Transcript from the "Firewalls" Lesson
>> Jem Young: What is a firewall? Don't look at the definition yet. What is a firewall? You've probably heard the term before. Yeah.
>> Speaker 2: It's network security infrastructure that either allows or blocks requests.
>> Jem Young: Yeah. Sam that you say?
>> Sam: No, it's a perimeter security technique, so you either allow requests in or out depending on how they're originating and what port they're on and what the protocol is.
>> Jem Young: Yeah, what she said, more verbose. I like it, you can never be too verbose when you're defining things. A firewall, the phrase comes from the actual physical device called a firewall, your car has a firewall. So between the engine and where you sit in your car, that's what's known as a firewall.
[00:00:45] So if the engine gets on fire, the fire won't spread into the engine. Or it will slow down enough building have firewalls so that if there is a fire it doesn't prevent things completely, it just slows it down enough so you can fix it. And that's what a firewall does.
[00:00:59] They are not invulnerable, there's always ways around them cuz everybody's running a firewall now. But people still get hacked. But it's enough to slow people down and deter people. I'll use the Cisco definition, and it's pretty much what everybody said. It's a network secure device that monitors incoming and outgoing network traffic and it decides whether or not to block that traffic based on certain frequencies, there's a certain set of standards.
[00:01:24] There is software firewalls and there's hardware firewalls. Generally most people are running our consumer grade. We're all running software firewalls. Our Mac OS X has a firewall built in Windows has firewall built in. It's because we don't wanna open all of our ports to everybody. Because if you do that, it doesn't matter if your like, I'm using SSH and there's nothing else my system worth stealing.
[00:01:48] There could be a vulnerability in there and it's just narrowing that attack surface. And an image of a firewall. I like that.
>> Jem Young: So let's run nmap because I talked about ports earlier. An nmap is a port scanner and what it does is it can run over an entire range of IP addresses and it just checks for open ports.
[00:02:17] So first thing we're gonna do is we're gonna install nmap.
>> Jem Young: Sudo apt install nmap if it's not already installed.
>> Jem Young: So sudo apt install
>> Jem Young: And I'm gonna grab the IP address of my server. So, it's here. Copy that.
>> Sam: You intending that we run this locally against our server remotely or from the server.
>> Jem Young: You could run on the server, you can run it from not your server. It actually doesn't matter in this case. But running it yeah, running it locally you should know where your ports are. But it's just a good visualization.
>> Jem Young: Yes and Sam is right where we're on our server running against our own server.
[00:03:22] You can log out of your server and run against your server and the results will be the same.
>> Jem Young: And right now you're probably seeing something along that you should see actually exactly this. You have port 22 open, that's SSH. So, that's allows us to log in and out our server.
[00:03:46] We port 80 which is our http server. And then we have port 3000 because it's open by default when we started our express server. Now let's run nmap with sV to get a little bit more detail. So nmap
>> Jem Young: And this is gonna take a little bit more time.
[00:04:10] The sV command is gonna give us more detail about what exact processes are running on those and services are running on those ports. And it might take a second ago. So, port 22 is pretty pretty much always SSH. It's the default 48 windows HTTP. For 3000 was a random port we chose just for our express middle ware.
[00:04:38] But running this open source command allows me to port scan an IP address. But not only that, it tells me the exact software and version that they're running. So why is that useful? Or why that dangerous? Yes.
>> Speaker 2: it's very easy to look up known vulnerabilities and start trying to get through.
>> Jem Young: Precisely, if there was a known exploit for NGINX 1.14. I can find that out really, really easily. And then you say like, no one will know if I haven't patched my NGINX version. They do, people are running at port all the time. It takes very little CPU resources now to run a port scan over the entire Internet, and people are doing this constantly.
[00:05:25] So if you have a vulnerability, eventually, people will find it and they will exploit it.
>> Jem Young: And what nmap won't show is they won't show all the close ports. They only gonna show the open ports but you can scan for closed ports. It's not really much of a point for that as well.