Network and Information Security (22620)

Practical No. 12: a. Install firewall on any operating system.

b. Configure firewall settings on any operating system
I Practical significance
The firewall is the software or hardware system which is used to divide one network or
computer from another one. Most of the common types of firewall help to protect an entire
network or a computer from the unauthorized access from an internet. The firewalls also used
to control the data flow from and to multiple networks in the same organizations. This firewall
can also be programmed to filter the data packet based on any information which is contained
in a packet. Listed below are some of the types of firewalls on the configuration and network.

II Relevant Program Outcome (POs)

PO1 – Basic knowledge
PO2 – Discipline knowledge

PO3 – Experiments and practice

PO4 – Life-long learning.

III Competency and practical Skills

“Install and configure firewall in operating system.”
This practical is expected to develop the following skills:
1. We have to install firewall in operating system.
2. We have to configure firewall in operating system.

IV Relevant Course Outcome(s)

Analyze the process of installing and configuring firewall in operating system.

V Practical outcomes
Given information about installing and configuring firewall in operating system .

VI Relevant Affective Domain Related Outcomes

a. Follow precautionary measures
b. Demonstrate working as a leader / a team member

Page No : 1

By Prof.R.H.Rathod, Comp.Engg. Deptt., Dr.Panjabrao Deshmukh Polytechnic, Amravati

 Network and Information Security (22620)
c. Follow ethical practices

VII Minimum Theoretical Background

Software and hardware firewalls
The software firewall, either are part of the operating system or the 3rd party application which installs
on the operating and also can configure instead of an operating system firewall. This is configurable for
the single host as well as flexible for the configuration for the particular host alone. In general, a firewall
is the device that has more than one network interface. It also manages the flow of the network traffic
in between those interfaces. In terms, what it does with types of traffic and how it manages the flows
depend on its configurations. In the real-world implementation, the firewall is likely to provide other
functionalities such as proxy server services and NAT- network address translation.

The hardware firewall is the specialized appliances which are built to filter the packets between the
networks. Most of the common type of hardware firewalls is used to prevent an entire network or a
computer from an unauthorized access from an internet. The firewall can be used to control the data
flow in the same organizations. This firewall can also be programmed to filter the data packet based on
information which contained in a packet. The examples of the 3rd party hardware firewalls such as
Bluecoat and Barracuda.

VIII Work situation

a. Faculty must form a group of students.
b. Faculty will demonstrate the use of firewall.
c. Students will install and configure firewall in other operating systems.

IX Resources required (Additional)

SN Instrument/Object Specification Quantity Remarks

01 Desktop PC Processor i3/i5 1 / group Yes

02 Software Any firewall 1 / group Yes

X Precaution to be followed
1. Handle computer system and peripherals with care
Page No : 2

By Prof.R.H.Rathod, Comp.Engg. Deptt., Dr.Panjabrao Deshmukh Polytechnic, Amravati

 Network and Information Security (22620)
2. Use the firewall properly.
3. Follow safety precautions
4. Configure the firewall properly.

XI Procedure
 Steps to install the firewall:
Step 1: Open any web browser.
Step 2: Search for particular firewall as per your requirement.
Step 3: Download the firewall software in your computer system.
Step 4: Install the firewall in your system.
Step 5: You have successfully installed the firewall in your desktop system.
 Steps to Configure firewall:
Step 1: Secure your firewall

 If an attacker is able to gain administrative access to your firewall it is “game over” for your
network security. Therefore, securing your firewall is the first and most important step of this
process. Never put a firewall into production that is not properly secured by at least the
following configuration actions:

 Update your firewall to the latest firmware.

 Delete, disable, or rename any default user accounts and change all default passwords. Make
sure to use only complex and secure passwords.

 If multiple administrators will manage the firewall, create additional administrator accounts with
limited privileges based on responsibilities. Never use shared user accounts.

 Disable simple network management protocol (SNMP) or configure it to use a secure

community string.

Step 2: Architect your firewall zones and IP addresses

 In order to protect the valuable assets on your network, you should first identify what the assets
(for example, payment card data or patient data) are. Then plan out your network structure so
that these assets can be grouped together and placed into networks (or zones) based on similar
sensitivity level and function.

 For example, all of your servers that provide services over the internet (web servers, email
servers, virtual private network (VPN) servers, etc.) should be placed into a dedicated zone that
will allow limited inbound traffic from the internet (this zone is often called a demilitarized zone
or DMZ). Servers that should not be accessed directly from the internet, such as database
servers, must be placed in internal server zones instead. Likewise, workstations, point of sale
devices, and voice over Internet protocol (VOIP) systems can usually be placed in internal
network zones.

Page No : 3

By Prof.R.H.Rathod, Comp.Engg. Deptt., Dr.Panjabrao Deshmukh Polytechnic, Amravati

 Network and Information Security (22620)
 Generally speaking, the more zones you create, the more secure your network. But keep in mind
that managing more zones requires additional time and resources, so you need to be careful
when deciding how many network zones you want to use.

 If you are using IP version 4, Internal IP addresses should be used for all of your internal
networks. Network address translation (NAT) must be configured to allow internal devices to
communicate on the Internet when necessary.

 Once you have designed your network zone structure and established the corresponding IP
address scheme, you are ready to create your firewall zones and assign them to your firewall
interfaces or sub interfaces. As you build out your network infrastructure, switches that support
virtual LANs (VLANs) should be used to maintain level-2 separation between the networks.

Step 3: Configure access control lists

 Now that you have established your network zones and assigned them to interfaces, you should
determine exactly which traffic needs to be able to flow into and out of each zone.

 This traffic will be permitted using firewall rules called access control lists (ACLs), which are
applied to each interface or subinterface on the firewall. Make your ACLs specific to the exact
source and/or destination IP addresses and port numbers whenever possible. At the end of every
access control list, make sure there is a “deny all” rule to filter out all unapproved traffic. Apply
both inbound and outbound ACLs to each interface and subinterface on your firewall so that
only approved traffic is allowed into and out of each zone.

 Whenever possible, it is generally advised to disable your firewall administration interfaces

(including both secure shell (SSH) and web interfaces) from public access. This will help to
protect your firewall configuration from outside threats. Make sure to disable all unencrypted
protocols for firewall management, including Telnet and HTTP connections.

Step 4: Configure your other firewall services and logging

 If your firewall is also capable of acting as a dynamic host configuration protocol (DHCP)
server, network time protocol (NTP) server, intrusion prevention system (IPS), etc., then go
ahead and configure the services you wish to use. Disable all the extra services that you don’t
intend to use.

 To fulfill PCI DSS requirements, configure your firewall to report to your logging server, and
make sure that enough detail is included to satisfy requirement 10.2 through 10.3 of the PCI
DSS

Step 5: Test your firewall configuration

 In a test environment, verify that your firewall works as intended. Don’t forget to verify that
your firewall is blocking traffic that should be blocked according to your ACL
configurations. Testing your firewall should include both vulnerability scanning and penetration
testing.

 Once you have finished testing your firewall, your firewall should be ready for production.
Always remember to keep a backup of your firewall configuration saved in a secure place so that
all of your hard work is not lost in the event of a hardware failure.

Page No : 4

By Prof.R.H.Rathod, Comp.Engg. Deptt., Dr.Panjabrao Deshmukh Polytechnic, Amravati

 Network and Information Security (22620)
 Now remember, this is just an overview to help you understand the major steps of firewall
configuration. When using tutorials, or even if you decide to configure your own firewall, be
sure to have a security expert review your configuration to make sure it is set up to keep your
data as safe as possible.

XII Resources used (Additional)

XIII Observations

XIV Practical related Questions

1. Define Firewall?

2. Write the septs in short to install firewall?

Page No : 5

By Prof.R.H.Rathod, Comp.Engg. Deptt., Dr.Panjabrao Deshmukh Polytechnic, Amravati

 Network and Information Security (22620)
3. Enlist different types of firewalls available for windows?

List of student Team Members

1.
2.
3.
4.

Signature ofTeacher

Page No : 6

By Prof.R.H.Rathod, Comp.Engg. Deptt., Dr.Panjabrao Deshmukh Polytechnic, Amravati