Firewall PI

DISCLAIMER

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

Firewalls are a layer of technology that can be used to protect a network and individual devices. There are a range of related technologies that are available, including Firewalls themselves, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Each of these technologies fulfil a separate requirement and it is possible to buy physical devices that combine all 3 of these technologies. Firewalls concentrate of monitoring network traffic and will allow or deny access based on established rules that can be customised depending on the needs of the network. It is important to remember that the deployment of these technologies is based on the requirements of a network. Not all these technologies will be cost efficient, easy to deploy or easy to configure, and will depend on the network size, expertise of the staff configuring them and needs of the network. A small, home network is very different to a large corporate network and will require less complex technology as a result.

Many home routers that are provided by an Internet Service Provider (ISP) have built in firewalls that have simple configurations and rules that are intended for home use. Dedicated firewalls for use in large networks require dedicated specialists to make sure they are configured and maintain correctly. When considering any technology to be deployed it is important to focus on the network needs and requirements, a small, home network shouldn’t need an industrial strength firewall because the activity on the home network will be very different, and the cost is very different. Whereas a large organisation, like a school, that is handling a lot of personal information (staff and students) should have better protection, including a good firewall.  

The Fortinet FortiGate 7060E

Firewalls can be installed on either an end-point device like a laptop (host-based firewall) or a separate device like a router or dedicated firewall (network-based firewall) to provide a level of security. There are different benefits and constraints of both versions, which need to be evaluated in context of the total network. Host-based firewalls can slow down the end-point device as all the traffic coming in and out of that device must be analysed. A network-based firewall might work best for a small network, or a home network because it won’t interfere with the end-point devices processing ability. Firewalls control the traffic passing in and out of the network by having static rules created for different ports, services and IP addresses that either allow specific traffic in and out of the network or block them entirely. Configuring firewalls has to be done carefully because the wrong rule could prevent a vital service from being connected to. For example, SSH by default works on port 22, SSH allows secure connections between devices within a network, if this port is blocked then the devices that need to connect will be shut off from each other and vital operations of an organisation could be halted.

 

Suggested Year Group

The suggested age group is 15+, this project introduces concepts in networking and network architecture that support the associated subject and introduce industry concepts ready for development.

 

Learning Outcomes

  • Instruct the students about the role of firewalls in network security;

  • Explain how firewall rules work to the students;

  • Show the students how to configure the Uncomplicated Firewall (ufw) and create their own firewall rules.

 

Hardware Required

Component Number (Peli Case)

(Base) 4 + 5

(Base) 5

(Base) 6

(Base) 6

(Level 1) 3

(Level 1) 3

(Level 1) 5

(Level 1) 1

Component Number (Box Case)

Slot 1

Slot 11

Slot 2

Slot 11

Slot 11

Slot 11

Slot 12

Slot 13

Component

Raspberry Pi + Case

Kali SD Card

External Hard Drive

USB lead

HDMI

Wireless Keyboard

Wireless Mouse

Power Supply

 

Video Guide

 

Conclusion

Firewalls work on the principle of static rules, either a protocol can be used, or it can’t, a port is allowed to be connected to or it isn’t. This makes it very rigid and can cause problems if it isn’t configured correctly. It is important that the students understand how to visualize a network and how these technologies are deployed and used within a network. There are many ways to create networks for different size organisations, there are similar style networks, but each network should be tailored to the needs of that organisation.