2. In computing, a firewall is a network security device that monitors traffic to and from your network. It either allows traffic or blocks it based on a defined set of security rules.

3. A firewall can use port filtering, which blocks or allows certain port numbers to limit unwanted communication.

For example, it could have a rule that only allows communications on port 443 for HTTPS or port 25 for email and blocks everything else.

4. A basic principle is that the only ports that are needed are the ones that are allowed. Any port that isn't being used by the normal network operations should be disallowed.

This protects against port vulnerabilities.

5. Let's talk about a few different kinds of firewalls.

A hardware firewall is considered the most basic way to defend against threats to a network.

A hardware firewall inspects each data packet before it's allowed to enter the network.

6. A software firewall performs the same functions as a hardware firewall, but it's not a physical device.

Instead, it's a software program installed on a computer or a server.

7. If the software firewall is installed on a computer, it will analyze all the traffic received by that computer.

If the software firewall is installed on a server, it will protect all the devices connected to the server.

8. A software firewall typically costs less than purchasing a separate physical device, and it doesn't take up any extra space.

9. Organizations may choose to use a cloud-based firewall.

Cloud service providers offer firewalls as a service, or FaaS, for organizations. Cloud-based firewalls are software firewalls hosted by a cloud service provider.

10. Organizations can configure the firewall rules on the cloud service provider's interface, and the firewall will perform security operations on all incoming traffic before it reaches the organization’s onsite network.

11. Cloud-based firewalls also protect any assets or processes that an organization might be using in the cloud.

12. All the firewalls we have discussed can be either stateful or stateless.

The terms "stateful" and "stateless" refer to how the firewall operates. Stateful refers to a class of firewall that keeps track of information passing through it and proactively filters out threats.

13. A stateful firewall analyzes network traffic for characteristics and behavior that appear suspicious and stops them from entering the network.

14. Stateless refers to a class of firewall that operates based on predefined rules and does not keep track of information from data packets.

15. A stateless firewall only acts according to preconfigured rules set by the firewall administrator. The rules programmed by the firewall administrator tell the device what to accept and what to reject.

16. A stateless firewall doesn't store analyzed information. It also doesn't discover suspicious trends like a stateful firewall does. For this reason, stateless firewalls are considered less secure than stateful firewalls.

17. A next-generation firewall, or NGFW, provides even more security than a stateful firewall.

An NGFW provides stateful inspection of incoming and outgoing traffic but also performs more in-depth security functions like deep packet inspection and intrusion protection.

18. The main benefits of an NGFW are deep packet inspection, intrusion protection, and threat intelligence.

19. That's it for today on firewalls.

Next time, I'll be discussing how VPNs work.

If you found my notes helpful, drop an email below -

papicreative.substack.com