What is a Firewall?
A firewall is a security device or software that controls network traffic. Think of it as a security guard at a building entrance — every packet is checked: Who sent it? Where is it going? Is it authorized? A firewall can Allow (permit traffic meeting rules), Block (reject traffic violating rules), or Log (record traffic for auditing). Without a firewall, everything on your network is exposed directly to the internet.
Types of Firewalls
Firewalls have evolved significantly. A Packet Filtering Firewall checks source IP, destination IP, port, and protocol against static rules — fast but unaware of connection context. A Stateful Firewall tracks active connections and automatically allows legitimate responses back in. A Next Generation Firewall (NGFW) goes further — inspecting applications, users, malware signatures, and website content for deep threat prevention.
Packet Filtering
Checks IP, port, protocol per-packet. Fast and simple but has no knowledge of connection state.
Stateful
Tracks connection sessions. Allows return traffic automatically — more secure than basic filtering.
NGFW
Inspects applications, users, and malware. Provides visibility and control across modern threats.
What is a VPN?
VPN — Virtual Private Network — is one of the most misunderstood networking technologies. The internet is a public network: your traffic passes through your ISP and many unknown routers before reaching its destination. A VPN creates an encrypted tunnel between your device and a VPN server, hiding the contents of your traffic from anyone in between.
It is called "Virtual" because no dedicated cable exists — the private connection is created logically across the shared public internet. A classic enterprise use case: a bank employee working from home connects via VPN so their laptop behaves as if it were physically inside the office network, accessing internal resources that are otherwise unreachable.
SSH — Secure Shell
SSH provides secure remote command-line access over an encrypted connection. Default port:
22.
Before SSH, Telnet was used — but Telnet sent everything in plain text, making credentials trivially
interceptable. SSH replaced it entirely. With SSH you can execute commands, manage servers, transfer files,
configure systems, and run scripts on a remote machine as if you were sitting in front of it.
FTP — File Transfer Protocol
FTP transfers files between systems on ports
20
(data) and
21
(control). Critical problem: FTP transmits usernames, passwords, and file contents in plain text —
anyone intercepting the traffic can read everything. FTP should not be used over untrusted networks.
SFTP — SSH File Transfer Protocol
SFTP runs file transfer over an SSH connection, encrypting everything: usernames, passwords, and all file contents. It has effectively replaced FTP in modern environments. Despite the similar name, SFTP is not FTP-over-SSL — it is a completely separate protocol built on SSH.
SSH
Encrypted remote shell access. Replaced insecure Telnet. Industry standard for server administration.
FTP
Plain-text file transfer. Simple but insecure — credentials and files travel unencrypted. Avoid over public networks.
SFTP
Encrypted file transfer over SSH. Completely replaces FTP. Everything is encrypted end-to-end.
SMTP — Simple Mail Transfer Protocol
SMTP is the protocol responsible for sending email. It operates on port
25
(server-to-server),
587
(submission, encrypted), and
465
(SMTPS). The flow: your device → SMTP server → recipient's mail server → recipient's inbox.
Critically, SMTP is for sending only. Reading email uses separate protocols:
POP3 (downloads and removes from server) or IMAP (syncs across devices).
RDP — Remote Desktop Protocol
RDP — developed by Microsoft — provides complete graphical remote access
to a Windows computer on port
3389.
Unlike SSH (which gives you a command line), RDP gives you the full desktop UI — exactly as if you were sitting
in front of the machine. Your keyboard and mouse input travels to the remote PC; screen updates, audio, and
clipboard contents travel back to you. Companies use RDP so employees can access office software, internal
applications, and databases remotely.
What is Port Forwarding?
Private IPs (like 192.168.1.20)
are not reachable from the internet — they exist only within your local network. Port Forwarding tells
the router: "When traffic arrives on Public IP port 80, send it to 192.168.1.20:80." This
makes internal services accessible from outside. Common uses: web servers, game servers, CCTV systems,
and remote access tools.
MySQL and Port 3306
MySQL is a relational database system that listens on port
3306.
In a web application, the flow is: User → Web Server → MySQL (port 3306).
The database should never be exposed directly to the internet — only the web server faces public traffic,
while MySQL stays protected behind the application layer. Direct exposure creates severe risks:
brute force attacks, SQL injection, and data breaches.
❌ Bad Design
Internet → MySQL (Port 3306 exposed publicly). Database directly reachable — high risk of brute force, injection, and data theft.
✅ Good Design
Internet → Web Server (80/443) → MySQL (3306 internal only). Database hidden behind the application layer — only the web server is exposed.
End-to-End Journey of Opening Google
Every technology covered across all 5 parts comes together in a single action: typing
https://google.com
and pressing Enter. The 21-step journey spans the full networking stack — from DNS resolution
at the application layer all the way down to electrical signals on the wire, and back up again.
📋 The 21 Steps at a Glance
- 1. User enters https://google.com
- 2. DNS resolves google.com → IP address
- 3. Browser creates HTTPS request
- 4. TCP creates reliable connection on Port 443
- 5. TLS Handshake — Google presents certificate
- 6. Browser verifies certificate against trusted CAs
- 7. RSA/ECDSA establish cryptographic trust
- 8. AES session keys are created
- 9. HTTP becomes HTTPS — data is encrypted
- 10. IP layer creates packet with Source & Destination IP
- 11. ARP resolves gateway MAC address
- 12. Ethernet frame created with Source & Destination MAC
- 13. NIC converts bits into electrical or radio signals
- 14. Switch forwards the frame
- 15. Router receives the packet
- 16. NAT translates private IP → public IP
- 17. Internet routers route traffic toward Google
- 18. Google receives the request
- 19. Google sends the response
- 20. Response follows the reverse path home
- 21. Browser receives data and renders the page
Complete Networking Mental Model
When you open any website, every layer of the stack activates in sequence. Meanwhile, a dozen background technologies coordinate simultaneously — DNS, DHCP, ARP, NAT, TLS, routing — each doing its part invisibly.
Physical Networking
- NIC & Ethernet
- Cable Categories
- Auto MDI-X
- Hub / Bridge / Switch
- Star Topology
Addressing
- MAC Addresses
- IPv4 & IPv6
- Public / Private IP
- Subnet Masks
- DHCP / Gateway
Network Communication
- TCP/IP Stack
- TCP vs UDP
- Ports & ARP
- NAT & Routing
- VLANs
Wireless Networking
- IEEE 802.11
- WiFi 4 / 5 / 6 / 7
- 2.4 / 5 / 6 GHz Bands
- Frequency Concepts
- Band Steering
Security
- WPA2 / WPA3 / AES
- RSA & ECDSA
- TLS & Certificates
- HTTPS
- Firewall / VPN
Network Services
- SSH (22) / RDP (3389)
- FTP (20/21) / SFTP
- SMTP (25/587/465)
- Port Forwarding
- MySQL (3306)
Networking Fundamentals — Complete
You have covered the full networking stack — from physical cables and MAC addresses, through IP routing and TCP/IP, to TLS encryption, WiFi standards, and real-world protocols. This foundation is equivalent to the networking topics taught in introductory Network+, CCNA, and system administration courses.