Firewall

What Is a Firewall?

• Definition: A firewall is a security system (hardware or software) that monitors and controls incoming and outgoing network traffic based on predetermined rules.
• Purpose: Acts as a barrier between a trusted internal network and untrusted external networks (like the internet).
• Analogy: Think of it as a security guard at the gate of your network — deciding which data packets are allowed in or out.

Types of Firewalls

1. Packet-Filtering Firewall
   1. Examines packets (basic units of data) and allows/blocks them based on IP addresses, ports, or protocols.
   1. Simple, fast, but limited (doesn’t inspect content deeply).
2. Stateful Inspection Firewall
   1. Tracks the state of active connections.
   1. More secure than packet filtering because it understands context (e.g., whether a packet is part of an established session).
3. Proxy Firewall (Application-Level Gateway)
   1. Acts as an intermediary between users and the internet.
   1. Can inspect traffic at the application layer (e.g., HTTP, FTP).
   1. Provides deeper filtering but may slow performance.
4. Next-Generation Firewall (NGFW)
   1. Combines traditional firewall features with advanced capabilities:
      1. Deep packet inspection
      1. Intrusion prevention
      1. Application awareness
      1. Integration with threat intelligence
5. Hardware vs Software Firewalls
   1. Hardware: Physical devices placed between networks (common in enterprises).
   1. Software: Installed on individual computers/servers (common for personal use).

How Firewalls Work

• Rules: Firewalls use rules (access control lists) to decide whether traffic is allowed or blocked.
• Filtering Criteria:
  • Source/destination IP address
  • Port number
  • Protocol (TCP, UDP, ICMP)
  • Application type (web, email, file transfer)
• Actions: Allow, block, or log traffic.