Know and understand firewall including its purpose

Safety and Security – Firewalls

1. What is a Firewall?

  • A firewall is a security device that monitors and controls network traffic. It can be:

    • Hardware – a dedicated appliance placed at the network edge.

    • Software – a program running on a computer, server or mobile device (also called a host‑based firewall).

    • Hybrid – a combination of both.

  • It decides which data packets may pass between an internal trusted network (e.g. a LAN) and an external un‑trusted network (e.g. the Internet) according to a set of rules defined by the organisation.

2. Why Use a Firewall? (Purpose)

  • Prevent unauthorised access to computers, services and data.

  • Block or limit malicious traffic such as viruses, worms, hacking attempts and denial‑of‑service attacks.

  • Enforce the organisation’s security policy – only permitted services are allowed.

  • Provide a barrier between a trusted LAN and the Internet (or any other un‑trusted network).

  • Support legal compliance – the Data Protection Act (UK) / GDPR requires personal data to be kept “confidential, secure and protected from unauthorised access”. A firewall helps meet this duty by restricting external access and logging traffic.

  • Enable auditing and troubleshooting through detailed logs of allowed and blocked traffic.

3. How a Firewall Works

Firewalls examine each data packet and apply a rule set. The decision is based on:

  1. Source and destination IP addresses – where the packet comes from and where it is going.

  2. Port numbers – identify the application or service (e.g. HTTP = port 80, HTTPS = port 443).

  3. Protocol type – TCP, UDP, ICMP, etc.

  4. Connection state – stateful firewalls track whether a packet belongs to an existing, authorised session.

  5. Content inspection – deep‑packet inspection (DPI) looks inside the payload for known threats or prohibited content.

  6. Intrusion‑detection/prevention (IDS/IPS) – many modern firewalls include IDS/IPS engines that raise alerts or automatically block suspicious patterns.

4. Hardware vs. Software (Host‑Based) Firewalls

AspectHardware FirewallSoftware / Host‑Based Firewall
FormDedicated physical appliance, usually at the network edge.Program or service installed on a PC, server, laptop or mobile device.
PerformanceHigh throughput; can handle many simultaneous connections.Depends on the host’s CPU and memory; may affect host performance under heavy load.
ManagementCentralised management for the whole network.Managed per device; useful for personal computers, remote workers, or as an additional layer on servers.
Typical UseEnterprise perimeter, data‑centre, ISP gateway.Home PCs, laptops, smartphones, or as a second line of defence on servers.

5. Types of Firewalls

TypeDescriptionTypical UseThreats Mitigated
Packet‑filtering firewallInspects only the packet header; rules are based on IP address, port and protocol.SOHO routers, basic ISP gateways.Simple port scans, IP‑based probing.
Stateful inspection firewallTracks the state of active connections and makes decisions using session context.Enterprise perimeter security.TCP session hijacking, spoofed packets, many DoS attempts.
Proxy (application‑level) firewallActs as an intermediary; terminates the client connection, inspects full application data, then forwards it.Web‑filtering gateways, email security appliances.Malware hidden in web pages or email, protocol‑specific attacks, content‑based threats.
Next‑generation firewall (NGFW)Combines packet‑filtering/stateful inspection with DPI, intrusion‑prevention and application awareness.Large organisations needing advanced threat protection.Advanced persistent threats, zero‑day exploits, encrypted‑traffic attacks (when SSL/TLS inspection is enabled).
Host‑based (software) firewallRuns on an individual computer; controls inbound and outbound traffic for that host only.Personal computers, laptops, servers, mobile devices.Local malware communication, unauthorised remote access to the host.

6. Key Network Terms

  • DMZ (Demilitarised Zone) – A sub‑network that hosts public‑facing services (web, mail, FTP) while keeping the internal LAN isolated.

  • Rule set – A collection of allow/deny statements that define the firewall’s behaviour.

  • Port forwarding – Redirects traffic arriving on a specific external port to a different internal IP address/port.

  • Intrusion Detection/Prevention System (IDS/IPS) – Monitors traffic for suspicious activity; often integrated with modern firewalls.

  • VPN (Virtual Private Network) – Creates an encrypted tunnel over the Internet; firewalls commonly manage and protect VPN connections.

  • SSL/TLS – Protocols that encrypt data in transit. An NGFW can be configured to decrypt (inspect) SSL/TLS traffic, but encryption itself is a separate security layer.

7. Firewalls and Data‑Protection Legislation

Data‑protection laws (e.g., the UK Data Protection Act 2018 and GDPR) require organisations to keep personal data:

  • Confidential, secure and protected from unauthorised access.

  • Available only to those with a legitimate need.

A firewall contributes to compliance by:

  • Restricting external access to systems that store personal data.

  • Providing detailed logs that can be used as evidence of security measures.

  • Preventing malware that could exfiltrate personal data.

  • Supporting a “defence‑in‑depth” approach together with encryption, strong passwords and regular updates.

8. Complementary e‑Safety Measures (Defence‑in‑Depth)

  • Strong password policies – regular changes, minimum length, mixture of character types.

  • Anti‑malware / antivirus software – scans files that may bypass the firewall.

  • Regular software updates and patches – close vulnerabilities that firewalls cannot block.

  • Safe browsing habits – avoid suspicious links and untrusted downloads.

  • Two‑factor authentication (2FA) – adds a second verification step for remote access.

  • Encryption (SSL/TLS, VPN) – protects data in transit; firewalls can inspect encrypted traffic only after decryption.

9. Simple Configuration Example – Home Router Firewall

  1. Log in to the router’s web interface (e.g., http://192.168.1.1).

  2. Navigate to Security → Firewall → Rule Set.

  3. Click “Add New Rule”.

  4. Enter the following details:

    • Action: Block

    • Direction: Inbound

    • Protocol: TCP

    • Port: 23 (Telnet – rarely needed)

    • Source IP: Any

    • Destination IP: Any

  5. Save the rule, apply changes, and document the rule (purpose, owner, review date) in a security log.

  6. The router will now reject any inbound Telnet attempts, reducing the risk of unauthorised remote access.

10. Suggested Diagram – Network Layout

Label the diagram for a typical small‑to‑medium organisation:

Internet

Firewall

DMZ

Web / Mail Server

Internal LAN

Workstations, File Server

VPN Tunnel

11. Sample Exam Questions (IGCSE ICT)

  1. Explain two main purposes of a firewall in an organisational network.

  2. Describe the difference between a packet‑filtering firewall and a stateful inspection firewall.

  3. Identify three pieces of information that a firewall uses to decide whether to allow a packet.

  4. Why might an organisation place a web server in a DMZ rather than on the internal LAN?

  5. Match each firewall type to its typical feature:

    • Inspects full application data –

    • Tracks connection state –

    • Uses simple rule sets based on IP and port –

  6. Briefly outline how a firewall helps an organisation comply with data‑protection legislation.

  7. List two e‑safety measures that should be used together with a firewall to protect personal data.

  8. State one advantage and one limitation of a host‑based (software) firewall compared with a hardware firewall.