DEV Community

Cover image for Networking for Cybersecurity (Part 3): Firewalls, VPNs & Proxies
Elvin Seyidov
Elvin Seyidov

Posted on

Networking for Cybersecurity (Part 3): Firewalls, VPNs & Proxies

#cybersecurity #network #vpn #proxy

1. Introduction: Network Barriers and Secure Access

Firewalls, VPNs and proxies are the core tools that control how traffic enters, leaves and moves inside a network. They decide who gets access, how data is protected on the way, and how users connect securely from anywhere. In cybersecurity, these systems act as barriers, shields and traffic controllers.

Firewall
Controls and filters traffic. Blocks or allows based on rules.

VPN
Creates an encrypted tunnel so data travels securely.

Proxy
Sits in the middle and forwards requests, often hiding the client.

2. What Firewalls Actually Do (Traffic Filtering Basics)

A firewall’s main job is to inspect network traffic and decide whether to allow it or block it. It does this by checking IP addresses, ports, protocols and sometimes even the application data.

Firewalls follow a simple logic.
If traffic matches the rules, it is allowed. If it doesn’t, it is blocked.

Key things firewalls look at:

  • Source IP and destination IP
    Where the traffic comes from and where it's going.

  • Ports
    Which service the traffic is trying to reach.

  • Protocol
    Whether it’s TCP, UDP, ICMP or something else.

  • Direction
    Inbound (coming into the network) or outbound (leaving the network).

  • Action
    Allow, block or log.

3. Types of Firewalls (Packet, Stateful, Next-Gen)

Packet-Filtering Firewall
A packet filtering firewall is a network security device that filters incoming and outgoing network packets based on a predefined set of rules. Rules are typically based on IP addresses, port numbers, and protocols. By inspecting packet headers, the firewall decides if it matches an allowed rule; if not, it blocks the packet.

A Perimeter Firewall
A perimeter firewall is a security device that filters traffic, acting as a barrier between an internal network and untrusted external networks.

It applies a set of rules to control access based on criteria like IP addresses, domain names, protocols, ports, and the content of the traffic. By permitting or denying traffic, a perimeter firewall protects the network from unauthorized access and cyber threats.

A Proxy Firewall
A proxy firewall is a network security device that serves as an intermediary between user requests and the resources they access, filtering messages and data exchange at the application layer.

By evaluating and transferring data packets on behalf of users, a proxy firewall ensures direct connections with external servers are never established, which increases security by concealing internal network addresses.

A Host-based Firewall

A host-based firewall works as a shield directly on a server or endpoint device. It analyzes and directs network traffic flow. Its primary role is to enforce security policies that determine what kind of data packets can enter or leave the host system.

Stateful Firewall
Remembers active connections. Allows return traffic automatically. More secure than packet-filtering because it understands sessions.

Next-Generation Firewall (NGFW)
The most advanced. Looks inside the traffic at the application layer. Can inspect HTTP, DNS, TLS, detect malware patterns, block apps and detect suspicious behavior.

4. Firewall Rules, Policies & Real Security Use Cases

Firewall rules define what traffic is allowed and what traffic is blocked. Policies group these rules to create a security strategy for different parts of a network.

A rule usually checks:

  • Source IP
  • Destination IP
  • Port
  • Protocol
  • Direction
  • Action (allow or block)

Common real-world uses:

  • Allow only ports 80 and 443 to a web server
    This exposes only the services required.

  • Allow SSH (port 22) only from your own IP
    This prevents brute-force attacks from the internet.

  • Block SMB (445) on the network edge
    This stops worms and ransomware from spreading.

  • Block all inbound traffic by default
    Then allow only what is truly needed.

  • Restrict outbound traffic for internal systems
    Prevents malware from calling external servers.

5. What a VPN Is and Why Cybersecurity Depends on It

A VPN creates a secure, encrypted tunnel between your device and another network. Instead of sending traffic directly over the internet, the traffic is wrapped, encrypted and then sent through this private tunnel.

The main purpose of a VPN is simple. It protects data from being seen or modified while it travels across untrusted networks. Without a VPN, anyone on the same network or along the route could inspect or intercept the traffic.

A VPN also hides your real IP by replacing it with the VPN server’s IP. This provides privacy and makes tracking harder.

Cybersecurity depends on VPNs because they:

  • Protect remote workers who connect over public Wi-Fi.
  • Secure access to internal company systems.
  • Stop attackers on local networks from sniffing or manipulating traffic.
  • Encrypt sensitive data end-to-end across the internet.
  • Help isolate networks and enforce access control.

6. VPN Protocols: IPSec, OpenVPN, WireGuard

VPNs rely on specific protocols to create secure tunnels. These protocols define how traffic is encrypted, authenticated and transported. The three most important ones in modern cybersecurity are IPSec, OpenVPN and WireGuard.

IPSec
A very mature protocol used mostly in corporate and site-to-site VPNs. Works at the network layer. Strong, stable and widely supported but can be complex to configure.

OpenVPN
Runs over TLS. Very flexible and works almost anywhere. Common in commercial VPN services. Slightly slower than WireGuard but extremely reliable and battle-tested.

WireGuard
A newer protocol designed to be fast, simple and secure. Uses modern cryptography and has a small codebase, making audits easier. Often the fastest and easiest to configure.

7. VPN Security Concepts: Tunneling, Encryption & Split Tunneling

VPN security is built on a few core ideas. These concepts explain how VPNs protect data and how attackers are kept out.

Tunneling
Your traffic is wrapped inside another packet and sent through a private path. This hides your internal data from the outside network.

Encryption
The wrapped data is encrypted using strong algorithms. Even if someone captures the traffic, they cannot read it without the key.

Authentication
VPN endpoints verify each other before the tunnel is created. This prevents impostors from pretending to be a valid server or client.

Integrity
The VPN ensures data is not modified on the way. Protocols use HMAC or similar methods to detect tampering.

Split Tunneling
Only selected traffic goes through the VPN, while other traffic goes directly to the internet. This improves speed but reduces security if not configured carefully.

Full Tunnel
All traffic goes through the VPN. This provides maximum protection but uses more bandwidth.

Tunneling hides the data path.
Encryption protects the data itself.
Split tunneling decides what goes inside the tunnel.

8. What Proxies Are and How They Work

A proxy is a server that sits between a client and the destination. Instead of your device talking directly to a website or service, it sends the request to the proxy, and the proxy forwards it on your behalf.

The core idea:
The destination never sees your real identity. It sees the proxy instead.

How it works in simple steps:

  1. Your device → sends request to proxy
  2. Proxy → forwards request to the website
  3. Website → sends response back to proxy
  4. Proxy → sends response back to your device

Why proxies matter in cybersecurity:

  • They hide internal IPs from the outside world.
  • They filter and control outbound traffic.
  • They block access to malicious or restricted sites.
  • They allow logging and monitoring of traffic.
  • They help isolate internal networks.

A proxy does not create encryption or a secure tunnel (unlike a VPN). It only forwards and filters traffic, acting like a middleman.

9. Proxy Types: Forward, Reverse, Transparent, SOCKS5

There are several types of proxies, each used for different purposes. The idea is always the same: the proxy sits in the middle, but what it does and who it serves depends on the type.

Forward Proxy
Used by clients to access the internet.
Hides the user from the websites they visit.
Common in companies to control outbound traffic.

Reverse Proxy
Used by servers.
Hides internal servers from the outside world.
Handles load balancing, caching and protection against attacks.

Transparent Proxy
Invisible to the user.
Traffic is intercepted and filtered without user configuration.
Used in schools, companies and ISPs.

SOCKS5 Proxy
A more flexible proxy that works at a lower level.
Can handle almost any type of traffic (not just HTTP).
Good for applications, games, P2P and tools that need raw forwarding.

Forward proxy protects users.
Reverse proxy protects servers.
Transparent proxy controls traffic silently.
SOCKS5 is the more flexible, general-purpose proxy.

10. VPN vs Proxy: Security, Privacy, and When to Use Each

VPNs and proxies both sit between you and the destination, but they solve different problems. The main difference is that VPNs secure your traffic, while proxies mainly relay or filter it.

VPN
Encrypts all your traffic.
Protects data on public Wi-Fi or untrusted networks.
Hides your IP and secures the entire connection.
Used for secure remote work, privacy, and accessing internal systems.

Proxy
Does not encrypt traffic.
Only forwards specific requests (like web or SOCKS).
Hides your IP but does not protect your data.
Used for filtering, caching, access control, or hiding client identity.

11. Modern Alternatives: Zero Trust Network Access (ZTNA)

**ZTNA **is the modern replacement for traditional VPNs. Instead of giving a user full network access once they connect, ZTNA gives access only to specific apps, and only after continuous verification.

The core idea is simple:
Never trust anyone by default, even if they are inside the network. Always verify identity, device health and context before allowing access.

How ZTNA works:
A user logs in with strong authentication.
ZTNA checks who they are and what device they use.
Instead of opening the whole network, it gives access only to the exact application required.
Access is rechecked constantly, not just at login.

Why cybersecurity uses ZTNA:

  • It reduces lateral movement.
  • It limits damage if an account is compromised.
  • It removes the need for broad VPN access.
  • It protects internal services without exposing them directly.
  • It fits modern cloud and remote-work environments.

12. Summary and What Comes Next (Part 4 Preview)

In this part, we explored how networks control, secure, and filter traffic using firewalls, VPNs, proxies, tunneling, and Zero Trust principles. You learned how access is granted, how traffic is encrypted through VPN tunnels, how proxies route requests, and how modern networks limit exposure through segmentation and policy enforcement. These are the defensive layers that sit between the user and the internal network.

In Part 4, we go deeper into what actually flows through the network — packets. You will learn packet structure, sniffing techniques, how tools like Wireshark and tcpdump capture traffic, and how analysts interpret live data. Packet-level understanding is crucial for detecting attacks, troubleshooting, and performing real security analysis.

Next: Networking for Cybersecurity (Part 4): Packets, Sniffing & Traffic Analysis

Top comments (0)