Cambridge IGCSE ICT 0417 – Safety and Security: Firewall
Safety and Security – Firewall
What is a Firewall?
A firewall is a network security device—either hardware, software, or a combination of both—that monitors and controls incoming and outgoing network traffic based on an organisation’s previously established security rules.
Purpose of a Firewall
Protects computers and networks from unauthorised access.
Blocks malicious traffic such as viruses, worms, and hacking attempts.
Enforces the organisation’s security policy by allowing only permitted services.
Provides a barrier between a trusted internal network (LAN) and an untrusted external network (Internet).
Can be used to monitor traffic for auditing and troubleshooting purposes.
How a Firewall Works
Firewalls examine data packets that travel across a network and decide whether to allow or block them. The decision is based on:
Source and destination IP addresses – identifying where the packet is coming from and where it is going.
Port numbers – indicating which application or service the packet is intended for (e.g., HTTP uses port 80).
Protocol type – such as TCP, UDP, or ICMP.
State of the connection – for stateful firewalls, the device tracks whether a packet is part of an established session.
Content inspection – some firewalls inspect the actual data payload for known threats.
Common Types of Firewalls
Type
Description
Typical Use
Packet‑filtering firewall
Examines header information of each packet and applies rule‑sets based on IP address, port and protocol.
Small office/home office (SOHO) routers.
Stateful inspection firewall
Tracks the state of active connections and makes decisions based on the context of traffic, not just individual packets.
Enterprise perimeter security.
Proxy (application‑level) firewall
Acts as an intermediary for requests from clients seeking resources from other servers; inspects full content of traffic.
Web filtering and email security gateways.
Next‑generation firewall (NGFW)
Combines traditional firewall functions with deep packet inspection, intrusion prevention, and application awareness.
Advanced threat protection in large organisations.
Key Terms
DMZ (Demilitarised Zone) – A sub‑network that contains public‑facing services while keeping the internal LAN isolated.
Rule set – A collection of allow/deny statements that define the firewall’s behaviour.
Port forwarding – Redirecting traffic from one port on the firewall to a different port on an internal device.
Intrusion Detection System (IDS) – Monitors network traffic for suspicious activity; often integrated with firewalls.
VPN (Virtual Private Network) – Securely extends a private network across a public network; firewalls commonly manage \cdot PN connections.
Suggested Diagram
Suggested diagram: A simple network layout showing the Internet, a firewall, a DMZ with a web server, and the internal LAN with workstations.
Sample Exam Questions
Explain two main purposes of a firewall in an organisational network.
Describe the difference between a packet‑filtering firewall and a stateful inspection firewall.
Identify three pieces of information that a firewall uses to decide whether to allow a packet.
Why might an organisation place a web server in a DMZ rather than on the internal LAN?