🔒

Network Security Overview

Sep 2, 2025

Overview

This lecture covers access control lists (ACLs), firewall rules, content and URL filtering, screened subnets, and the use of security zones in network security.

Access Control Lists (ACLs)

  • An ACL is a list that defines allowed and disallowed network traffic based on various criteria.
  • ACL rules can combine source/destination IPs, ports, times, or applications for complex filtering.
  • Groups of IPs can be allowed or denied as part of an ACL.
  • ACLs are implemented on routers, firewalls, operating systems, and other devices needing access decisions.

Firewall Rules and Policies

  • Firewalls use security policies, an advanced form of ACL, detailing rule name, zones, addresses, ports, and usernames.
  • Firewall rule sets are processed from top to bottom; the first matching rule is applied.
  • Specific rules are placed above general ones to ensure priority handling.
  • If no rule matches, an implicit deny blocks the traffic by default.

Example Firewall Rule Set

  • Rules commonly allow specific ports: 22 (SSH), 80 (HTTP), 443 (HTTPS), 3389 (RDP), 53 (DNS/UDP), and 123 (NTP/UDP).
  • ICMP (Ping) can be explicitly denied in a rule.
  • Port and IP filtering enhance but do not complete a security posture.

URL and Content Filtering

  • URL filtering blocks or allows access to specific URLs or categories (e.g., auction, hacking, recreation).
  • Filtering by category simplifies management over blocking individual URLs.
  • Users may attempt to bypass URL filters, requiring integration with firewall rules.
  • Content filtering inspects data for sensitive or inappropriate material, often used for document protection, NSFW content, or malware detection.

Screened Subnets (DMZ)

  • A screened subnet (demilitarized zone) separates public-facing services from the internal network.
  • Visitors can access public servers in the screened subnet but are isolated from internal resources.

Security Zones in Firewalls

  • Zones simplify firewall policies by grouping parts of the network (e.g., trusted, untrusted, internal, external).
  • Rules can allow or deny traffic between zones without specifying individual IPs or ports.
  • More zones (e.g., inside, server, database, screened subnet) add granularity to firewall controls.

Key Terms & Definitions

  • Access Control List (ACL) — A set of rules controlling network traffic based on specified criteria.
  • Implicit Deny — Default action to block traffic if no firewall rule matches.
  • Screened Subnet (DMZ) — Isolated network area for public-facing services.
  • URL Filtering — Restricting access based on website addresses or categories.
  • Content Filtering — Blocking data based on the presence of specified content.
  • Security Zone — Logical network segment used in firewall rules for policy application.

Action Items / Next Steps

  • Review firewall rules and experiment with creating specific and general rules in practice labs.
  • Read about additional filtering techniques and zone-based firewall configurations.

Full transcript