Prevention Methods: Firewalls and Proxy Servers

This lesson covers firewalls and proxy servers as network security prevention methods, as required by OCR J277 Section 1.4. Both are essential components of a layered security approach.

---

Firewalls

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks (such as the internet).

How Firewalls Work

Firewalls examine data packets as they attempt to enter or leave the network. Each packet is checked against a set of rules, and the firewall decides whether to allow, block, or drop the packet.

Firewalls can filter traffic based on:

• IP addresses — Block traffic from specific sources or to specific destinations.
• Port numbers — Block or allow specific services (e.g. port 80 for HTTP, port 443 for HTTPS).
• Protocols — Allow or deny specific protocols (e.g. TCP, UDP).
• Packet content — Inspect the contents of packets for malicious data.

Types of Firewalls

Type	Description	Advantage	Disadvantage
Packet-filtering	Checks packet headers (source/destination IP, port)	Fast and simple	Cannot inspect packet content
Stateful inspection	Tracks the state of active connections	More secure — understands context	Slower than packet-filtering
Application-level (proxy)	Inspects packet content at the application layer	Most thorough inspection	Slowest — high processing overhead

Hardware vs Software Firewalls

Feature	Hardware Firewall	Software Firewall
Location	Sits between the network and the internet (physical device)	Installed on individual computers
Protection	Protects the entire network	Protects only the device it is installed on
Cost	More expensive	Often free or built into the OS
Example	Cisco ASA, dedicated router firewall	Windows Defender Firewall, iptables

OCR Exam Tip: In the exam, describe a firewall as "a security device or software that monitors and controls network traffic based on a set of rules." Make sure you mention that it can block unauthorised access while allowing legitimate traffic through.

---

What Firewalls Cannot Do

It is important to understand the limitations of firewalls:

• They cannot protect against threats that do not pass through the firewall (e.g. an infected USB drive).
• They cannot prevent social engineering attacks.
• They cannot stop attacks from inside the network (unless configured with internal rules).
• They cannot detect all types of malware hidden within allowed traffic.