Professional Documents
Culture Documents
Firewall
What is Firewall?
Firewall is a network security device that observes and filters incoming and outgoing network
traffic, adhering to the security policies defined by an organization. Essentially, it acts as a
protective wall between a private internal network and the public Internet. Firewalls are used
to secure a computer network. Firewalls are network security systems that prevent
unauthorized access to a network. It can be a hardware or software unit that filters the incoming
and outgoing traffic within a private network, according to a set of rules to spot and
prevent cyber attacks. Firewalls are used in enterprise and personal settings. They are a vital
component of network security. Most operating systems have a basic built-in firewall.
However, using a third-party firewall application provides better protection.
Types of Firewall
A firewall can either be software or hardware. Software firewalls are programs installed on
each computer, and they regulate network traffic through applications and port numbers.
Meanwhile, hardware firewalls are the equipment established between the gateway and your
network. Additionally, firewalls delivered by a cloud solution can be called as a cloud firewall.
There are multiple types of firewalls based on their traffic filtering methods, structure, and
functionality. A few of the types of firewalls are:
• Proxy Service Firewall: This type of firewall protects the network by filtering
messages at the application layer. For a specific application, a proxy firewall serves as
the gateway from one network to another.
• Stateful Inspection: Such a firewall permits or blocks network traffic based on state,
port, and protocol. Here, it decides filtering based on administrator-defined rules and
context.
• Next-Generation Firewall: According to Gartner, Inc.’s definition, the next-generation
firewall is a deep-packet inspection firewall that adds application-level inspection,
intrusion prevention, and information from outside the firewall to go beyond
port/protocol inspection and blocking.
• Unified Threat Management (UTM) Firewall: A UTM device generally integrates
the capabilities of a stateful inspection firewall, intrusion prevention, and antivirus in a
loosely linked manner. It may include additional services and, in many cases, cloud
management. UTMs are designed to be simple and easy to use.
• Threat-Focused NGFW: These firewalls provide advanced threat detection and
mitigation. With network and endpoint event correlation, they may detect evasive or
suspicious behavior.
How does a firewall works?
1
As mentioned previously, firewalls filter the network traffic within a private network. It
analyses which traffic should be allowed or restricted based on a set of rules. Think of
the firewall like a gatekeeper at computer’s entry point which only allows trusted sources, or
IP addresses, to enter a network. A firewall welcomes only those incoming traffic that has been
configured to accept. It distinguishes between good and malicious traffic and either allows or
blocks specific data packets on pre-established security rules. These rules are based on several
aspects indicated by the packet data, like their source, destination, content, and so on. They
block traffic coming from suspicious sources to prevent cyber attacks. For example, the image
depicted below shows how a firewall allows good traffic to pass to the user’s private network.
2
• Firewalls can incorporate a security information and event management strategy
(SIEM) into cyber security devices concerning modern organizations and are installed
at the network perimeter of organizations to guard against external threats as well as
insider threats.
• Firewalls can perform logging and audit functions by identifying patterns and
improving rules by updating them to defend the immediate threats.
• Firewalls can be used for a home network, Digital Subscriber Line (DSL), or cable
modem having static IP addresses. Firewalls can easily filter traffic and can signal the
user about intrusions.
• They are also used for antivirus applications.
• When vendors discover new threats or patches, the firewalls update the rule sets to
resolve the vendor issues.
• In-home devices, we can set the restrictions using Hardware/firmware firewalls.
Proxy Server
What is a Proxy Server?
A proxy server acts as a gateway between user and the internet. It’s an intermediary server
separating end users from the websites they browse. Proxy servers provide varying levels of
functionality, security, and privacy depending on use case, needs, or company policy. When
network users use a proxy server, internet traffic flows through the proxy server on its way to
the address they requested. The request then comes back through that same proxy server (there
are exceptions to this rule), and then the proxy server forwards the data received from the
website to intended user.
How Does a Proxy Server Operate?
Every computer on the internet needs to have a unique Internet Protocol (IP) Address. Think
of this IP address as user’s computer’s street address. Just as the post office knows to deliver
user mail to user’s street address, the internet knows how to send the correct data to the correct
computer by the IP address.
A proxy server is basically a computer on the internet with its own IP address that your
computer knows. When you send a web request, your request goes to the proxy server first.
The proxy server then makes your web request on your behalf, collects the response from the
web server, and forwards you the web page data so you can see the page in your browser. When
the proxy server forwards your web requests, it can make changes to the data you send and still
get you the information that you expect to see. For example
• A proxy server can change your IP address, so the web server doesn’t know exactly
where you are in the world.
• It can encrypt your data, so your data is unreadable in transit.
3
• And lastly, a proxy server can block access to certain web pages, based on IP address.
4
live in North Carolina. Several governments around the world closely monitor and
restrict access to the internet, and proxy servers offer their citizens access to an
uncensored internet.
5
IDS vs. IPS: Differences & Similarities
Let's examine how they're alike and what sets them apart. Both systems can:
• Monitor: After setup, these programs can look over traffic within parameters you
specify, and they will work until you turn them off.
• Alert: Both programs will send a notification to those you specify when a problem has
been spotted.
• Learn: Both can use machine learning to understand patterns and emerging threats.
• Log: Both will keep records of attacks and responses, so you can adjust your protections
accordingly.
6
makes it more difficult for third parties to track activities online and steal data. The encryption
takes place in real time.
Benefits of VPN
A VPN connection disguises user data traffic online and protects it from external access.
Unencrypted data can be viewed by anyone who has network access and wants to see it. With
a VPN, hackers and cyber criminals can’t decipher this data.
• Secure encryption: To read the data, you need an encryption key . Without one, it
would take millions of years for a computer to decipher the code in the event of a brute
force attack . With the help of a VPN, your online activities are hidden even on public
networks.
• Disguising your whereabouts: VPN servers essentially act as your proxies on the
internet. Because the demographic location data comes from a server in another
country, your actual location cannot be determined. In addition, most VPN services do
not store logs of your activities. Some providers, on the other hand, record your
behavior, but do not pass this information on to third parties. This means that any
potential record of your user behavior remains permanently hidden.
• Access to regional content: Regional web content is not always accessible from
everywhere. Services and websites often contain content that can only be accessed from
certain parts of the world. Standard connections use local servers in the country to
determine your location. This means that you cannot access content at home while
traveling, and you cannot access international content from home. With VPN location
spoofing, you can switch to a server to another country and effectively “change” your
location.
• Secure data transfer: If you work remotely, you may need to access important files on
your company’s network. For security reasons, this kind of information requires a
secure connection. To gain access to the network, a VPN connection is often required.
VPN services connect to private servers and use encryption methods to reduce the risk
of data leakage.
7
What should a good VPN do?
You should rely on your VPN to perform one or more tasks. The VPN itself should also be
protected against compromise. These are the features you should expect from a comprehensive
VPN solution:
• Encryption of your IP address: The primary job of a VPN is to hide your IP address
from your ISP and other third parties. This allows you to send and receive information
online without the risk of anyone but you and the VPN provider seeing it.
• Encryption of protocols: A VPN should also prevent you from leaving traces, for
example, in the form of your internet history, search history and cookies. The encryption
of cookies is especially important because it prevents third parties from gaining access
to confidential information such as personal data, financial information and other
content on websites.
• Kill switch: If your VPN connection is suddenly interrupted, your secure connection
will also be interrupted. A good VPN can detect this sudden downtime and terminate
preselected programs, reducing the likelihood that data is compromised.
• Two-factor authentication: By using a variety of authentication methods, a strong
VPN checks everyone who tries to log in. For example, you might be prompted to enter
a password, after which a code is sent to your mobile device. This makes it difficult for
uninvited third parties to access your secure connection.