Skip to 0 minutes and 5 seconds I am now logged in and working on the target server and I want to start a firewall blocking all incoming traffic and allowing access only to the SSH and Web servers. Let’s first check whether the server has a firewall and whether it is configured. Yes, we have a firewall, but it’s not running. Let’s start it. And check the rules. We can see a set of rules allowing traffic for the SMB file sharing as well as to the SSH server on port 22 and the Web server of port 80. Everything else is blocked. With the firewall running, let’s go back to Kali and repeat the scan and see the difference.
Skip to 1 minute and 13 seconds The first difference we see is that now Nmap reports 995 filtered ports. That indicates that Nmap has detected the firewall, which is blocking most of the ports. The other major difference that we see is that the MySQL database is no longer visible. The sample file sharing ports are allowed through the firewall but there is no service running so they reported this closed. What we have implemented and tested is a simple but fundamental solution in computer network security using firewalls. It allows us to hide and protect sensitive systems and services from the outside world and is pretty much a standard in todayâ€™s environment. We will talk about firewalls in more detail later in the course.
Scan a target behind a firewall
Watch the video in which we perform a basic host scan of a target behind a firewall.
We are now going to turn on the firewall on the server and scan it again. The results should confirm that we now have the exposure of services on the server which is in line with a required security policy.