"/home/yossef/notes/Su/security/study_security_l9.md"

path: Su/security/study_security_l9.md

- **fileName**: study_security_l9
- **Created on**: 2025-06-02 21:34:08

Firewalls Explained Simply

What is a Firewall?

A firewall is like a security guard for your network that controls what traffic
can enter or leave based on set rules. It sits between your private network
and the public internet.

Key Functions:

1. Blocks unauthorized access
2. Allows legitimate traffic
3. Monitors network activity

Firewall Policy Types

Blacklist Approach (Default Allow)

• How it works: Allows all traffic except what's on the "bad list"
• Example: Blocking known hacker IPs
• Pros: Easy to set up
• Cons: New threats can slip through

Whitelist Approach (Default Deny)

• How it works: Blocks all traffic except what's on the "approved list"
• Example: Only allowing web browsing (port 80/443)
• Pros: More secure
• Cons: Requires more maintenance

Firewall Types

1. Packet-Filtering Firewall

• Checks basic info like IP addresses and ports
• Example: Allow all traffic from 192.168.1.0/24 to port 80
• Limitation: Can't inspect content

2. Application-Level Gateway

• Understands specific applications (HTTP, FTP)
• Example: Block Facebook but allow other websites
• Benefit: Can filter content

3. Circuit-Level Gateway

• Monitors TCP handshakes
• Example: Allow established connections only

Stateful vs Stateless

Blacklist approach (default-allow)

• All packets are allowed through except those that fit the rules
  defined specifically in a blacklist.
• Pros: flexible in ensuring that service to the internal network
  is not disrupted by the firewall
• Cons: unexpected forms of malicious traffic could go
  through

Whitelist approach (default- deny)

• Packets are dropped or rejected unless they are specifically
  allowed by the firewall

• Pros: A safer approach for defining a firewall ruleset

• Cons: must consider all possible legitimate traffic in rulesets

  continue:[[]]
  before:./study_security_l8.md