WEBVTT 00:00:12.080 --> 00:00:17.600 hello and welcome back to this cyber security awareness course in this video we're going to 00:00:17.600 --> 00:00:23.120 talk about setting up your firewall now before we actually go ahead and start talking about setting 00:00:23.120 --> 00:00:29.040 up firewalls all the configurations that we need and the definition of firewall we need to learn a 00:00:29.040 --> 00:00:36.320 few things the first one is a network so what is a network a network is defined as a bunch 00:00:36.320 --> 00:00:42.320 of computers that are able to share data with each other so say for example that i've got this 00:00:42.320 --> 00:00:48.000 computer that i'm working on right now and i've got another computer and they are connected with 00:00:48.000 --> 00:00:55.360 each other that means that i'm going to be able to send pictures send text files send anything that i 00:00:55.360 --> 00:01:01.840 want with this computer because they're connected through the network so this is the definition of a 00:01:01.840 --> 00:01:08.880 network now we all have routers in our homes that we use to access the internet so we need to learn 00:01:08.880 --> 00:01:15.280 a few things about routers say for example that we've got this router now something about routers 00:01:15.280 --> 00:01:22.320 is that they've got something called a gateway and this gateway is where you actually access 00:01:22.320 --> 00:01:31.120 the internet now the gateway of a default router would look like this says over here 192.168.1.1 00:01:31.120 --> 00:01:40.240 now this is called the ipv4 or the ipv4 so for now let's go ahead and agree that a router has 00:01:40.240 --> 00:01:46.720 a particular ip that looks something like this now say for example that we've got a computer device 00:01:46.720 --> 00:01:52.400 and this computer device is trying to connect to a router now if you want to connect to any router 00:01:52.400 --> 00:01:58.960 you have to provide something you have to provide a password in order for you to access the router 00:01:58.960 --> 00:02:06.080 so if i go ahead and say to the router that oh this is the password now let me connect the router 00:02:06.080 --> 00:02:14.240 would say oh there is your ip and it would give this computer a certain ip now i want 00:02:14.240 --> 00:02:21.840 you to notice something take a look at this ip and how it looks like it says over here 192.168.1.2 00:02:22.400 --> 00:02:30.800 and the router is 192.168.1.1 the idea over here is that the last digit keeps increasing 00:02:30.800 --> 00:02:36.000 every time a device connects so say for example that this is the first computer to connect to 00:02:36.000 --> 00:02:44.640 this router the router would give this computer an ip of 192.168.1.2 now say for example that another 00:02:44.640 --> 00:02:50.880 computer is trying to connect to this router the router would give this computer another ip it 00:02:50.880 --> 00:02:58.640 would say over here 192 168.1.3 now remember that these two computers are actually connected with 00:02:58.640 --> 00:03:03.840 each other because they're on the same network it means that they can share data with each other 00:03:04.400 --> 00:03:08.960 in order to make this perfectly clear take a look at these two machines over here i've got this 00:03:08.960 --> 00:03:14.480 machine and i've got this one that i'm working on now if i go ahead to command prompt and if i type 00:03:14.480 --> 00:03:21.920 in this following command ipconfig it says over here that the ipv4 of this particular computer is 00:03:21.920 --> 00:03:31.840 192.168.44.21 and over here it says that the default gateway is 192.168.44.1 00:03:32.400 --> 00:03:37.440 and this is really the ip of the router that we've talked about so if i go ahead to the 00:03:37.440 --> 00:03:45.840 other computer and if i type ipconfig i can see over here that the ipv4 is 192.168.44 00:03:47.360 --> 00:03:53.040 now we can notice that they're actually different from each other but they are still able to see 00:03:53.040 --> 00:03:59.840 each other so for example over here if i type this following command i say ping 192 00:04:04.000 --> 00:04:12.640 and if i type enter over here you can just notice that it says reply from 192.168.44.21 00:04:12.640 --> 00:04:19.200 which is this machine over here so what i did was i told this machine that oh i'm trying to 00:04:19.200 --> 00:04:24.240 communicate with you and this machine just replied back saying that oh we're on the same 00:04:24.240 --> 00:04:32.000 network and you can communicate with me so it says over here that a reply from 192 168.44.1 00:04:32.560 --> 00:04:39.440 with 32 bytes over here now we can imagine a firewall as a barrier between your device and 00:04:39.440 --> 00:04:44.640 the rest of the network so as you can see over here in this shape say that this is your device 00:04:44.640 --> 00:04:49.440 and over here we've got the firewall we can just imagine it as a big barrier 00:04:49.440 --> 00:04:56.080 that separates your computer from the network but the thing is this barrier this this huge 00:04:56.080 --> 00:05:03.520 wall it has some tiny little holes in which data can actually move through now let's go ahead and 00:05:03.520 --> 00:05:09.120 see how we can actually configure firewall on windows environments and on mac environments 00:05:09.680 --> 00:05:16.000 all right so on windows if we go ahead and click on this search bar and then if we type control 00:05:16.000 --> 00:05:22.240 panel it would show us this control panel over here and as you can see over here i've got windows 00:05:22.240 --> 00:05:28.800 defender firewall if you don't see all of these icons it means that you're on the category mode 00:05:28.800 --> 00:05:33.040 you just need to go ahead and click on it and then select large icons 00:05:33.040 --> 00:05:38.160 and then you'll be able to see windows defender firewall so let's go ahead and click on it 00:05:39.360 --> 00:05:45.200 and as you can see over here it says that windows defender firewall state is on and this means that 00:05:45.200 --> 00:05:51.200 my firewall on my windows environment is actually on and running and over here where it says 00:05:51.200 --> 00:05:56.800 incoming connections it says block all connections to apps they're not on the list of allowed 00:05:56.800 --> 00:06:02.880 apps so what is the list of allowed apps anyways over here you can see the option of allowing an 00:06:02.880 --> 00:06:08.880 app or future through windows defender firewall now let me just explain this if you download 00:06:08.880 --> 00:06:15.280 anything in the download process after it's done it would ask you that oh i need access through 00:06:15.280 --> 00:06:21.280 the firewall now people just tend to hit oh okay well you can have access through the firewall so 00:06:21.280 --> 00:06:26.880 over here you would have the list of all the apps that are allowed through windows defender firewall 00:06:26.880 --> 00:06:33.440 we can see over here 3d builder 3d viewer it says over here any desk a patch app installer 00:06:33.440 --> 00:06:38.240 and so many apps that are actually installed on my device now we can actually play around with 00:06:38.240 --> 00:06:43.840 these settings over here and then hit on the change settings button this would allow me to 00:06:43.840 --> 00:06:50.000 actually disallow or allow an app through the firewall so for example i don't want 3d 00:06:50.000 --> 00:06:56.640 builder to access firewall we can just hit on this checkbox over here and then this other checkbox 00:06:56.640 --> 00:07:03.840 and then we can just hit on ok and this would disallow 3d builder from accessing firewall now if 00:07:03.840 --> 00:07:10.080 we want to allow another app through firewall you just hit on this button and then click on browse 00:07:11.440 --> 00:07:16.800 and then just navigate to the directory in which you have the app that you want to allow through 00:07:16.800 --> 00:07:21.920 windows defender firewall so for example i just want to navigate to c over here and then go to 00:07:21.920 --> 00:07:28.400 program files let's go ahead and say for example i want to allow this particular app through the 00:07:28.400 --> 00:07:34.160 firewall we can just select it over here and then we can just hit on add and as you can see 00:07:34.160 --> 00:07:40.560 over here right now it is allowed through windows defender firewall now let's go ahead and click on 00:07:40.560 --> 00:07:46.400 it back over here over here you can see the option where it says turn windows defender firewall on or 00:07:46.400 --> 00:07:52.160 off and over here you can actually just turn off firewall or turn on firewall although it 00:07:52.160 --> 00:07:58.320 is recommended that you keep it on because you want all the traffic coming from the network 00:07:58.320 --> 00:08:04.640 that you're in to be filtered using this firewall now let's go ahead and click on back over here 00:08:05.440 --> 00:08:12.160 and say for example that we're actually connected to a public network and we don't want attackers 00:08:12.160 --> 00:08:18.240 to actually see your machine we want to be invisible on the network we can actually do this 00:08:18.240 --> 00:08:22.960 through windows defender firewall so if we go ahead and click on advanced settings over here 00:08:24.240 --> 00:08:30.160 it would take us to this screen we just navigate to inbound rules right click on this and then 00:08:30.160 --> 00:08:39.920 click on new rule over here we can just select custom and then hit next and then just say all 00:08:39.920 --> 00:08:47.040 programs over here hit next and then where it says the protocol type here's the thing i want 00:08:47.040 --> 00:08:55.200 to make my ipv4 all right the ipv4 the ip that the router gave me to be invisible so here's 00:08:55.200 --> 00:09:02.160 the thing we can just select icmp version 4 over here and then hit next and over here just hit next 00:09:03.040 --> 00:09:09.520 and then here's the thing we want to select block the connection so we can just hit 00:09:09.520 --> 00:09:16.880 next over here and then next and we're going to call this stealth mode and then just hit on finish 00:09:17.520 --> 00:09:23.680 so right now we've got steel mode enabled we're actually invisible on the network hackers can't 00:09:23.680 --> 00:09:29.040 actually see us so let's go ahead and try this out if we go ahead and open up the other machine 00:09:29.040 --> 00:09:38.320 that we were on and then just say oh i want to ping 192.168.44.20 because i want to see can i 00:09:38.320 --> 00:09:43.360 communicate with this particular device on the network or not so let's go ahead and just press 00:09:43.360 --> 00:09:50.000 enter and over here it's trying to ping this particular ip but as you can see over here it says 00:09:50.000 --> 00:09:57.680 request timed out so it means that for this machine the computer that has the ip of 192 168 00:09:57.680 --> 00:10:05.120 4421 is invisible meaning that it doesn't exist so over here as you can see it says 100 00:10:05.120 --> 00:10:10.720 loss meaning that oh i wasn't able to see this machine i wasn't able to communicate with this 00:10:10.720 --> 00:10:16.160 machine so this is really helpful when you're actually on public networks and you don't want 00:10:16.160 --> 00:10:22.720 to be seen by attackers because in the end of the day public networks in a cafe or in a study house 00:10:22.720 --> 00:10:29.600 they're not actually fully trusted because anybody can be on that network and you don't know what 00:10:29.600 --> 00:10:35.280 scenario you can actually end up having now after discussing all of these details let's go ahead and 00:10:35.280 --> 00:10:42.000 navigate to a mac machine so we can actually see how to configure firewall on a mac machine all 00:10:42.000 --> 00:10:47.360 right so we're on this mac environment right now and to access firewall you just need to hit on 00:10:47.360 --> 00:10:53.680 system preferences over here and then navigate to security and privacy and over here we can actually 00:10:53.680 --> 00:11:00.080 see that we have a bunch of tabs the first one over here general file vault firewall and privacy 00:11:00.080 --> 00:11:06.640 we just want to select firewall and as you can see over here it says that my firewall is set to be on 00:11:06.640 --> 00:11:12.000 now let's go ahead and play around with firewall settings let's just click on this lock icon 00:11:12.560 --> 00:11:19.280 and then provide the password in which we use to log into our mac and then just click on unlock and 00:11:19.280 --> 00:11:24.320 over here we can see that we have these options available so we have the first option where it 00:11:24.320 --> 00:11:30.320 says turn off firewall and then we've got firewall options so let's go ahead and click on that 00:11:30.320 --> 00:11:35.520 and we have these set of options over here the first one it says block all incoming connections 00:11:35.520 --> 00:11:40.880 now you don't want to check that because some apps that are installed on your mac they require 00:11:40.880 --> 00:11:45.600 access through the firewall and they will not function correctly if they don't have access 00:11:45.600 --> 00:11:51.280 through the firewall so you just don't want to check that now over here take a look at this box 00:11:51.280 --> 00:11:57.600 this is where you actually allow or disallow apps through the firewall now like we said on windows 00:11:57.600 --> 00:12:03.280 once you download an application it's going to ask for access through the firewall and if you 00:12:03.280 --> 00:12:10.560 somehow miss to actually give it access then this is how you do it or if you want to disallow an 00:12:10.560 --> 00:12:15.680 app from accessing firewall then this is how you do it as well so if we just click on the plus icon 00:12:16.320 --> 00:12:23.760 and select a an app let's just say that i want the calculator for example and there you go we have 00:12:23.760 --> 00:12:31.120 calculator enabled through the firewall now over here we can actually set uh the calculator to be 00:12:31.120 --> 00:12:38.640 allowed or blocked from accessing firewall but we want to allow it for now and we can actually just 00:12:38.640 --> 00:12:45.760 remove it now somebody might ask me well i don't see the list of applications that i have on my mac 00:12:45.760 --> 00:12:51.040 well i'll tell you something it is because mac automatically allows every application 00:12:51.040 --> 00:12:57.200 to be allowed through the firewall and over here it says automatically allow built-in softwares 00:12:57.200 --> 00:13:04.000 to receive incoming connections and built-in softwares or you can just say itunes or app store 00:13:04.000 --> 00:13:11.120 or even the facetime or pictures app any of these built-in softwares they're automatically allowed 00:13:11.120 --> 00:13:16.480 through the firewall all right so over here in the second option it says automatically allow 00:13:16.480 --> 00:13:22.720 downloaded signed software to receive incoming connections now we don't want to set that because 00:13:22.720 --> 00:13:28.000 here's the thing we said that malwares are actually computer programs they're written in 00:13:28.000 --> 00:13:34.240 some sort of a programming language now the thing is that programs they have to be signed in order 00:13:34.240 --> 00:13:40.960 for the operating system to identify them as safe programs now what hackers can do sometimes is that 00:13:40.960 --> 00:13:47.360 they sign their malwares and they would appear like any other software with a signed certificate 00:13:47.360 --> 00:13:53.840 so your operating system would say that oh okay now this is a safe program so i will just 00:13:53.840 --> 00:14:00.240 automatically allow it now the thing is we don't want to check this so we just want to uncheck this 00:14:00.240 --> 00:14:06.560 and we want to manually allow our apps through the firewall now the same thing can be done on windows 00:14:06.560 --> 00:14:12.720 once you download something be careful when you allow it through the firewall make sure that 00:14:12.720 --> 00:14:20.080 it is actually a safe program before you do any action over here we can actually see the steeled 00:14:20.080 --> 00:14:26.720 mode now here's the thing about mac enabling steel mode is much much easier than windows because on 00:14:26.720 --> 00:14:33.280 windows we had to go ahead and set a new rule but over here we just have this check box in which we 00:14:33.280 --> 00:14:39.760 can just check it and there you go you're actually invisible to hackers on the network right now all 00:14:39.760 --> 00:14:46.720 right so this is it for this video i hope that you liked it and i'll see you in the next video