Study Unit 10: Firewalls, Routers, Web Filtering

Introduction

When you are going to a place that you have not been before, before you are granted access,
there are some requirements that must be met, for example availing your identification. At this
point you have experienced a firewall, and you will only go through after the requirements have
been met. This section introduces you to firewalls, and we also proceed to discuss proxies, where
by a proxy server is a server application or appliance that acts as an intermediary for requests
from clients seeking resources from servers that provide those resources. In this study unit, you
will also study about routers, their importance, and several types of routers.

Learning Outcomes Of Study Unit 10

Upon completion of this study unit, you should be able to

10.1 Explain firewalls

10.2 Discuss various firewall policies

10.3 Discuss approaches to creating firewalls

10.4 Discuss types of firewalls

10.5 Routers

10.6 We filtering
10.1 Firewalls

10.1.1 What is a firewall?

A Firewall is a system of computer hardware and software that provides security to the
computer network of an organization. It is generally implemented at every point of contact
between the network and the outside Internet, and as such it filters all data packets going
in or coming out of the network.

A common practice is to let the flow of outgoing data packets pass, unrestricted and
unchallenged, while filtering the flow of incoming packets according to a predefined set of rules,
called the rule base. A data packet that matches a rule in the rule base is allowed to pass through
the firewall into the network; the remaining packets are considered unsafe for the network and
hence, are discarded by the firewall.

A network firewall is similar to firewalls in building construction, because in both cases they are
intended to isolate one "network" or "compartment" from another. As shown below. Fire wall
illustrations

Figure 10.1.1 Firewall illustrations

Example 10.1.1
The guards responsibility

10.2 Firewall Policies

To protect private networks and individual machines from the dangers of the greater
Internet, a firewall can be employed to filter incoming or outgoing traffic based on a
predefined set of rules called firewall policies.

Figure 10.2 firewalls and the Internet

POLICY ACTIONS TAKEN

Packets flowing through a firewall can have one of three outcomes:

Accepted: permitted through the firewall

Dropped: not allowed through with no indication of failure

Rejected: not allowed through, accompanied by an attempt to inform the source that the packet
was rejected.

• Policies used by the firewall to handle packets are based on several properties of the
packets being inspected, including the protocol used, such as:

 TCP or UDP protocol

 the source IP and destination IP addresses
 the source and destination ports
 the application-level payload of the packet (e.g., whether it contains a virus)

10.3 Approaches To Creating Firewalls

There are two fundamental approaches to creating firewall policies (or rule sets) to effectively
minimize vulnerability to the outside world while maintaining the desired functionality for the
machines in the trusted internal network (or individual computer).

BLACK LIST APPROACH

Here, all packets are allowed through except those that fall in line with the rules defined
specifically in a blacklist.

– This type of configuration is more flexible in ensuring that service to the internal network
is not disrupted by the firewall, the only problem is that it is naïve from a security perspective
in that it assumes that the network administrator can enumerate all of the properties of malicious
traffic.
WHITE LIST APPROACH

A safer approach to defining a firewall rule set is through the default-deny policy, in which
packets are dropped or rejected unless they are specifically allowed by the firewall.

10.4 Types Of Firewalls

PACKET FILTERS (STATELESS)

Packet filter will drop or accept it. A stateless firewall doesn’t maintain any remembered
context (or “state”) with respect to the packets it is processing. Instead, it treats each
packet attempting to travel through it in isolation without considering packets that it has
processed previously. This is the simplest and fastest form of traffic-filtering firewall
technologies.

■It works in two directions: to keep intruders at bay and to restrict access to the external
network from internal users.

■Two distinct firewall base policies are as follows:

•Allow by default – it allows all traffic to pass through the firewall except traffic that is
specifically denied.

•Deny by default – it blocks all traffic from passing through the firewall except for traffic that is
explicitly allowed.

Figure A. 10.4, Packet filters

Stateless firewalls may have to be fairly restrictive in order to prevent most attacks.

"STATEFUL" FILTERS

Stateful inspection operates at the network and the transport layers of the OSI model, but
it has the ability to monitor state information regarding a connection. In effect, when a
connection is established between two hosts, the firewall will initially determine if the
connection is allowable based on a set of rules about source and destination ports and IP
addresses. Once the connection is deemed to be acceptable, the firewall remembers this.

These maintain records of all connections passing through it and can determine if a packet is
either the start of a new connection, a part of an existing connection, or is an invalid packet.
Stateful firewalls can tell when packets are part of legitimate sessions originating within a trusted
network. Stateful firewalls maintain tables containing information on each active connection,
including the IP addresses, ports, and sequence numbers of packets. Using these tables, stateful
firewalls can allow only inbound TCP packets that are in response to a connection initiated from
within the internal network. Therefore, subsequent traffic can be examined as either permissible
or not within the context of the entire session.

Allow only requested TCP connections

Figure A. 10.4, Packet filters

3. APPLICATION LAYER

It works like a proxy it can ―understand‖ certain applications and protocols.

It may inspect the contents of the traffic, blocking what it views as inappropriate content
(i.e. websites, viruses, vulnerabilities, etc)

They are also called as application-layer gateway devices or application filtering.

Application-layer gateways are more advanced than packet filtering, operate at the
application layer of the OSI model, and examine the entire packet to determine what should
be done with the packet based on specific defined rules. They use complex rules to determine the
validity of any given packet, and part of analyzing each packet includes verifying that it contains
the correct type of data for the specific application it is attempting to communicate with.

APPLICATIONS OF FIREWALLS

A firewall is primarily used to provide security to the computer network of an

organization. Since a firewall may be used to prevent a large class of network attacks, fire walls
applications can be classified as follows.

1. Filtering: Firewalls can filter a data packet at various layers of the Internet protocol hierarchy.
A firewall is generally deployed at the perimeter of the computer network of an organization. It
can, therefore, examine every data packet that goes in or comes out of the computer network.
This feature allows a firewall to deny the malicious data packets from entering the computer
network of the organization.

2. DOS prevention: A firewall is often used to prevent Denial-of-Service attacks launched

against the hosts in the computer network of the organization. Such a firewall enforces a
maximum on the number of simultaneous connections that can be opened on any host at a given
point of time. At this stage, if a user in the outside Internet desires to open a new connection on
the host, the firewall simply rejects the data packet from entering the computer network.
3. Detection of IP address spoofing: A firewall can be configured to detect and filter a data
packet that has an incorrect source IP address. In order to check the legitimacy of the source IP
address, the firewall connects to the DHCP server of the source host and verifies that the
hardware address i.e. the MAC address of the source host corresponds to its IP address.

10.5 Routers

10.5.1 What is a Router?

A router is a networking device that forwards data packets between computer networks.
Routers perform the traffic directing functions on the Internet. Data sent through the
internet, such as a web page or email, is in the form of data packets. A packet is
typically forwarded from one router to another router through the networks that constitute
an internetwork (e.g. the Internet) until it reaches its destination node.

A router is connected to two or more data lines from different IP networks. When a data packet
comes in on one of the lines, the router reads the network address information in the packet
header to determine the ultimate destination. Then, using information in its routing
table or routing policy, it directs the packet to the next network on its journey.

Router Operation And Router Forwarding

When multiple routers are used in interconnected networks, the routers can exchange
information about destination addresses using a routing protocol. Each router builds up
a routing table, a list of routes, between two computer systems on the interconnected
networks.

A router has two types of network element components organized onto separate
processing planes:

Control plane: A router maintains a routing table that lists which route should be used to
forward a data packet, and through which physical interface connection. It does this using
internal pre-configured directives, called static routes, or by learning routes dynamically using
a routing protocol. Static and dynamic routes are stored in the routing table. The control-plane
logic then strips non-essential directives from the table and builds a forwarding information
base (FIB) to be used by the forwarding plane.

Forwarding plane: The router forwards data packets between incoming and outgoing
interface connections. It forwards them to the correct network type using information that the
packet header contains matched to entries in the FIB supplied by the control plane.

Router Forwarding

The main purpose of a router is to connect multiple networks and forward packets destined
either for directly-attached networks or more remote networks. A router is considered
a layer-3 device because its primary forwarding decision is based on the information in the
layer-3 IP packet, specifically the destination IP address. When a router receives a packet,
it searches its routing table to find the best match between the destination IP address of the
packet and one of the addresses in the routing table. Once a match is found, the packet is
encapsulated in the layer-2 data link frame for the outgoing interface indicated in the table entry.
A router typically does not look into the packet payload, but only at the layer-3 addresses to
make a forwarding decision, plus optionally other information in the header for hints on, for
example, quality of service (QoS). For pure IP forwarding, a router is designed to minimize
the state information associated with individual packets. Once a packet is forwarded, the router
does not retain any historical information about the packet.

The routing table itself can contain information derived from a variety of sources, such as
a default or static routes that are configured manually, or dynamic entries from routing
protocols where the router learns routes from other routers. A default route is one that is
used to route all traffic whose destination does not otherwise appear in the routing table;
this is common – even necessary – in small networks, such as a home or small business where
the default route simply sends all non-local traffic to the Internet service provider. The default
route can be manually configured (as a static route), or learned by dynamic routing protocols, or
be obtained by DHCP
A router can run more than one routing protocol at a time, particularly if it serves as an
autonomous system border router between parts of a network that run different routing protocols;
if it does so, then redistribution may be used (usually selectively) to share information between
the different protocols running on the same router.

Besides making a decision as to which interface a packet is forwarded to, which is handled
primarily via the routing table, a router also has to manage congestion when packets arrive
at a rate higher than the router can process. Three policies commonly used in the Internet
are tail drop, random early detection (RED), and weighted random early
detection (WRED). Tail drop is the simplest and most easily implemented; the router
simply drops new incoming packets once buffer space in the router is exhausted. RED
probabilistically drops datagrams early when the queue exceeds a pre-configured portion of the
buffer, until a pre-determined max, when it drops all incoming packets reverting to tail drop.
WRED can be configured to more readily drop packets dependent on the type of traffic.

Another function a router performs is to decide which packet should be processed first when
multiple queues exist. This is managed through QoS, which is critical when Voice over IP is
deployed, so as not to introduce excessive latency.

Yet another function a router performs is called policy-based routing where special rules are
constructed to override the rules derived from the routing table when a packet forwarding
decision is made.

Router functions may be performed through the same internal paths that the packets travel inside
the router. Some of the functions may be performed through an application-specific integrated
circuit (ASIC) to avoid overhead of scheduling CPU time to process the packets. Others may
have to be performed through the CPU as these packets need special attention that cannot be
handled by an ASIC. Below is an example of a router.
Figure A, 10.5, showing an example of a DSL router with telephone sockets

Routing Tables

So the routing table contains the network layer intelligence that tells the router how to
forward packets to remote destinations. Initially, that routing table is made up of networks
that are directly connected to the particular router. They are obviously shown as directly
connected networks, after that the way to learn about remote destinations is by either
populating the routing table with static routes in which an administrator will tell the router
how to get to the destination or by populating the routing table via routing table
advertisements coming from other routers.

So routers are gossipy and they will tell each other information that allows them to know about
all the gossip in the network. In both cases, static and dynamic routing notice how routers use the
reserved subnet addresses or network addresses that contain all 0s in the host portion of the IP
address.

In this case, we are talking about a classless subnetted class A address. Network 10 split
into subnets similar to a class C. However, in all cases here, the host portion of the address,
the fourth byte is all 0s and that represents that subnet or network itself. In other words,
these are destination networks or subnets. In the case of remote destinations, the routing
table entries show what the next hop is in order to reach that destination. In this case, in
order to reach 10.1.3.0, our next-hop is router 2 at 10.1.2.2.
Figure B 10.5 Routing table: source https://www.learncisco.net/courses/icnd-1/lan-
connections/functions-of-routing.html

Common Types Of Routers

There are two main types of routers in the market. These types include:

1. WIRED ROUTERS

These routers are mostly used in homes and small offices. Wired routers share data over
cables and create wired local area networks (LANs), Wired and wireless router are able to
maintain routing and configuration information in their routing table. They also provide the
service of filtering traffic of incoming and outgoing packets based on IP addresses. while
 2. WIRELESS ROUTERS

Wireless routers use antennas to share data and create wireless local area networks
(WLANs). Wireless routers create a wireless signal in your home or office. So, any PC within
range of Wireless routers can connect it and use your Internet.

In order to secure your Wireless routers, you simply need to come secure it with password or get
your IP address. Then, you'll log on into your router with the user ID and passwords will that
come with your router.

EXAMPLES OF WIRED OR WIRELESS ROUTERS INCLUDE

(1) Broadband routers

Broadband routers can do different types of things. Broadband routers can be used to connect
computers or to connect to the Internet.

If you connect to the internet through phone and using Voice over IP technology (VOIP) then
you need broadband router. These are often a special type of modem (ADSL) that will have both
Ethernet and phone jacks.

2. Edge Routers

This type of router is placed at the edge of the ISP network, that is normally configured to
external protocol like BGP (Border gateway protocol) to another BGP of other ISP or large
organization.

3. Subscriber Edge Routers

This type of router belongs to an end user (enterprise) organization. It’s configured to
broadcast external BGP to its provider’s AS(s)
4. Inter-provider Border Routers

This type of router is for Interconnecting ISPs. This is a BGP speaking router that maintains
BGP sessions with other BGP speaking routers in other providers' areas.

5. Core Routers

These wired or wireless routers distribute data packets within networks, but not between
multiple networks. They’re designed to become the backbone of your network and do the
heavy lifting of data transfer, which is why they’re usually high-performance.

A router that resides within the middle or backbone of the LAN network rather than at its
periphery. In some instances, a core router provides a step down backbone, interconnecting the
distribution routers from multiple building of a campus (LAN), or Large Enterprise Location
(WAN). They tend to be optimized for a high bandwidth.

6. Distribution router

A distribution router, or interior router, receives data from the edge router (or gateway)
via a wired connection and sends it on to end users, typically via Wi-Fi, though the router
usually also includes physical (Ethernet) connections for connecting users or additional routers.

C. VIRTUAL ROUTER

Unlike physical routers, virtual routers are pieces of software that allow computers and servers
to operate like routers. They’ll share data packets just as physical routers do. They can offer
more flexibility than physical devices since they can be scaled as the business grows; they can
also help get remote offices up and running on your network more quickly

Virtual routers are pieces of software that allow some router functions to be virtualized in
the cloud and delivered as a service. These routers are ideal for large businesses with complex
network needs. They offer flexibility, easy scalability, and a lower entry cost. Another benefit of
virtual routers is reduced management of local network hardware.
WHAT TO BEAR IN MIND WHEN CHOOSING SMALL BUSINESS ROUTERS

Connectivity

Pay close attention to the numbers and types of ports (such as phone, Ethernet, cable, and USB)
to make sure you can connect the necessary devices. Remember that unused ports are fine to
have, as they allow you to expand the network when needed.

Bandwidth

Sufficient bandwidth is important for user experience. It ensures maximum performance

for multiple users: the more users, the greater the bandwidth needed. You can grow your
business's network by adding additional routers or hubs if necessary, but insufficient bandwidth
anywhere in the network can cause bottlenecks.

Wireless capability

Wi-Fi is a given, but there are different standards. The latest, Wi-Fi 6 (802.11ax), can
deliver much higher transmission speeds, especially when multiple access points (such as
devices or additional routers) are connected at once. Wi-Fi 6 routers are backwards-compatible
with old Wi-Fi standards.

Simplified setup and management

Most routers provide a browser-based interface that connects directly to your router to
perform setup and admin. However, many manufacturers now offer mobile apps that are
specially designed for their devices and provide more intuitive interfaces and easier setup.

Security

Your router should at least offer WPA or WPA 2 password protection. Some routers also have
firewall software, which continuously scans incoming data for potential malware and viruses.
Another important tool is MAC (Media Access Control) address filtering, which uses device-
specific IDs to screen users and build a whitelist or blacklist for network access.
Flexibility

Consider routers that have at least one power over ethernet (PoE) port. PoE provides both
data and electricity power supply to external devices such as wireless access points, VoIP
phones, IP and cameras. PoE eliminates cabling and provides additional flexibility to your
networks.

Automatic updates

Routers contain software that requires updates to maintain performance and security.
Many manufacturers update software automatically, which is preferable because it happens in
the background without any action on your part.

User changeable configurations

This feature allows you to manage network traffic, guest networks, parental controls, and
security settings. The process is easier to handle if the router's configuration can be managed
from an app as opposed to a browser interface.

Guest networks

Guest networks are an important layer of extra security for when guests visiting the business
need Wi-Fi access. A guest network will limit access to the business's devices and files, while
still offering connectivity to visitors.

Quality of service (QoS) controls

Combined with tools to look at usage across all users, this feature allows you to limit network
use to up- or downstream transmissions, control for certain types of use (video streaming, for
example), and specify bandwidth for different users. This feature helps you improve security as
well as network monitoring.
Mesh networks

If you've had experience with Wi-Fi extenders, you may have found that they can do as much
harm as good. They create multiple networks that don't communicate with each other, as well as
device incompatibilities that can cause bandwidth bottlenecks.

A better solution is a mesh network, which allows you to place multiple Wi-Fi transmitters
across your office, all on one network. Unlike extenders, which you can use with any wireless
router, mesh networks require a router with this capability built-in.

COMMON FUNCTIONS OF ROUTERS

Segmentation

Routers are able to segment the Internet network from the internal network in a home or
business. Routers send packets from the internal network to the Internet "cloud." The Internet
cloud is considered any computer outside the internal network. A router functions to keep the
traffic dedicated for the Internet outside the internal network as a safety feature. It also avoids the
loss of data from a data packet going to the wrong network.

IP Assignment

Each computer on the Internet needs an Internet Protocol address. An IP address is the
computer's address on the network, and it's a requirement to send and receive communication
packets on the Internet. Dynamic host configuration protocol assigns an IP address to any
computer that connects to the network. DHCP is a common option on most routers on the
Internet, including routers that are used for home and office networks.

Firewall

Internal networks need protection from hackers and unauthorized, malicious users. A firewall
blocks traffic from an unauthorized user. It protects the corporate data by only allowing
authorized users to enter the network. Firewalls can be installed on each desktop on the network,
but routers located on the Internet are packaged with firewall firmware and software.
 Peripherals and File Sharing

Routers also allow several users to share resources including printers, faxes, scanners and file
folders on remote drives. A network administrator can set up printers and faxes on the router for
an entire organization to use through the network. This eliminates costs and the space needed to
have a printer for each user on the network. Shared files and folders on a user's hard drive can be
shared across the network without printing or filing hard copies.

 Improving access to information

Workers need fast access to information so they can make better decisions. Routers help
provide access, so workers have visibility into business data.

 Enhancing customer service

Today’s customers expect fast responses to their questions as well as personalized service. To
meet these demands, businesses need responsive and reliable networks, which routers can
provide.

 Reducing operating costs

Routing technology can positively impact your business’s bottom line–for example, saving
money by using shared printers and servers that can be accessed by everyone on the network.
With routers and a reliable network, you can grow your small business infrastructure without
constantly replacing technology

10.6 Web Filtering

10.8. 1 What is Web Filtering?

Web filtering is a technology stops users from viewing certain URLs or websites by
preventing their browsers from loading pages from these sites. Web filters are made in
different ways and deliver various solutions for individual, family, institutional or enterprise use.

Unrestricted web activity boosts company productivity, but it also puts companies at risk of
malware, data loss, and other issues.
URL/web blocking has prevented teams from browsing fruitless websites. Today's web filtering
protects entities from malware and phishing sites.

In general, Web filters work in two distinct ways.

1. They can block content as determined by quality of the site, by consulting known
lists which document and categorize popular pages across all genres of content.
2. They can evaluate the content of the page live and block it accordingly.

Many Web filter tools work off of a constantly updated URL database that shows which websites
and domains are associated with hosting malware, phishing, viruses or other tools for harmful
activities.

WEB FILTERING SOFTWARE

A web filtering software is used to control which websites an end user is able to access. It
compares the content and its source to a set of rules in order to decide whether or not to
display it.

 Internet content such as

 spyware,

 viruses, and

 material deemed improper for the workplace

can be blocked by implementing a web filtering policy for an organization. Filtering unsuitable
content from the internet can help employees operate more efficiently, limit legal exposure,
and safeguard a company's network from outside attacks.

With close to a billion active websites on the internet, there’s is no way that every website
can be included on a web filtering programs exclusion lists.

In addition to its primary filtering function, a web filtering system may also include additional
features.

NOTABLE CHARACTERISTICS INCLUDE

 1. the ability to report on traffic,

2. soft blocking that can show warnings before denying access, and

3. an override feature that lets administrators unclog webpage.

FILTER CUSTOMIZATIONS

As well as the two main filters listed, customization options also exist:

1. Client-side filtering
2. Server-side filtering
3. Enterprise filtering
4. Personal filtering
5. Malware control

Why Web Filtering is Important

For anyone concerned with using the internet safely, web filtering can be an excellent tool to
help prevent attacks or loss of security. Monitoring and filtering what employees share helps
actively enforce IT policies as well prevent data leakage. The security of a business is
essential, so when any level of confidential information leaks, it will cause harm to the company.
For organizations that offer internet access available to the public, like schools or libraries,
recent legislation, CIPA (Child Internet Protection Act) has made it mandatory to implement a
filtering solution or lose funding. Web filters are capable of preventing users from accessing
sites that execute malicious code on the user’s computer. Even on a small level, web filtering
allows companies to block web sites that don’t support an effective work day, as well as not
fitting the requirements of their security policies.

How does Web Filtering Work

Hardware or software content filters are commonly part of a firewall. Content filtering can also
refer to a company's network-wide information system usage regulations. Office internet
content filters block distractions like social channels. Web content clarifying sets rules and
patterns for hazardous sites.

The content filter uses established rules to organize commonalities like objects in photos or
text strings like keywords into categories like adult, gambling, gaming, sports, etc. Sites that
match are jammed and designated as undesirable.

Web content screening can protect children from unsuitable content. Yet, workplace material
filtering is becoming vital. DNS filtering blocks sites by pre-identifying their IP addresses
to restrict access. These sites include productivity drains like social media, gambling,
pornographic content, and malware-risky sites.

WEB FILTERING CUSTOMER BASE

The three largest groups that use web filtering are:

1. Parents — who wish to prevent their children from accessing content they consider
undesirable or inappropriate.
2. Businesses — that want to prevent employees from accessing websites that don't pertain
to their jobs. Also, web filters serve as an effective assistance in stopping some malware
infection.
 3. Schools — Schools tend to use web filtering in a similar manner to businesses and
parents, hoping to block offensive and distracting content, while also hoping to protect
against malware infection.

Web Filtering Types

WEB FILTERING TYPES

Web Filtering Types

This service has several usages but its solutions differ in how they determine allowable material.
Web filters can be described as:

 Allow Listing

Allow listings list sites a person, machine, or application can visit. Any web traffic with an
unlisted destination is discarded and this restricts site access.

 Block Listing

Block lists are diametrically opposed to allow lists. They mention forbidden sites instead of
allowed ones. Blocklists check all traffic and drop traffic to destinations on the list. This method
is utilized to stop phishing sites, drive-by malware downloads, and obnoxious material.

 Content Filtering

Based on a webpage's material, this approach allows or blocks circulation. An entity can filter
explicit data online. If the policy is breached, the site is blocked. This decontamination method
lets a corporate avert unknown malevolent or unacceptable sites.

URL filtering systems implement rules differently based on filter type and location. These
processing techniques are applied in several ways:

Keyword and content filters — This type of filtering is in many ways similar to block and
allow list filtering, though with a slightly broader scope. Keyword and content filters will filter
out websites that contain specific keywords or predefined content (such as pornography, for
example).

 DNS Filtering

It is the Internet's phone book, translating realms like google.com to IP addresses used by
computers to route data. This filtering permits or restricts DNS requests based on policy.

 URL Filtering

They are webpage addresses. URL filtering checks web requests' URLs and decides if they're
allowed based on policy.

 Content Filtering

This analyses a webpage's content and congest policy-violating responses performing a cloud
based web filtering.
BENEFITS OF WEB FILTERING

It can help your institution in several ways.

1. Reducing Malware Infection

Before harmful payloads are introduced, you can defend your info and users by confining access
to known catastrophic sites. Web filtering reduces malware warnings and endpoint maintenance.

Current URL filtering technologies effectively block harmful applications. Firewalls with online
URL filtering systems can examine web pages for hazards, in addition to blocking domains.

2. Protecting Minors from Unwanted Content

URL content cleaning protects youths from pornographic and ferocious information, which is its
main value. In today's fast-paced world, parents may not always be present to monitor their
children's material or know all the sites to block. URL filtering in a firewall gives comprehensive
control over what is accessible without referring user or administrative rules.

3. Protection From Exploit-Kits

As network security improves, hackers are finding new ways to break in. Exploit kits exploit
web browser susceptibilities via browser extensions and plugins.

Mistakenly visiting malicious sites might release an attack kit that exploits browser or operating
system vulnerabilities. Vulnerabilities allow attackers to download malware, hijack
sessions and credentials, and more. Content filters can detect exploit kits and prevent payload
downloads.

4. Improving Staff Productivity

Social media is a tremendous time-waster and productivity killer. Restriction boosts productivity
and several sectors need social media expertise. Online purchasing and streaming sites drain
productivity in these industries. There is no reason for employees to watch movies while
working. In addition to blocking distracting websites, it's important to avoid downloading
malicious files, opening strange emails, and responding to unknown contacts.
 5. Network Bandwidth Efficiency

Non-work internet use drains network bandwidth. Limiting these sites improves network
bandwidth efficiency and speeds. To achieve network bandwidth efficiency, you might educate
your employees on the benefits of a continuously fast network or place restrictions on
bandwidth-hogging video streaming websites like YouTube.

6. Regulatory Compliance

Monitoring worker web usage helps prevent internet-related mishaps. Posting hateful, bigoted, or
obscene content on blogs or social media, cyber bullying, or downloading copyright-protected
material could result in liability. With the world becoming so polarized, you must always defend
your firm and brand by carefully controlling the information you and your workers let in or send
out.

Summary Of Study Unit 10

In this study unit, you have learned that firewalls can be implemented at every point of contact
between the network and the outside Internet, and as such it filters all data packets going in or
coming out of the network and You have also learned that there are three types of firewalls
which include: packet filters, stateful filters and application layer firewalls. There are also three
main types of proxies: these are forward proxies, reverse proxies and open proxies. This study
unit has also re-echoed on what a router is, functions of routers and several types of routers.

Glossary Of Terms For Study Unit 10

TCP connection this is a standard that defines how to establish and

maintain a network conversation through which
application programs can exchange data.
Firewall policies these are policies protect private networks and
individual machines from the dangers of the greater
Internet.

ITQs- In-text Questions

ITAs- In-text Answers

Self-Review Questions (SRQs) For Study Unit 10

Now that you have completed this unit, you can measure how well you achieved its learning
outcomes by answering the following questions. You can check your answers with the Notes on
Self-Review Questions at the end of this study unit

1. What do you understand by the term a fire wall?

2. When creating firewalls, there are mainly two approaches that can be followed, discuss
these approaches
3. Discuss the three main types of firewalls.
4. What are the duties or roles of firewalls
5. What is a router.
6. Discuss various types of routers
7. What are some of the considerations to bear in mind when choosing small home routers?
8. What are some of the functions of routers?
9. Discuss the concept of web filtering in details.