DEV Community

Palak Hirave
Palak Hirave

Posted on

Network Security

#networking #network #beginners #learning

A Firewall is a network security device, either hardware, software, or a combination of both, that monitors incoming and outgoing network traffic. Firewalls enforce a set of rules (known as firewall policies or access control lists) to determine whether to allow or block specific traffic.

Firewalls operate by analyzing packets of data according to predefined rules and policies, commonly focusing on factors such as IP addresses, port numbers, and protocols. This process, known as traffic filtering, is defined by system administrators as permitting or denying traffic based on specific conditions, ensuring that only authorized connections are allowed. Additionally, firewalls can log traffic events and generate alerts about any suspicious activity.

1. Packet Filtering Firewall

Operates at Layer 3 (Network) and Layer 4 (Transport) of the OSI model.
Examines source/destination IP, source/destination port, and protocol type.
Example: A simple router ACL that only allows HTTP (port 80) and HTTPS (port 443) while blocking other ports.

2. Stateful Inspection Firewall

Tracks the state of network connections.
More intelligent than packet filters because they understand the entire conversation.
Example: Only allows inbound data that matches an already established outbound request.

3. Application Layer Firewall (Proxy Firewall)

Operates up to Layer 7 (Application) of the OSI model.
Can inspect the actual content of traffic (e.g., HTTP requests) and block malicious requests.
Example: A web proxy that filters out malicious HTTP requests containing suspicious patterns.

4. Next-Generation Firewall (NGFW)

Combines stateful inspection with advanced features like deep packet inspection, intrusion detection/prevention, and application control.
Example: A modern firewall that can block known malicious IP addresses, inspect encrypted traffic for threats, and enforce application-specific policies.

Intrusion Detection and Prevention Systems (IDS/IPS)

They are security solutions designed to monitor and respond to suspicious network or system activity. An Intrusion Detection System (IDS) observes traffic or system events to identify malicious behavior or policy violations, generating alerts but not blocking the suspicious traffic whilst an Intrusion Prevention System (IPS) operates similarly to an IDS but also takes an additional step by preventing or rejecting malicious traffic in real time.

Techniques

  • Signature-based detection - Matches traffic against a database of known exploits.
  • Anomaly-based detection - Detects anything unusual compared to normal activity.

Top comments (1)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.