Prevention Methods: Firewalls and Proxy Servers

This lesson covers firewalls and proxy servers as network security prevention methods, as required by OCR J277 Section 1.4. Both are essential components of a layered security approach.

---

Firewalls

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks (such as the internet).

How Firewalls Work

Firewalls examine data packets as they attempt to enter or leave the network. Each packet is checked against a set of rules, and the firewall decides whether to allow, block, or drop the packet.

Firewalls can filter traffic based on:

• IP addresses — Block traffic from specific sources or to specific destinations.
• Port numbers — Block or allow specific services (e.g. port 80 for HTTP, port 443 for HTTPS).
• Protocols — Allow or deny specific protocols (e.g. TCP, UDP).
• Packet content — Inspect the contents of packets for malicious data.

The flowchart below traces a single packet as it is checked against an ordered rulebook.

flowchart TD
  A[Incoming Packet] --> B{"Match Rule 1?<br/>Allow port 443"}
  B -- Yes --> P[Allow / Forward]
  B -- No --> C{"Match Rule 2?<br/>Allow SMTP from mail server"}
  C -- Yes --> P
  C -- No --> D{"Match Rule 3?<br/>Inbound 443 to web server"}
  D -- Yes --> P
  D -- No --> E["Default Deny:<br/>Drop and log"]
  style P fill:#d4f4dd
  style E fill:#fde2e2

Types of Firewalls

Type	Description	Advantage	Disadvantage
Packet-filtering	Checks packet headers (source/destination IP, port)	Fast and simple	Cannot inspect packet content
Stateful inspection	Tracks the state of active connections	More secure — understands context	Slower than packet-filtering
Application-level (proxy)	Inspects packet content at the application layer	Most thorough inspection	Slowest — high processing overhead

Hardware vs Software Firewalls

Feature	Hardware Firewall	Software Firewall
Location	Sits between the network and the internet (physical device)	Installed on individual computers
Protection	Protects the entire network	Protects only the device it is installed on
Cost	More expensive	Often free or built into the OS
Example	Cisco ASA, dedicated router firewall	Windows Defender Firewall, iptables

OCR Exam Tip: In the exam, describe a firewall as "a security device or software that monitors and controls network traffic based on a set of rules." Make sure you mention that it can block unauthorised access while allowing legitimate traffic through.

---

What Firewalls Cannot Do

It is important to understand the limitations of firewalls:

• They cannot protect against threats that do not pass through the firewall (e.g. an infected USB drive).
• They cannot prevent social engineering attacks.
• They cannot stop attacks from inside the network (unless configured with internal rules).
• They cannot detect all types of malware hidden within allowed traffic.

This is why firewalls are part of a layered security approach — no single measure provides complete protection.

---

Proxy Servers

A proxy server acts as an intermediary between a user's device and the internet. When a user requests a web page, the request goes to the proxy server first, which then forwards it to the web server on the user's behalf.

How Proxy Servers Work

1. The user's computer sends a request to the proxy server.
2. The proxy server forwards the request to the destination web server.
3. The web server responds to the proxy server.
4. The proxy server forwards the response back to the user.

The destination web server sees the proxy's IP address, not the user's. This provides anonymity for the user.

Security Benefits of Proxy Servers

Benefit	Explanation
Anonymity	Hides the user's real IP address from external servers
Content filtering	Can block access to certain websites (e.g. social media in schools)
Caching	Stores copies of frequently visited pages, reducing bandwidth and improving speed
Logging	Records all web traffic for monitoring and auditing
Malware scanning	Can scan incoming traffic for malicious content

Security Limitations of Proxy Servers

• Encrypted (HTTPS) traffic may not be fully inspectable.
• A compromised proxy server becomes a single point of failure.
• Users may find ways to bypass proxy settings.
• Does not protect against all attack types (e.g. email-based phishing).

OCR Exam Tip: A common exam question asks you to describe how a proxy server improves security. Key points: it hides internal IP addresses, filters content, caches web pages, and logs internet usage. Do not confuse a proxy server with a firewall — a proxy handles web requests, while a firewall filters all network traffic.

---

Firewalls vs Proxy Servers

Feature	Firewall	Proxy Server
Primary purpose	Filter network traffic	Act as intermediary for web requests
Operates at	Network/transport/application layer	Application layer
Hides IP addresses	Not primarily	Yes — hides internal IPs
Content filtering	Basic (port/IP-based)	Advanced (URL/content-based)
Caching	No	Yes
Logging	Yes (network traffic)	Yes (web activity)

---

Summary

Firewalls and proxy servers are both essential network security tools. Firewalls monitor and control network traffic based on rules, while proxy servers act as intermediaries that provide anonymity, content filtering, and caching. Both have limitations, which is why organisations use multiple security measures together in a layered approach. For the OCR J277 exam, make sure you can explain how each works, their benefits, and their limitations.

---

Worked Example: How a Firewall Rule Stops a Packet

Picture a small accountancy firm whose office network sits behind a hardware firewall. The firewall has a short rulebook that the IT manager maintains. The rules are processed in order and the first matching rule decides what happens to the packet.