Objective Configure and test basic firewall rules to block and allow network traffic.
Task Summary
Successfully created an inbound firewall rule to block port 23 (Telnet) and tested it to confirm the rule works.
Configuration:
- Type: Inbound Rule
- Protocol: TCP
- Port: 23
- Action: Block the connection
- Profiles: Domain, Private, Public
- Status: Enabled
Description: Blocks inbound connections on port 23 (Telnet protocol)
Testing Results
telnet localhost 23
Connecting to localhost...Could not open connection to the host, on port 23: Connect failed
SUCCESSFUL - The firewall rule is working correctly. Port 23 is blocked, and connections are refused.
Key Concepts Learned
A firewall is a network security system that monitors and controls inbound and outbound network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks.
Functions:
- Filters network traffic
- Blocks unauthorized access
- Monitors connections
- Enforces security policies
- Prevents malware spread
Stateful Firewall:
- Maintains connection state information
- Remembers previous connections
- More intelligent decision-making
- Modern and more secure
- Example: Windows Defender Firewall
Stateless Firewall:
- Examines each packet independently
- No memory of previous packets
- Simpler but less intelligent
- Faster processing
- Less secure
Inbound Rules:
- Control traffic ENTERING your computer
- Protect against external attacks
- Example: Block port 23 (our rule)
Outbound Rules:
- Control traffic LEAVING your computer
- Prevent malware communication
- Restrict data exfiltration
UFW is a Linux firewall management tool that:
- Simplifies iptables configuration
- Uses intuitive command syntax
- Makes firewall configuration easier
- Example:
ufw allow 22/tcp(simple instead of complex iptables commands)
Telnet is insecure because:
- Transmits data in plain text (unencrypted)
- No secure authentication
- Vulnerable to eavesdropping - credentials can be captured
- Easy man-in-the-middle attacks
- SSH (port 22) is the secure alternative
Why we block it:
- Prevent unauthorized access
- Protect against credential theft
- Force use of secure alternatives
- Security best practice
- Blocking all traffic (makes the system unusable)
- Not updating rules (rules become outdated)
- Overly permissive rules ("Allow all" defeats purpose)
- Misconfiguring port forwarding (exposes services)
- Not testing changes (rules may not work)
- Ignoring logging (can't monitor what's blocked)
- Using weak default configurations
- Not backing up rules
- Forgetting to document rules
- Not monitoring logs
Protection mechanisms:
- Access Control: Allows/blocks specific traffic types
- Threat Prevention: Blocks known malicious patterns
- Intrusion Prevention: Detects and blocks attacks
- Privacy Protection: Hides internal network structure
- Policy Enforcement: Ensures compliance
- Traffic Monitoring: Logs and alerts on suspicious activity
- DDoS Protection: Filters high-volume attacks
Definition: NAT translates private IP addresses to public IP addresses and vice versa.
How it works:
- Internal device sends traffic with private IP (e.g., 192.168.1.66)
- Firewall intercepts and translates to a public IP
- External server sees public IP, not private IP
- Response comes back with public IP
- Firewall translates back to private IP
- Internal device receives response
Benefits:
- Privacy: Hides internal IP addresses
- Security: External users can't directly target internal IPs
- IP Conservation: Multiple devices share one public IP
- Automatic Filtering: Unsolicited traffic is blocked
Interview Questions & Answers
Q1: What is a firewall? A: A firewall is a network security system that monitors and controls inbound and outbound network traffic based on predetermined security rules.
Q2: What is the difference between a stateful and a stateless firewall? A: Stateful firewalls maintain connection state and make intelligent decisions; stateless firewalls examine each packet independently without context.
Q3: What are inbound and outbound rules? A: Inbound rules control traffic entering your computer; outbound rules control traffic leaving your computer.
Q4: How does UFW simplify firewall management?
A: UFW provides a simpler interface for managing iptables on Linux with intuitive syntax like ufw allow 22/tcp.
Q5: Why block port 23 (Telnet)? A: Telnet is insecure - it transmits data in plain text without encryption, making credentials vulnerable to capture.
Q6: What are common firewall mistakes? A: Blocking all traffic, not updating rules, overly permissive rules, not testing changes, ignoring logging, and weak default configurations.
Q7: How does a firewall improve network security? A: By filtering unauthorized traffic, blocking attacks, preventing intrusions, hiding network structure, and monitoring activity.
Q8: What is NAT in firewalls? A: NAT (Network Address Translation) translates private IPs to public IPs, providing privacy by hiding the internal network structure and improving security.
Firewall Rules Summary
| Rule Name | Type | Protocol | Port | Action | Status | |--||-||--|--| | Block Telnet Port 23 | Inbound | TCP | 23 | Block | Enabled |
Screenshots
All screenshots are in the screenshots/ folder showing:
- Allowed apps configuration
- Advanced Security interface
- Inbound Rules list
- New Rule wizard - type selection
- Protocol and Port configuration
- Action selection (Block)
- Profile selection (Domain, Private, Public)
- Rule naming and description
- Completed rule in the Inbound Rules list
- Test result - Telnet connection failed
Learning Outcomes
✓ Firewall configuration and management ✓ Understanding port-based filtering ✓ Rule creation and testing ✓ Network traffic control ✓ Security best practices ✓ Understanding why blocking insecure protocols is important
WINDOWS FIREWALL RULES CREATED
Rule Type: Inbound Rule Protocol: TCP Port: 23 Action: Block the connection Profiles: Domain, Private, Public Status: Enabled Description: Blocks inbound connections on port 23 (Telnet protocol)
Testing:
- Command: telnet localhost 23
- Result: Could not open connection to the host, on port 23: Connect failed
- Status: WORKING - Rule successfully blocks port 23
✅ Firewall rule created successfully ✅ Rule is enabled and active ✅ Test confirms rule is working ✅ Port 23 (Telnet) is blocked ✅ Insecure protocol is prevented