Network Fundamentals: Firewalls, Hubs & Switches

Introduction to Firewalls

A firewall is a network security system (hardware or software) that acts as the first line of defense between internal systems and external networks. It forces all traffic through a single checkpoint where it monitors and controls incoming and outgoing data based on predefined rules.

lightbulb Real World Analogy

Think of a firewall as a Security Guard at a gated community or a club.

check_circle The guard checks your ID (IP Address).
check_circle They check if you are on the guest list (Allowed Ports/Protocols).
check_circle If you look suspicious or carry weapons (Malware/Payload), they deny entry.

Firewall in Computer Network

traffic Core Logic: The 3 Decisions

Accept Allows the traffic to pass through. check

Reject Blocks traffic & sends an error response ("Access Denied"). block

Drop Blocks silently without any response (Stealth Mode). do_not_disturb_on

science Live Simulation

Click a button to see how the firewall handles incoming packets based on different rules.

verified_user Why are Firewalls Essential?

lock

Prevent Unauthorized Access

Like a locked door, only trusted users are allowed in.
bug_report

Block Malicious Traffic

Stops viruses, phishing, and DoS attacks before they hit the system.
admin_panel_settings

Control Network Usage

Enforces workplace restrictions (e.g., blocking social media) or parental controls.
folder_shared

Protect Sensitive Data

Safeguards business and personal data from theft or accidental leaks.
visibility

Mitigate Insider Risks

Detects suspicious data exfiltration attempts from inside the network.

settings How it Works

1. Inspection

All data packets entering/leaving must pass through the firewall checkpoint.
2. Rule Check

It compares the packet against organization's predefined security rules.
3. Decision & Logging

Matches are Allowed/Blocked. Suspicious activity is logged and alerts are sent.

warning

The "Default Policy" Concept

Since you can't write a rule for everything, a firewall needs a default action for unknown traffic.

Best Practice: Set Default Policy to DROP or REJECT. Only explicitly allowed traffic gets in.

Types of Firewalls

router

1. Network Placement

Packet Filtering Firewall
Stateful Inspection Firewall
Proxy Firewall (App Level)
Circuit-Level Gateway
Web App Firewall (WAF)
Next-Gen Firewall (NGFW)

devices

2. Systems Protected

Network Firewall: Protects the entire network.
Host-Based Firewall: Installed on a single computer/server (e.g., Windows Firewall).

filter_alt

3. Data Filtering

Perimeter Firewall
Internal Firewall
Distributed Firewall

memory

4. Form Factors

Hardware: Physical appliance (e.g., Cisco ASA).
Software: Installed program (e.g., pfSense, ZoneAlarm).

school

If asked by an interviewer:

"How does a firewall actually filter traffic?"

1. Packet Filtering (Stateless)

Basic. Checks header (IP/Port) against rules. No memory of context.

2. Stateful Inspection

Advanced. Remembers active connection states. If you requested data, the reply is automatically allowed.

Pro Answer Tip: Mention Default Policy (Drop/Reject) and Next-Generation Firewalls (NGFW) which inspect Layer 7 (Application) data to block specific apps like Facebook Games.

Hub vs. Switch

Both devices connect multiple computers (nodes) to create a network. The difference lies in their intelligence. A Hub is "dumb" and blindly broadcasts data. A Switch is "smart" and sends data only to the intended recipient.

Hub Analogy: The Shouting Match

Imagine a room where to speak to Bob, you stand on a table and shout. Everyone hears you, but only Bob responds. This causes noise (collisions) and security issues.

Switch Analogy: The Phone System

You dial Bob's direct number. A private line is established. No one else hears the conversation. It's efficient, private, and collision-free.

Packet Flow Simulator

Click play to see how data flows

Feature	Hub (Layer 1)	Switch (Layer 2)
Data Transmission	Broadcasts to ALL ports.	Unicasts to SPECIFIC port (using MAC address).
Duplex Mode	Half-Duplex (Send OR Receive, not both).	Full-Duplex (Send AND Receive simultaneously).
Bandwidth	Shared among all users (Slow).	Dedicated per port (Fast).
Intelligence	Dumb device. No storage.	Smart device. Stores MAC Address Table (CAM).

psychology

If asked by an interviewer:

"Why would you choose a Switch over a Hub?"

"I would always choose a Switch because it operates at Layer 2 (Data Link Layer) and uses MAC addresses to intelligently direct traffic. This creates separate collision domains for each port, allowing for full-duplex communication and better security. A Hub, operating at Layer 1, is obsolete because it blindly broadcasts data, causing collisions and wasting bandwidth."

Collision Domains Broadcast Domains ASIC MAC Table

Introduction to Firewalls

lightbulb Real World Analogy

traffic Core Logic: The 3 Decisions

science Live Simulation

verified_user Why are Firewalls Essential?

Prevent Unauthorized Access

Block Malicious Traffic

Control Network Usage

Protect Sensitive Data

Mitigate Insider Risks

settings How it Works

1. Inspection

2. Rule Check

3. Decision & Logging

The "Default Policy" Concept

Types of Firewalls

1. Network Placement

2. Systems Protected

3. Data Filtering

4. Form Factors

If asked by an interviewer:

"How does a firewall actually filter traffic?"

1. Packet Filtering (Stateless)

2. Stateful Inspection

Hub vs. Switch

Hub Analogy: The Shouting Match

Switch Analogy: The Phone System

Packet Flow Simulator

If asked by an interviewer:

"Why would you choose a Switch over a Hub?"