🌐 Networking Fundamentals Part 5 Final Part

Networking Fundamentals —
Firewalls, VPNs & Complete Flow

Firewalls, VPNs, SSH, FTP/SFTP, SMTP, RDP, port forwarding, MySQL port 3306 — and the complete 21-step end-to-end journey of opening Google. Everything comes together here.

Firewall & VPN SSH / FTP / SFTP / SMTP / RDP Port Forwarding E2E Google Journey

What is a Firewall?

A firewall is a security device or software that controls network traffic. Think of it as a security guard at a building entrance — every packet is checked: Who sent it? Where is it going? Is it authorized? A firewall can Allow (permit traffic meeting rules), Block (reject traffic violating rules), or Log (record traffic for auditing). Without a firewall, everything on your network is exposed directly to the internet.

Types of Firewalls

Firewalls have evolved significantly. A Packet Filtering Firewall checks source IP, destination IP, port, and protocol against static rules — fast but unaware of connection context. A Stateful Firewall tracks active connections and automatically allows legitimate responses back in. A Next Generation Firewall (NGFW) goes further — inspecting applications, users, malware signatures, and website content for deep threat prevention.

Firewall overview and types — Packet Filtering, Stateful, and NGFW

Packet Filtering

Checks IP, port, protocol per-packet. Fast and simple but has no knowledge of connection state.

Stateful

Tracks connection sessions. Allows return traffic automatically — more secure than basic filtering.

NGFW

Inspects applications, users, and malware. Provides visibility and control across modern threats.

What is a VPN?

VPN — Virtual Private Network — is one of the most misunderstood networking technologies. The internet is a public network: your traffic passes through your ISP and many unknown routers before reaching its destination. A VPN creates an encrypted tunnel between your device and a VPN server, hiding the contents of your traffic from anyone in between.

It is called "Virtual" because no dedicated cable exists — the private connection is created logically across the shared public internet. A classic enterprise use case: a bank employee working from home connects via VPN so their laptop behaves as if it were physically inside the office network, accessing internal resources that are otherwise unreachable.

VPN overview — problem it solves, encrypted tunnel, real-life example, VPN vs HTTPS
⚠️ VPN ≠ HTTPS: HTTPS protects Browser ↔ Website. VPN protects Device ↔ VPN Server. They solve different problems. Modern internet traffic typically uses both simultaneously — VPN encrypts the tunnel, HTTPS encrypts the application data within it.

SSH — Secure Shell

SSH provides secure remote command-line access over an encrypted connection. Default port: 22. Before SSH, Telnet was used — but Telnet sent everything in plain text, making credentials trivially interceptable. SSH replaced it entirely. With SSH you can execute commands, manage servers, transfer files, configure systems, and run scripts on a remote machine as if you were sitting in front of it.

FTP — File Transfer Protocol

FTP transfers files between systems on ports 20 (data) and 21 (control). Critical problem: FTP transmits usernames, passwords, and file contents in plain text — anyone intercepting the traffic can read everything. FTP should not be used over untrusted networks.

SFTP — SSH File Transfer Protocol

SFTP runs file transfer over an SSH connection, encrypting everything: usernames, passwords, and all file contents. It has effectively replaced FTP in modern environments. Despite the similar name, SFTP is not FTP-over-SSL — it is a completely separate protocol built on SSH.

SSH, FTP, and SFTP comparison — ports, purpose, security differences
Port 22

SSH

Encrypted remote shell access. Replaced insecure Telnet. Industry standard for server administration.

Ports 20 / 21

FTP

Plain-text file transfer. Simple but insecure — credentials and files travel unencrypted. Avoid over public networks.

Port 22 (SSH)

SFTP

Encrypted file transfer over SSH. Completely replaces FTP. Everything is encrypted end-to-end.

SMTP — Simple Mail Transfer Protocol

SMTP is the protocol responsible for sending email. It operates on port 25 (server-to-server), 587 (submission, encrypted), and 465 (SMTPS). The flow: your device → SMTP server → recipient's mail server → recipient's inbox. Critically, SMTP is for sending only. Reading email uses separate protocols: POP3 (downloads and removes from server) or IMAP (syncs across devices).

RDP — Remote Desktop Protocol

RDP — developed by Microsoft — provides complete graphical remote access to a Windows computer on port 3389. Unlike SSH (which gives you a command line), RDP gives you the full desktop UI — exactly as if you were sitting in front of the machine. Your keyboard and mouse input travels to the remote PC; screen updates, audio, and clipboard contents travel back to you. Companies use RDP so employees can access office software, internal applications, and databases remotely.

SMTP mail flow and RDP remote desktop protocol — comparison with SSH, security best practices
⚠️ RDP Security: Exposing RDP directly to the internet (port 3389 open) is a major attack vector — it is one of the most commonly brute-forced ports. Best practice: always place VPN → RDP, never Internet → RDP directly.

What is Port Forwarding?

Private IPs (like 192.168.1.20) are not reachable from the internet — they exist only within your local network. Port Forwarding tells the router: "When traffic arrives on Public IP port 80, send it to 192.168.1.20:80." This makes internal services accessible from outside. Common uses: web servers, game servers, CCTV systems, and remote access tools.

MySQL and Port 3306

MySQL is a relational database system that listens on port 3306. In a web application, the flow is: User → Web Server → MySQL (port 3306). The database should never be exposed directly to the internet — only the web server faces public traffic, while MySQL stays protected behind the application layer. Direct exposure creates severe risks: brute force attacks, SQL injection, and data breaches.

Port Forwarding and MySQL Port 3306 — architecture, good vs bad design

❌ Bad Design

Internet → MySQL (Port 3306 exposed publicly). Database directly reachable — high risk of brute force, injection, and data theft.

✅ Good Design

Internet → Web Server (80/443) → MySQL (3306 internal only). Database hidden behind the application layer — only the web server is exposed.

End-to-End Journey of Opening Google

Every technology covered across all 5 parts comes together in a single action: typing https://google.com and pressing Enter. The 21-step journey spans the full networking stack — from DNS resolution at the application layer all the way down to electrical signals on the wire, and back up again.

21-step end-to-end journey of opening Google — DNS, HTTPS, TLS, TCP, IP, ARP, Ethernet, Router, NAT and back

📋 The 21 Steps at a Glance

  • 1. User enters https://google.com
  • 2. DNS resolves google.com → IP address
  • 3. Browser creates HTTPS request
  • 4. TCP creates reliable connection on Port 443
  • 5. TLS Handshake — Google presents certificate
  • 6. Browser verifies certificate against trusted CAs
  • 7. RSA/ECDSA establish cryptographic trust
  • 8. AES session keys are created
  • 9. HTTP becomes HTTPS — data is encrypted
  • 10. IP layer creates packet with Source & Destination IP
  • 11. ARP resolves gateway MAC address
  • 12. Ethernet frame created with Source & Destination MAC
  • 13. NIC converts bits into electrical or radio signals
  • 14. Switch forwards the frame
  • 15. Router receives the packet
  • 16. NAT translates private IP → public IP
  • 17. Internet routers route traffic toward Google
  • 18. Google receives the request
  • 19. Google sends the response
  • 20. Response follows the reverse path home
  • 21. Browser receives data and renders the page

Complete Networking Mental Model

When you open any website, every layer of the stack activates in sequence. Meanwhile, a dozen background technologies coordinate simultaneously — DNS, DHCP, ARP, NAT, TLS, routing — each doing its part invisibly.

Application (HTTP / HTTPS / DNS / SMTP / SSH)
TLS (Encryption & Authentication)
Transport (TCP / UDP)
Network (IP / ARP / NAT / Routing)
Data Link (Ethernet / WiFi / MAC)
Physical (NIC / Cable / Radio Signals)
Switch → Router → Internet → Server
💡 Meanwhile in the background: DNS found the destination · DHCP assigned your IP · Subnet mask identified the local network · Gateway forwarded traffic outside the LAN · NAT translated addresses · Firewall filtered traffic · TLS encrypted communication · RSA/ECDSA established trust · AES encrypted the data · Routers moved packets globally.

Physical Networking

  • NIC & Ethernet
  • Cable Categories
  • Auto MDI-X
  • Hub / Bridge / Switch
  • Star Topology

Addressing

  • MAC Addresses
  • IPv4 & IPv6
  • Public / Private IP
  • Subnet Masks
  • DHCP / Gateway

Network Communication

  • TCP/IP Stack
  • TCP vs UDP
  • Ports & ARP
  • NAT & Routing
  • VLANs

Wireless Networking

  • IEEE 802.11
  • WiFi 4 / 5 / 6 / 7
  • 2.4 / 5 / 6 GHz Bands
  • Frequency Concepts
  • Band Steering

Security

  • WPA2 / WPA3 / AES
  • RSA & ECDSA
  • TLS & Certificates
  • HTTPS
  • Firewall / VPN

Network Services

  • SSH (22) / RDP (3389)
  • FTP (20/21) / SFTP
  • SMTP (25/587/465)
  • Port Forwarding
  • MySQL (3306)
🎉

Networking Fundamentals — Complete

You have covered the full networking stack — from physical cables and MAC addresses, through IP routing and TCP/IP, to TLS encryption, WiFi standards, and real-world protocols. This foundation is equivalent to the networking topics taught in introductory Network+, CCNA, and system administration courses.