Firewalls — Network Gatekeepers

A FIREWALL is a security system that decides which network traffic to ALLOW or BLOCK. Like a bouncer at a club, it checks each packet of data coming in or going out. Firewalls are everywhere: on your laptop (host firewall), on your home router (network firewall), and protecting big company networks (enterprise firewall).

Two main types. PACKET-FILTERING firewalls examine each data packet against rules: "block all traffic to port 23 (Telnet, an insecure old protocol)." STATEFUL firewalls track ongoing connections: "this packet is part of a connection I already approved, let it through." Modern enterprise firewalls also do APPLICATION-LAYER inspection — looking at WHAT the traffic actually is (a web request? a malware download?).

Most home routers come with a NAT firewall built in — it hides your devices from the open internet by default. Your laptop also has a software firewall (macOS, Windows). Together, they cover most home users. Enterprise networks add many more layers: deep packet inspection, intrusion detection, web application firewalls.

Firewalls won't protect against everything (clicked-on malware, phishing-stolen passwords) but they massively reduce the attack surface. Make sure yours is on.