Cybersecurity devices and technologies - Part 2

Firewall:
A firewall is like a security guard 💂🏻‍♀️ standing at the gate of your device or network. It decides which communication is allowed and which should be blocked.



Firewalls come in different types, depending on how deep they inspect traffic.

1. Network Layer Firewall (Layer 3)

This firewall works at the Network Layer of the OSI model. It filters traffic based on packet headers — mainly IP addresses, ports, and protocols.



Limitation:
It cannot see what is inside the packet.
So if a packet contains malware or harmful data, this firewall cannot detect it. It only sees the envelope, not the letter inside.

2. Transport Layer Firewall (Layer 4)

Also called a Layer 4 firewall, it filters based on information in the transport layer — especially TCP/UDP ports and connection states.

Primary Functions:
Port Filtering: Allows or blocks traffic to specific ports.
Stateful Inspection: Tracks active connections to ensure incoming packets belong to legitimate sessions.
TCP/UDP Control: Manages traffic based on protocol behaviour.
Session Management: Establishes, monitors, and terminates communication between hosts.



How it works:

  1. Reads packet headers up to the transport layer.

  2. Checks port numbers to identify the service.

  3. Verifies if the packet is part of a valid connection.

  4. Applies security rules to allow or block traffic.

3. Application Layer Firewall (Layer 7)

This firewall works at the topmost layer and is more powerful because it can inspect the actual data inside the packet — not just ports.



How it works:
It looks at application-level content (like HTTP requests) and applies rules to detect malicious payloads.

Key Benefits:
• Understands application structure and vulnerabilities.
• Protects against attacks like XSS, SQL Injection, and data theft.
• Helps enforce compliance requirements (e.g., protecting credit card data).

4. Context-Aware Firewall (Layer 7 – Advanced)

An enhanced version of the application firewall.
It doesn’t just look at packets — it understands:

• the user,
• the device,
• the role,
• the application,
• the threat profile.

This makes it far more intelligent in allowing or blocking traffic.

5. Proxy Server (Firewall-like behaviour)

A proxy server is not exactly a firewall, but behaves like one in some scenarios.

How it works:
Your device sends a request to the proxy, and the proxy forwards the request to the internet on your behalf. This hides your IP address, provides anonymity, and protects your identity from the web application.




6. Host-Based Firewall

Installed directly on your device.
Examples: Windows Defender Firewall, iptables.

It filters incoming and outgoing traffic specifically for that system, adding an extra layer of protection even if the network firewall fails.

Comments

Post a Comment