A firewall is a network security system — implemented in hardware, software, or both — that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between trusted internal networks and untrusted external networks (such as the internet), blocking or permitting traffic according to policies defined by an administrator. Modern firewalls have evolved from simple packet filters to stateful inspection firewalls and next-generation firewalls (NGFW) capable of deep packet inspection, application awareness, and intrusion prevention.
| Type | Operates At | Inspection Method | Strength | Limitation |
|---|---|---|---|---|
| Packet Filter | Network Layer (L3) | Header fields only | Fast, low overhead | No state awareness |
| Stateful Inspection | Transport Layer (L4) | Connection state table | Tracks sessions | No app-layer visibility |
| Application Gateway | Application Layer (L7) | Full payload inspection | Deep inspection | High latency |
| NGFW | All layers | DPI + IPS + App ID | Comprehensive | Expensive |
| Cloud Firewall | All layers | Cloud-managed rules | Scalable | Vendor dependency |
Wikimedia Commons, CC BY-SA
Encryption is the process of converting plaintext (readable data) into ciphertext (scrambled data) using a cryptographic algorithm and a key, so that only authorised parties with the corresponding decryption key can read the original message. Symmetric encryption uses the same key for encryption and decryption (e.g., AES), while asymmetric encryption uses a public-private key pair (e.g., RSA). Encryption is fundamental to securing data in transit (HTTPS, VPN) and data at rest (encrypted hard drives, databases).
Network routing is the process by which routers select the optimal path for data packets to travel from a source to a destination across one or more networks. Routers maintain routing tables — databases of known network paths — and use routing protocols such as OSPF, BGP, and RIP to dynamically discover and share path information. Routing decisions are based on metrics including hop count, bandwidth, latency, and cost, ensuring efficient and reliable delivery of data across complex internetworks.
TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic protocols designed to provide secure communication over a computer network, most commonly the internet. TLS establishes an encrypted channel between two parties through a handshake process that authenticates the server (and optionally the client) using digital certificates, negotiates encryption algorithms, and exchanges session keys via public key cryptography. It is the security layer behind HTTPS, securing web browsing, email, messaging, and VoIP communications.
The term "firewall" was borrowed from construction and firefighting, where a firewall is a fire-resistant barrier designed to prevent fire from spreading between compartments of a building. Its use in computing was popularised in the late 1980s and early 1990s as internet security became critical. The metaphor reflects the idea of containing dangerous traffic.