keep in mind as you're putting in firewalls is you have you want to look at one from a difference of do you have one firewall or do you have two, and what I mean by two is they would be sitting side by side. You'd have two firewalls and they do what they call load balancing. So so, basically, if you have a lot of data coming in, one will take the load, but if it gets to a certain threshold, it'll pitch it over to the second one. So they'll load balance the data that's coming in, so they don't get overwhelmed, and it's. It's a best. It's really it's kind of a best practice. The downside is is you got to pay for two pieces of equipment, you got to maintain two pieces of equipment. So that's something you need to consider when you are let's just say, for instance, you are putting in just one firewall and that one firewall is a bump on the wire.

Speaker 2:  

Again, like we talked about, you have to evaluate if that firewall goes down Say it's a power outage, for whatever reason. Do you want it to fail open or do you want it to fail closed? Now, as you talk about the CISP, they're going to ask you questions around this of if I have a firewall go down, if it fails open, what does that mean? If it fails closed, what does that mean If they fail open? You want data to be allowed in and out of your organization without being molested, without being stopped. That is failed open. If you want to have the data shut off, that if it goes down, I don't want any traffic coming in or leaving my organization because I'm afraid that someone could take advantage of it. You'd want it to be failed closed. So you have to determine what is your organization is best. If you are a customer service organization, then you just don't. You, you want the protections there. You feel confident that we have good protections. But if something were to happen it doesn't happen very often, but if it did, I want to not impede any sort of traffic you would fail it open. So keep that in mind as you're going into reading the test. You're reading the CISSP questions as well as you're doing an architecture for your company. You want to decide which is best for your organization as it relates to firewalls Fail open or fail closed. There is no right answer other than what your company needs and then you giving them the best choice on how to do that, because it just depends on the needs of the organization whether they want it to close or to be open.

Speaker 2:  

Okay, that is all I have for you today. I'm excited for you, folks that are taking the CISSP. You know it's a great opportunity. You need to do it. The world needs you guys out there. No question about it. It's a bugger. Like my buddy said, it was one of the hardest tests he ever took. It is. It's not easy by any stretch of the imagination, and you have to be solid on everything you're going in and taking this test.

Speaker 2:  

I highly recommend you get lots of CISSP questions. Do not just you sign up for my questions Awesome. You sign up for my program Awesome. But do not just rely on my questions for the test. I recommend Boson. I recommend others out there as well.

Speaker 2:  

Go and get. Go through probably about four to 5,000 questions that you need to understand and as my questions are being built up, I'm going to have more and more questions. But they're not the single source of truth to pass the CISSP. Nobody has the single source of truth around passing the CISSP, so don't believe them if they say it. You have to understand the concepts of being a manager type person who is going to be able to study and pass the CISSP, because you have to think like a manager for that.

Speaker 2:  

Go on out to CISSPcybertrainingcom. Check it out. Go, look at what I've got available. A lot of free content is on the site itself. If you want more, I've got my blueprint. My blueprint will walk you through step by step by step on what you need to pass the test. You will pass the test if you take my courseware. I say this because if you do what it says and you study to the level that you need to study, you'll pass it. The problem is is that if you decide that one area that you're weak on and you don't want to focus on it, you will not pass it. It it may fo it'll find that one weakness and it will drill down on that. So, again, it's important for you to really to get through this. You can do it, I know you can do it. You can pass this darn test and get on with your cyber security career. All right, have a wonderful day and we will definitely catch you on the flip side, see ya.

CISSP Cyber Training Academy Program!

Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification? 

Let CISSP Cyber Training help you pass the CISSP Test the first time!

LEARN MORE | START TODAY!