Firewall

2.2 Given a scenario, configure servers to use network infrastructure services.

📘CompTIA Server+ (SK0-005) 

Overview

A firewall is a network security device or software that controls incoming and outgoing network traffic based on a set of security rules. Think of it as a gatekeeper for your server or network. Firewalls help protect servers from unauthorized access, attacks, and malware.

Firewalls can be implemented in several ways:

  1. Hardware Firewall – A physical device placed between your internal network and the Internet.
  2. Software Firewall – Installed directly on a server or computer to filter traffic.
  3. Network Firewall – Usually at the edge of a network, controlling traffic between your internal network and external networks.
  4. Host-based Firewall – Runs on a server to protect that specific server from threats.

Purpose of a Firewall in Servers

  1. Control Traffic: Firewalls can allow or block traffic based on protocols, IP addresses, or ports.
  2. Prevent Unauthorized Access: Stops hackers or unauthorized users from connecting to sensitive services.
  3. Protect Services: Ensures only approved applications (like web servers or email servers) can communicate through the network.
  4. Monitor Network Activity: Many firewalls can log traffic and alert administrators of suspicious activity.

Example: A server hosting a web application should only allow traffic on port 80 (HTTP) and 443 (HTTPS). A firewall blocks all other ports, preventing unauthorized services from being accessed.

Understanding Ports

In networking, a port is a numerical identifier for a specific type of network service or application on a server. When data reaches a server, the port number tells the server which service should handle the traffic.

Port Basics

  • Ports range from 0 to 65535.
  • Ports are divided into three ranges:
Port RangeTypePurpose
0 – 1023Well-known portsCommon protocols like HTTP (80), HTTPS (443), FTP (21), SSH (22)
1024 – 49151Registered portsAssigned to specific services or applications, like Microsoft SQL Server (1433)
49152 – 65535Dynamic/Private portsTemporary ports used for client-side connections, like when your server initiates a connection

Common Ports for Server Services

ServicePort NumberProtocol
HTTP80TCP
HTTPS443TCP
SSH22TCP
FTP21TCP
SMTP (email)25TCP
DNS53TCP/UDP
DHCP67/68UDP
RDP3389TCP
SNMP161UDP

Note for Exam: You might be asked which port a service uses or how to allow/block it through a firewall.

Firewall Rules

Firewalls operate using rules. A rule is a condition that either allows or blocks traffic. Rules usually include:

  1. Source IP/Network – Where the traffic is coming from.
  2. Destination IP/Network – Where the traffic is going.
  3. Port/Service – Which service or port the rule applies to.
  4. Action – Allow or Deny.

Example Rule:

  • Allow TCP port 80 and 443 from any IP → this allows users to access the web server.
  • Deny all other ports from external networks → blocks all other connections for security.

Stateful vs Stateless Firewalls

  • Stateful Firewall: Tracks the state of active connections and allows return traffic automatically.
  • Stateless Firewall: Checks each packet individually without tracking connection state.

Exam Tip: Most server environments use stateful firewalls because they are smarter and safer for complex services.

Port-Based Firewall Management

  1. Opening Ports: Needed when a service on your server should be accessible externally.
    • Example: Opening TCP port 443 for your HTTPS web server.
  2. Closing Ports: Blocks services that should not be exposed, reducing attack surface.
    • Example: Closing TCP port 21 if you no longer run an FTP server.
  3. Port Forwarding: Redirects traffic from one port to another, often used in NAT environments.

Practical Server Scenario Example

Imagine a company has a server running multiple services:

  • Web server (HTTP/HTTPS) → Ports 80 & 443
  • Email server (SMTP/IMAP) → Ports 25 & 143
  • Remote server management (SSH) → Port 22

A firewall configuration might:

  • Allow inbound TCP 80 & 443 from any IP → public web access
  • Allow TCP 22 only from the IT department IP → secure admin access
  • Block all other inbound traffic → prevent unauthorized access

This ensures only the required services are exposed and reduces the risk of attacks.

Exam Key Points to Remember

  1. Firewalls filter traffic based on IP, protocol, and port.
  2. Ports identify specific services on a server.
  3. Well-known ports are 0–1023, registered ports are 1024–49151, dynamic ports are 49152–65535.
  4. Common ports to remember:
    • HTTP → 80
    • HTTPS → 443
    • SSH → 22
    • FTP → 21
    • SMTP → 25
  5. Firewall rules have source, destination, port, and action.
  6. Stateful firewalls track connections; stateless firewalls do not.
  7. Always open only required ports and close/block unused ports for security.
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by