About Me
MikroTik Certified Internetworking Engineer (MTCINE)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 Network Devices
1-5 Network Topologies
2 MikroTik RouterOS Basics
2-1 Introduction to RouterOS
2-2 RouterOS Interface
2-3 Basic Configuration
2-4 User Management
2-5 System Logging
3 IP Addressing and Subnetting
3-1 IPv4 Addressing
3-2 Subnetting
3-3 IPv6 Addressing
3-4 IPv6 Subnetting
3-5 NAT and PAT
4 Routing
4-1 Static Routing
4-2 Dynamic Routing Protocols
4-3 OSPF
4-4 BGP
4-5 EIGRP
5 Wireless Networking
5-1 Wireless Basics
5-2 Wireless Security
5-3 Wireless Configuration
5-4 Wireless Bridging
5-5 Wireless Repeaters
6 VPN Technologies
6-1 VPN Basics
6-2 IPsec VPN
6-3 OpenVPN
6-4 L2TPPPTP
6-5 SSL VPN
7 Quality of Service (QoS)
7-1 QoS Basics
7-2 Traffic Shaping
7-3 Policing
7-4 Prioritization
7-5 Queue Types
8 Firewall and Security
8-1 Firewall Basics
8-2 Firewall Rules
8-3 NAT Rules
8-4 Filtering Rules
8-5 Hotspot and Captive Portal
9 Advanced Topics
9-1 VLANs
9-2 MPLS
9-3 High Availability
9-4 Load Balancing
9-5 Monitoring and Troubleshooting
8 Firewall and Security Explained

8 Firewall and Security Explained

Key Concepts

1. Firewall Overview

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet.

Example: Think of a firewall as a security guard at the entrance of a building. Just as a security guard controls who enters and exits, a firewall controls which network traffic is allowed to pass.

2. Packet Filtering

Packet filtering is a basic firewall technique that examines each packet of data as it passes through the firewall and decides whether to allow or deny it based on predefined rules. These rules typically include criteria such as source IP address, destination IP address, protocol, and port number.

Example: Consider packet filtering as a customs officer inspecting packages at an airport. Just as a customs officer checks packages for prohibited items, packet filtering checks network packets for unwanted traffic.

3. Stateful Inspection

Stateful inspection is an advanced firewall technique that not only examines individual packets but also tracks the state of active connections. It ensures that only packets that are part of an established connection are allowed, enhancing security by preventing unauthorized connections.

Example: Think of stateful inspection as a bouncer at a nightclub who not only checks IDs at the door but also keeps track of who is inside. Just as the bouncer ensures only authorized people are inside, stateful inspection ensures only legitimate network connections are active.

4. Application Layer Filtering

Application layer filtering, also known as deep packet inspection, examines the content of network packets at the application layer (e.g., HTTP, FTP, SMTP). It can block specific types of content, such as malware or inappropriate web content, based on predefined policies.

Example: Consider application layer filtering as a librarian who not only checks books for proper classification but also reads the content to ensure it is appropriate. Just as the librarian ensures only suitable books are available, application layer filtering ensures only appropriate network content is allowed.

5. NAT (Network Address Translation)

NAT is a technique used to map multiple private IP addresses to a single public IP address. It helps conserve public IP addresses and provides a level of security by hiding the internal network structure from external networks.

Example: Think of NAT as a hotel concierge who manages reservations for multiple guests under a single hotel name. Just as the concierge manages multiple guests, NAT manages multiple private IP addresses under a single public IP address.

6. VPN (Virtual Private Network)

A VPN creates a secure, encrypted connection over a less secure network, such as the internet. It allows remote users to access a private network securely, ensuring that data transmitted over the VPN is protected from unauthorized access.

Example: Consider a VPN as a secure tunnel that allows data to travel safely between two points, even if the path is through a public and potentially unsafe area. Just as a tunnel protects travelers, a VPN protects data.

7. Intrusion Detection and Prevention Systems (IDPS)

IDPS are security systems that monitor network traffic for suspicious activity and potential security breaches. They can alert administrators to potential threats and take action to prevent or mitigate attacks.

Example: Think of IDPS as a security camera system in a store. Just as security cameras monitor the store for suspicious activity, IDPS monitors the network for potential threats.

8. Firewall Policies and Rules

Firewall policies and rules define the conditions under which network traffic is allowed or denied. These rules are based on criteria such as source and destination IP addresses, protocols, ports, and time of day. Properly configured policies and rules are essential for effective firewall security.

Example: Consider firewall policies and rules as the laws that govern a city. Just as laws define what is allowed and what is not, firewall policies and rules define what network traffic is allowed and what is not.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.