Contact us

Sign up | United States |

Login

remember me

Go to my home page

Stay on current page

Forgot password?

Security and TCP/IP / Firewalls




Visitors to VTC.com will be able to view all introductory videos for each training course.
Free Trial Members will gain access to first three chapters for each training course.
Full Access Members have full access to VTC.com�s entire library of video tutorials.


Learn More

Subtitles of the Movie (CompTIA Network+ (2009 Objectives) / Security and TCP/IP / Firewalls)

In this video I want to talk to you about Firewalls and just a couple of concepts that you may see on the exam. And I'm going to start off with a ridiculously simple animation, but just hang on with me here. Firewalls sound very simple, but there's a lot more going on under the hood than what you may have realized if you haven't worked with them very much and the concept of a Firewall is we have a server, or any kind of machine that we need to contact by a remote client, and this remote client's out on a public network, or an unsecured network. And the server, or the resource, is in our private network and we have protected or walled off our private network behind a Firewall. Now the first thing we want to do is, any unsolicited traffic or traffic types that we don't trust, we want to simply bounce off the Firewall and not come into our network. Ports that we have open, say Port 80 for Internet traffic, for Web traffic, any other ports, mail ports, any kind of information that we're looking for or listening for, we want to just pass through the Firewall and come in. Now there's a lot of things that can happen with this process here. The main purpose of the Firewall is to protect the network from outside traffic. Now this can be a hardware, Firewall, Black box, device. It can be a router, it can be software running on a server. There's a lot of different forms of Firewalls but they're all going to do basically the same type thing, and then the more you spend, obviously, you can get some more features. So let's talk about those. First thing it does, is it just looks at the packets that are hitting it, that are trying to come into your network, and it's applying some sort of rules to those packets to determine whether it should let that packet or that traffic come through and get into the private network. Now you're the one, or the administrator, builds the rules that lays out the plan for which particular packets are allowed to come in, are blocked at the Firewall. Now there are three types of Firewalls that you need to be familiar with on this exam. Packet Level, Application Level, and Circuit Level, and I'm going to give you the basics on each one of those. So Packet Level Firewall blocks incoming or outgoing traffic. We can block it either way based on the source address, the destination address, and of course, we're talking about IP addresses here, the Protocol type that's in the frame, or the datagram, or the packet, if you will, the source port number, or the destination port number. So we can block by any of those things, and of course, rules are created to perform that filtering. Now, you've got to be careful here because in most Firewall situations, and if you think about this, the first rule that applies to the packet is the one that happens, and so if you have multiple rules you have to make sure that you get them in the right order so that you cover all the various scenarios that you're concerned about. Now an Application Level Firewall operates at the Application, Presentation, and Session layers of the OSI Model. And really what that means in English is that it's looking at the actual application. What is the packet trying to do? And based on what it's trying to do, we'll block it or allow it in. Now an Application level type Firewall can act as a proxy for the applications that are requesting some sort of service, or the applications that live on the server behind the Firewall. So when someone hits the Firewall asking for a server to do something, this basically captures that request, forwards it to the machine, handles the request, brings the result back, and passes it back. So it performs all the interactions for the outside requester, and it keeps your private sources back behind the Firewall totally private and this is really cool. Now, Application Level Firewalls block system calls, and this is neat because when an application from the outside makes a request that normally goes to the OS kernel such as Open, Read, Write something, Close something, Wait, Execute, Kill something - it can determine whether I'm going to let that happen or not. Now the Application Level Firewall is generally regarded as the most secure type of Firewall that you can use. Now the last type that you need to be aware of is a Circuit Level Firewall. Now this one operates a lot differently from the Packet Level-based, or the Application, in that it's going to validate the sessions that are created between TCP Host or UDP Host, depending on whether you're using which of those Protocols, TCP or UDP. And if you remember from previous videos, TCP is reliable connection, UDP is unreliable, but it's going to make sure before we ever open a connection that it's going to make sure everybody's cool on both ends. We won't go into exactly how it's doing that, but that's what you need to know for now. So connections on both ends have to meet rules that we've set up and this can to be based on the IP address, source and destination, the time of day, the Protocol that's being used for the connection and for the data that's going to flow. And then you can take a look at the user and-or the user's password, and then once all this has happened and the rule says OK, you can come through, it's going to recheck this, or validate this data with every session of data exchange, OK? So, Circuit Level Firewalls operate just at a little higher level. In other words it says, wait a minute. You can't even connect up here, Dude, until I know who you are and what's going on. So anyway, that's the information you need on Firewalls. These are fascinating devices, and again, if you really want to nerd out, go out there and do some reading on Firewalls, some really cool stuff.

Tutorial Information

Course: CompTIA Network+ (2009 Objectives)
Author: Mark Long
SKU: 34216
ISBN: 1-936334-90-9
Release Date: 2011-04-29
Duration: 6 hrs / 91 lessons
Work Files: Yes
Captions: No
Compatibility: Vista/XP/2000, OS X, Linux
QuickTime 7, Flash 8

VTC Sign up & Benefits

  • Unlimited Access
  • 81,350 Video Tutorials (14,200 free)
  • Video Available as Flash or QuickTime
  • Over 715 Courses
  • $30 for One Month Access
  • Multi-User Discounts Available

VTC Terms and Conditions

TERMS & CONDITIONS OF USE

BY SUBSCRIBING TO THIS SERVICE, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT, THE TERMS AND CONDITIONS OF WHICH SHALL PREVAIL IN GOVERNING YOUR RIGHTS OF USE. BY CLICKING THE "BECOME A MEMBER" BUTTON, THE INDIVIDUAL OR ENTITY LICENSING THE PRODUCT ("YOU") IS CONSENTING TO BE BOUND BY AND IS BECOMING A PARTY TO THIS AGREEMENT. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THE BUTTON INDICATING "BECOME A MEMBER" MUST NOT BE SELECTED, AND LICENSEE MUST NOT INSTALL OR USE THE SOFTWARE.

1. DEFINITIONS

"VTC" refers to Virtual Training Company, Inc.
"You" refers to the user or subscriber.
"Software" refers to the VTC training content and software.

2. LICENSE: VTC hereby grants to You a worldwide, non-royalty bearing, non-exclusive license to use the Software according to the provisions contained herein and subject to payment of the applicable subscription fees.

3. RESTRICTIONS: You may not do any of the following:

Save the Software to Your hard disk or other storage medium; permit others to use the Software except as specified by addendum; modify, reverse engineer, decompile, or disassemble the Software; make derivative works based on the Software; publish or otherwise disseminate the Software. VTC, Inc., VTC Online University, and the Virtual Training Company site is owned and operated by VTC, Inc. as a corporation of record.
All materials on this site are the property of VTC unless otherwise specified. No material from these pages may be copied, reproduced, republished, downloaded, uploaded, posted, transmitted, or distributed in any way. Modification of the materials or use of the materials for any other purpose is a violation of U.S. copyright law and other proprietary rights. For purposes of this Agreement, the use of any such material on any other web site or networked computer environment is prohibited.

4. FEES: The rights granted under this Agreement are effective only upon payment of the subscription fees, which are strictly non-refundable other than as expressly provided herein. The term "monthly subscription" is defined as any 30 day period. The term "yearly subscription" is defined as one 365 day period. A yearly subscription ends on the same numerical date as it began (example July 28, 2004 to July 28, 2005).

The VTC Online University is access to every VTC training tutorial in our library. You pay a flat fee for access to these titles. You are billed according to your renewal selection below, and can renew monthly, yearly, or in any other increment offered. If you choose to be billed monthly, you will be billed every 30 days for the subscription until you request the subscription be cancelled. Our terms of service state that you must cancel a monthly subscription at least two business days before your renewal date. These two days give us enough time to ensure that you will not be charged again.

5. LIMITED WARRANTY: VTC warrants that the Software, if operated as directed, will substantially achieve the functionality described. VTC does not warrant, however, that Your use of the Software will be uninterrupted or that the operation of the Software will be error-free or secure. In addition, the security mechanisms implemented by the Software have inherent limitations, and You must determine that the Software sufficiently meets Your requirements. VTC also warrants that the media containing the Software, if provided by VTC, is free from defects in material from the date You acquired the Software. VTC's sole liability for any breach of this warranty shall be, in VTC's sole discretion: (i) to replace Your defective media or Software; or (ii) to advise You how to achieve substantially the same functionality with the Software as described; or (iii) if the above remedies are impracticable, to refund the subscription fee You paid for the Software. Only if You inform VTC of Your problem with the Software during the applicable subscription period will VTC be obligated to honor this warranty. VTC will use reasonable commercial efforts to repair, replace, advise, or refund pursuant to the foregoing warranty within thirty (30) days of being so notified. If any modifications are made to the Software by You during the warranty period; if the medium is subjected to accident, abuse, or improper use; or if You violate the terms of this Agreement, then this warranty shall immediately terminate. This warranty shall not apply if the Software is used on or in conjunction with hardware or software other than the unmodified version of hardware and software with which the Software was designed to be used as described.

THIS IS A LIMITED WARRANTY, AND IT IS THE ONLY WARRANTY MADE BY VTC OR ITS SUPPLIERS. VTC MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OF THIRD PARTIES' RIGHTS. YOU MAY HAVE OTHER STATUTORY RIGHTS. HOWEVER, TO THE FULL EXTENT PERMITTED BY LAW, THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, SHALL BE LIMITED TO THE ABOVE LIMITED WARRANTY PERIOD. MOREOVER, IN NO EVENT WILL WARRANTIES PROVIDED BY LAW, IF ANY, APPLY UNLESS THEY ARE REQUIRED TO APPLY BY STATUTE NOTWITHSTANDING THEIR EXCLUSION BY CONTRACT. NO DEALER, AGENT, OR EMPLOYEE OF VTC IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS LIMITED WARRANTY.

6. PROPRIETARY RIGHTS: VTC reserves all proprietary rights in and to the Software, is protected by copyright and other intellectual property laws and by international treaties. VTC, Inc.

Trademark Notice: VTC, Virtual Training Company, Inc., The VTC Logo, and VTC Online University, are trademarks of VTC, Inc. All other company and product names may be trademarks of their respective owners.
The information contained herein is subject to change without notice. Copyright © 1995 - 2005 VTC, Inc. All rights reserved.

7. TERMINATION: This Agreement shall automatically terminate if You fail to comply with the restrictions described herein. Your obligations to pay outstanding subscription fees shall survive any termination of this Agreement.

8. LIMITATION OF LIABILITY: UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL VTC OR ITS SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER, INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL VTC BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT VTC RECEIVED FROM YOU FOR A LICENSE TO THE SOFTWARE, EVEN IF VTC SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH
DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM VTC'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.

9. Links To Other Materials: Linked sites found at the VTC site are not under the control of VTC, and we are not responsible for the content of any linked site or any link contained in a linked site. VTC may change links based solely on our discretion, and we reserve the right to terminate any link or linking program at any time. VTC does not, by linking to sites, endorse companies or products to which it links and reserves the right to note as such on its web pages. If you decide to access any of the third party sites linked to this site, you do this entirely at your own risk.

Forums, and Chat are not always screened by VTC, and we are not responsible for the content of any public or open forum content at the site. VTC may change these public forums based solely on our discretion, and we reserve the right to terminate any forum at any time. VTC does not, by allowing these forums, endorse companies or products which may be mentioned in these forums, and reserves the right to note as such on its web pages. If you decide to access any of the public forums in this site, or linked to this site, you do this entirely at your own risk.

9. GOVERNING LAW & DISPUTE RESOLUTION: This Agreement is governed by Virginia law. All disputes between You and VTC shall be finally resolved through arbitration in Winchester, Virginia. This site is controlled by VTC from its offices within the United States of America. VTC makes no representation that materials in the site are appropriate or available for use in other locations, and access to them from territories where their content is illegal is prohibited. Those who choose to access this site from other locations do so on their own initiative and are responsible for compliance with applicable local laws. You may not use or export the Materials in violation of U.S. export laws and regulations. Any claim relating to the Materials shall be governed by the internal substantive laws of the Commonwealth of Virginia, USA.

VTC may revise these Terms at any time by updating this posting. You should visit this page from time to time to review the then-current Terms because they are binding on you. Certain provisions of these Terms may be superseded by expressly designated legal notices or terms located on particular pages at this Site.

If you have any questions regarding this policy, or your information specifically,
you may email us at:admin@vtc.com.