Firewalls sit at the edge between networks and decide which traffic is allowed in or out. They enforce security policy by inspecting packets and applying rules to every connection attempt.
In this module you will see how firewalls filter traffic, how zones of trust are defined and why firewalls are powerful but still only one part of a layered security strategy.
"A firewall is not a magic shield. It is a gate that must be configured carefully and supported by good security practices."
π What you will learn
- How firewalls use rules to filter network traffic
- The idea of positive and negative filtering and default actions
- How zones of trust such as internal, DMZ and public internet are separated
- Strengths and limitations of firewalls in a real network
𧱠Core firewall functions
Firewalls control traffic between networks based on defined rules. Two important functions are:
- Packet filtering checks IP addresses, ports and protocols and decides whether to allow or drop packets.
- Application proxying terminates connections on behalf of clients and inspects application level traffic more deeply.
π Security policy and rule sets
A firewall rule set should reflect a clear security policy. A policy defines what is acceptable, what must be protected and how to respond to violations.
- Which services are allowed in or out of the network.
- Which systems are sensitive and need stronger protection.
- How to log and alert when rules are violated.
βοΈ Positive and negative filtering
Firewalls can be configured in different ways:
- Positive filtering allows only specified traffic and blocks everything else.
- Negative filtering blocks only specified traffic and allows everything else.
- A default discard policy blocks traffic unless a rule allows it.
- A default forward policy allows traffic unless a rule blocks it.
π Zones of trust
Networks are often divided into zones with different trust levels:
- Internal network for trusted internal systems and users.
- DMZ for public facing services such as web or mail servers.
- Public internet where no trust is assumed.
The DMZ acts as a buffer. If a public server in the DMZ is compromised, the firewall rules should still prevent direct access to the internal network.
β Strengths and limitations
Firewalls bring important benefits:
- They block many types of unauthorised external access.
- They provide a central point to enforce network security policy.
- They are mostly transparent to end users once configured.
However they also have limitations:
- They cannot fully protect against insider threats or attacks that start inside the network.
- They can sometimes be bypassed by separate wireless or unmanaged connections.
- Traditional firewalls may not detect advanced application level malware without additional tools.
β Key takeaway
Firewalls are an essential control for separating networks and enforcing policy. They are strongest when combined with monitoring, secure configuration and other layers of defense.
