Cyber Security Firewalls
🔥 Cyber Security – Firewalls (In-Depth Guide)
It acts like a security guard between trusted (internal) and untrusted (external) networks.
📌 No firewall = open door for attackers
What is a Firewall?
A firewall is a hardware or software security system that:
Monitors network traffic
Allows or blocks data packets
Uses predefined security rules
📌 Simple definition:
Firewall controls who can enter and exit your network
Why Firewalls are Critical in Cyber Security
Prevent unauthorized access
Block malware traffic
Stop hacking attempts
Protect internal systems
Reduce attack surface
✔ Used in homes, companies, data centers, cloud
How a Firewall Works (Basic Flow)
1️⃣ Incoming traffic reaches firewall
2️⃣ Firewall checks rules
3️⃣ Traffic is allowed or blocked
4️⃣ Logs are generated
📌 Decision is based on:
IP address
Port number
Protocol
Connection state
Types of Firewalls (Very Important)
1️⃣ Packet Filtering Firewall
🔹 Works at Network & Transport layers
✔ Checks:
Source IP
Destination IP
Port
Protocol
❌ Cannot inspect data content
📌 Fast but basic security
2️⃣ Stateful Inspection Firewall
🔹 Tracks active connections
✔ Understands TCP sessions
✔ Blocks fake packets
📌 Much stronger than packet filtering
3️⃣ Proxy Firewall (Application-Level Gateway)
🔹 Acts as a middleman
✔ Hides internal IPs
✔ Inspects application data
❌ Slower
📌 Used for high-security environments
4️⃣ Next-Generation Firewall (NGFW)
🔹 Most advanced firewall
✔ Features:
Deep Packet Inspection (DPI)
Application awareness
Intrusion Prevention (IPS)
Malware protection
📌 Examples:
Palo Alto Networks
Fortinet
Cisco
5️⃣ Web Application Firewall (WAF)
🔹 Protects web applications
✔ Blocks:
SQL Injection
XSS
CSRF
📌 Used for websites & APIs
Firewall Deployment Types
| Type | Description |
|---|---|
| Network Firewall | Protects entire network |
| Host-based Firewall | Protects individual system |
| Cloud Firewall | Secures cloud resources |
Attacks Firewalls Can Prevent
✔ Port scanning
✔ Unauthorized access
✔ Malware communication
✔ DDoS (partial protection)
✔ IP spoofing
✔ Command & control traffic
⚠️ Firewalls cannot stop:
Insider threats
Encrypted malicious traffic (without DPI)
Social engineering
Firewall Rules (Security Core)
Example Rule Logic:
📌 Best practices:
Deny by default
Allow only required services
Regularly review rules
Firewalls & OSI Model
| Firewall Type | OSI Layer |
|---|---|
| Packet Filter | Layer 3–4 |
| Stateful | Layer 3–4 |
| Proxy | Layer 7 |
| NGFW | Layer 3–7 |
| WAF | Layer 7 |
Firewalls vs IDS/IPS
| Firewall | IDS/IPS |
|---|---|
| Blocks traffic | Detects/blocks attacks |
| Preventive | Detective + Preventive |
| Rule-based | Signature/behavior-based |
📌 Best security = Firewall + IDS/IPS
Real-World Cyber Security Example
🔐 A company allows only:
HTTPS (443)
SSH (22) from admin IP
🚫 Blocks:
Telnet
FTP
Unknown ports
➡️ Result: Reduced hacking risk
Career Tip (Important for You 🎯)
Firewall knowledge is required for:
SOC Analyst
Network Security Engineer
Ethical Hacker
Cloud Security Engineer
📌 Asked in CEH, Security+, interviews
🧠 Key Takeaway
✔ Firewall = Gatekeeper
✔ Rules decide security
✔ Misconfiguration = vulnerability
🔥 A strong firewall with weak rules is still weak security
