What is an email protocol?

An email protocol is a combination of principles and rules that make it possible to transfer messages
between different servers, machines, and email clients. It creates standards that messages should follow to
reach the recipients in their original state.

For example, when you send an email from Gmail client to someone with Outlook address, you expect all
the attachments and body elements to be present when they view your email. This is true whether they use
Apple Mail, Microsoft Outlook, or Thunderbird clients to access their inbox.

Email protocols also determine how messages should be sent and accessed, what format they should have,
and what structure should the connection follow.

SMTP – a standard protocol to send emails

What is SMTP?

Simple Mail Transfer Protocol (SMTP) establishes how the message gets from the sender to the email
server. Also, it is used by a mail transfer agent (MTA) to deliver emails between servers. This process is
called mail relaying (or SMTP relay).

SMTP is only meant for sending email messages.

How SMTP works

SMTP workflow consists of commands sent by the SMTP client and corresponding replies by the SMTP
server.

Default SMTP commands are text-based, such as HELO, MAIL FROM, and others. Sometimes you might
encounter extended SMTP (ESMTP) commands such as EHLO, STARTTLS, etc.

Replies are represented by numeric completion codes (for example, 220, 250, 354, and so on). For more on
SMTP commands and response codes, read our dedicated blog post.

Any SMTP conversation consists of three stages:

 SMTP handshake – The SMTP client establishes a TCP connection with the SMTP server. Once
the server replies with 250, the handshaking starts. The stage ends when the server confirms the
recipient’s address.

 Email transfer – Code 354, as a response to the DATA command, launches the transfer of the
email. Once the server gets a final dot, the message is transferred.
  Termination – Client and server say goodbye to each other using the command QUIT and code 221,
respectively.

Let’s take a look at the interaction between the SMTP client and server through a simple email delivery
example:

Command or Response What it means

Client: HELO client.rocket.comorEHLO Identifies itself and initiates the SMTP

client.rocket.com conversation. The domain name or IP address
is usually sent as an argument together with
the command. EHLO is an alternative
command to start the conversation. It
identifies that the client uses the ESMTP
protocol.

Server: 250 OK or completed

Client: MAIL FROM:<andy@rocket.com> Says that a new mail transaction is starting

and specifies the sender

Server: 250 OK or completed

Client: RCPT TO:<jane@gmail.com> Specifies the recipient. (For multiple

recipients, the command will be repeated for
each recipient’s address)

Server: 250 OK or completed

Client: DATA Initiates the transfer of the email contents

including body text, attachments, and so on.

Server: 354 Lets the client start the content transfer

Client: Date: Wed, 24 July 2019 16:03:23 Date

Client: From: andy@rocket.com From header

Client: Subject: How SMTP works Subject line

Client: To: jane@gmail.com To header

Client: Empty line

Client: Hope, it’s not boring:) Body text

Client: . Once the message contents have been

transferred, a single dot must be sent in a line
to terminate.

Server: 250 OK or completed

Client: QUIT Request to terminate the SMTP conversation

Server: 221 Closes transmission channel

SMTP ports

 25

This is a standard port for relaying messages between email servers. Cloud hosting providers and many
email clients (Gmail, Microsoft Outlook, Mozilla Thunderbird, etc.) block port 25 to prevent spam. They
usually prioritize secure connections like 587 or 465.

 465

465 is not an RFC-compliant port. It was meant for the SMTPS encryption and authentication wrapper over
SMTP. IANA registered 465 as an SMTP port, but it has never been recognized as an official SMTP
transmission or submission channel.
Later on, port 465 became obsolete and was revoked in favor of STARTTLS wrapper over SMTP.
Nevertheless, today many servers still use SMTPS and maintain 465.

 587

A default SMTP port 587 is the option to submit an email for routing. TLS encryption ensures the secure
submission of the email. Almost all mail servers support 587.

 2525

It is not an official SMTP port, but almost any email service provider supports it. 2525 is secured similarly
to 587 and is often used in lieu of it. So, if the use of the default SMTP port causes some trouble, try 2525.

For more on this, read our blog post about SMTP ports.

IMAP4 and POP3 – protocols to receive emails

Once the email knocks at the mail server’s door, either IMAP or POP3 will be used to retrieve it. Both of
these servers are message accessing agents (MAAs).

What is IMAP?

Internet Message Access Protocol (IMAP) is a communication standard for accessing emails. Today, its
fourth version is in use, hence the name IMAP4.

IMAP stores emails on a remote server and downloads them on demand when the recipient opens them. So,
the IMAP protocol gets access to the email from any device or location if authorized. This allows for email
synchronization, which is why IMAP is the go-to option for most email service providers.

How IMAP works

Here is the basic flow of the IMAP client/server interaction:

 A recipient’s mail client connects to the server the message is stored on

 The recipient can see the message headers of all the emails on the server

 If the recipient chooses a particular message to read, IMAP downloads it on demand

Under the hood, a primitive IMAP connection may look as follows:

Client command Description

LOGIN Opens the IMAP connection

LISTCREATERENAMEand other commands Commands that allow you to manage mailbox

SELECT Defines the current mailbox and opens an IMAP

 session

LISTDOWNLOADDELETEand other Commands that allow you to manage messages

commands

CLOSE Closes the IMAP session. If you want to open a new

session, you can do this by setting up another current
mailbox. Once the new session is opened, the IMAP
server permanently updates the messages according to
the previous session.

LOGOUT Closes the IMAP connection

There are three forms of IMAP server responses.

 Status Responses (OK, NO, BAD, PREAUTH, and BYE)

They may include a response code like ALERT or CAPABILITY. A response code gives additional
information beyond the status response condition.

 Server Data

These responses include Server and Mailbox Status (CAPABILITY, LIST, etc.), Mailbox Size (EXISTS and
RECENT), and Message Status (EXPUNGE and FETCH)

 Command Continuation Request

This response confirms that the server is ready to accept the continuation of the client’s command. It is
represented by a “+” token.

IMAP ports

 143 – A default IMAP port without encryption

 993 – A secured SSL/TLS port used by most email service providers. It is often called IMAPS.

What is POP3?

Post Office Protocol 3 is a simpler way to access mailboxes. We use its third version – that’s why it’s called
POP3. Users love this protocol for its low dependency on Internet connections.

POP3 protocol downloads emails from the server to the local computer, so you can read them even offline.
The server deletes messages once they are retrieved. This is the default and common setting, but there is the
option to enforce a site policy regarding email retention on the server.
At the same time, even if the POP3 client contains configuration options to store email, the server won’t
support such an action.

How POP3 works

POP3 connection consists of four steps:

 The client connects to the server (AUTHORIZATION State)

 The client retrieves new emails (TRANSACTION State)

 The server deletes the stored messages (UPDATE State)

 The client disconnects from the server

Let’s take a look under the hood of a POP3 session as well.

Command or Response What it means

Server: The server is waiting for the connection on

TCP/IP port 110

Client: The client establishes a TCP connection.

Server: +OK POP3 server ready If everything is OK, the server’s response
<example.server.com> will be consistent. Otherwise, it will show -
ERR

Client: APOP mrose Provides origin identification and replay

c4c9334bac560ecc979e58001b3e22fb protection for the session. mrose is the
name parameter and
c4c9334bac560ecc979e58001b3e22fb is the
digest parameter. They identify a mailbox
and an MD5 digest string

Server: +OK If everything is OK, the server’s response

will be consistent. Otherwise, it will show -
ERR

Client: STAT Now, the session enters the

TRANSACTION state. STAT command
 asks how many messages are currently in
the mailbox and their size in octets

Server: +OK 1 334 Maildrop has one message of 334 octets

Client: DELE 1 Deletes the message

Server: +OK message 1 deleted If everything is OK, the server’s response

will be consistent. Otherwise, it will show -
ERR

Client: QUIT Once the session is over, the client logs off
via QUIT command

Server: +OK dewey POP3 server signing off If everything is OK, the server’s response
(maildrop empty) will be consistent. Otherwise, it will show -
ERR

Client: The client closes the TCP connection.

Server: The server is waiting for connection on

TCP port 110

We used only two commands (DELE and STAT) that are valid in the TRANSACTION state. You can find
more options here.

As for POP3 responses, they contain a status indicator (+OK or -ERR) and a keyword that may be enhanced
with additional information (for example, -ERR no such message, only 2 messages in maildrop).

POP3 ports

 110 – A default POP3 port without encryption

 995 – A secured SSL/TLS port that is often referred to as POP3S.

IMAP or POP3 – which protocol should I choose?

At first, we were considering making a table with a comparison of the pros and cons of IMAP and POP3.
But this idea proved untenable since different users would have different demands in terms of the email
protocol standards. So, we decided to set it up this way instead.

Pick IMAP4 if:

 you need access to mail from different devices

 you need to organize your mail in folders or some sort of hierarchy

 you have unlimited server storage space

 you have a constant and stable Internet connection

 you need fast access to your mail

Pick POP3 if:

 your internet connection is unstable or even unavailable

 you prioritize privacy over accessibility and prefer to store emails on the local machine

 you’re the only person with access to your email account and use a single device for that purpose

If you still don’t know which protocol to choose, check out our article on the key differences between IMAP
and POP3 or watch this video:

FTP Protocol:

FTP

o FTP stands for File transfer protocol.

o FTP is a standard internet protocol provided by TCP/IP used for transmitting the files from one host
to another.

o It is mainly used for transferring the web page files from their creator to the computer that acts as a
server for other computers on the internet.

o It is also used for downloading the files to computer from other servers.

Objectives of FTP

o It provides the sharing of files.

o It is used to encourage the use of remote computers.

o It transfers the data more reliably and efficiently.

Why FTP?

Although transferring files from one system to another is very simple and straightforward, but sometimes it
can cause problems. For example, two systems may have different file conventions. Two systems may have
different ways to represent text and data. Two systems may have different directory structures. FTP protocol
overcomes these problems by establishing two connections between hosts. One connection is used for data
transfer, and another connection is used for the control connection.

Mechanism of FTP

The above figure shows the basic model of the FTP. The FTP client has three components: the user
interface, control process, and data transfer process. The server has two components: the server control
process and the server data transfer process.

There are two types of connections in FTP:

Control Connection: The control connection uses very simple rules

for communication. Through control connection, we can transfer a
line of command or line of response at a time. The control connection
is made between the control processes. The control connection
remains connected during the entire interactive FTP session.

Data Connection: The Data Connection uses very complex rules as

data types may vary. The data connection is made between data
transfer processes. The data connection opens when a command
comes for transferring the files and closes when the file is
transferred.

FTP Clients

o FTP client is a program that implements a file transfer protocol which allows you to transfer files
between two hosts on the internet.

o It allows a user to connect to a remote host and upload or download the files.

o It has a set of commands that we can use to connect to a host, transfer the files between you and your
host and close the connection.

o The FTP program is also available as a built-in component in a Web browser. This GUI based FTP
client makes the file transfer very easy and also does not require to remember the FTP commands.
Advantages of FTP:

o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest way to transfer
the files from one computer to another computer.

o Efficient: It is more efficient as we do not need to complete all the operations to get the entire file.

o Security: To access the FTP server, we need to login with the username and password. Therefore,
we can say that FTP is more secure.

o Back & forth movement: FTP allows us to transfer the files back and forth. Suppose you are a
manager of the company, you send some information to all the employees, and they all send
information back on the same server.

Disadvantages of FTP:

o The standard requirement of the industry is that all the FTP transmissions should be encrypted.
However, not all the FTP providers are equal and not all the providers offer encryption. So, we will
have to look out for the FTP providers that provides encryption.

o FTP serves two operations, i.e., to send and receive large files on a network. However, the size limit
of the file is 2GB that can be sent. It also doesn't allow you to run simultaneous transfers to multiple
receivers.

o Passwords and file contents are sent in clear text that allows unwanted eavesdropping. So, it is quite
possible that attackers can carry out the brute force attack by trying to guess the FTP password.

o It is not compatible with every system.

What about HTTP?

HyperText Transfer Protocol (HHTP) is another option to access emails, yet it’s not an email protocol.
Regardless, HTTP can be used to send and receive messages from webmail, such as Gmail.com. It’s also
good practice to access emails in mobile apps through HTTP.

This protocol has two default ports: 80 for non-encrypted and 443 for secure connections.

How an email gets from a sender to a recipient

Now, you know what each email protocol is used for. Let’s map a full picture of how an electronic message
can get from a sender (bruce@sender.com) to a recipient (jane@recipient.com).

 Sender’s email client connects to the SMTP server (for example, smtp.gmail.com)

 The SMTP server authenticates the recipient’s email address using DNS records (for more
information on email authentication, read our blog posts about SPF, DKIM, DMARC,
and BIMI records or watch videos on our YouTube channel)

 Once the Gmail SMTP server authorizes the recipient, it sends the email to the SMTP server of
recipient.com

 Recipient.com’s SMTP server verifies whether jane@recipient.com is valid

 The SMTP server forwards the email to the IMAP/POP3 server

NNTP Protocol:

Network News Transfer Protocol (NNTP) is the underlying protocol of UseNet, which is a worldwide
discussion system which contains posts or articles which are known as news. Network News Transfer
Protocol is used to transfer news from one network to another. It is designed specifically to transfer
news/articles. A NNTP client is included in browsers like Netscape, Opera and Internet Explorer or a special
application named newsreader can be used as a NNTP client. NNTP servers manages the global network of
news groups.

HTTP Protocol:

HTTP stands for HyperText Transfer Protocol. Tim Berner invents it. HyperText is the type of text which is
specially coded with the help of some standard coding language called HyperText Markup Language
(HTML). HTTP/2 is the successor version of HTTP, which was published on May 2015. HTTP/3 is the
latest version of HTTP, which is published in 2022.

The protocol used to transfer hypertext between two computers is known as HyperText Transfer Protocol.
HTTP provides a standard between a web browser and a web server to establish communication. It is a set of
rules for transferring data from one computer to another. Data such as text, images, and other multimedia
files are shared on the World Wide Web. Whenever a web user opens their web browser, the user indirectly
uses HTTP. It is an application protocol that is used for distributed, collaborative, hypermedia information
systems.

Working of HTTP

Whenever we want to open any website then first open a

web browser after that we will type the URL of that website
(e.g., www.facebook.com). This URL is now sent
to Domain Name Server (DNS). Then DNS first check
records for this URL in their database, then DNS will return
the IP address to the web browser corresponding to this
URL. Now the browser is able to send requests to the actual
server.

After the server sends data to the client, the connection will be closed. If we want something else from the
server we should have to re-establish the connection between the client and the server.

HTTP Connection

HTTP Request

HTTP request is simply termed as the information or data that is needed by Internet browsers for loading a
website. This is simply known as HTTP Request.There is some common information that is generally
present in all HTTP requests. These are mentioned below.

 HTTP Version

 URL

 HTTP Method

 HTTP Request Headers

 HTTP Body
HTTP Request Headers

HTTP Request Headers generally store information in the form of key-value and must be present in each
HTTP Request. The use of this Request Header is to provide core information about the client’s information,
etc.

HTTP Request Body

HTTP Request Body simply contains the information that has to be transferred. HTTP Request has the
information or data to be sent to these browsers.

HTTP Method

HTTP Methods are simply HTTP Verb. In spite of being present so many HTTP Methods, the most
common HTTP Methods are HTTP GET and HTTP POST. These two are generally used in HTTP cases. In
HTTP GET, the information is received in the form of a website.

Difference Between HTTP GET and HTTP POST.

HTTP Response

HTTP Response is simply the answer to what a Server gets when the request is raised. There are various
things contained in HTTP Response, some of them are listed below.

 HTTP Status Code

 HTTP Headers

 HTTP Body

HTTP Response

HTTP Response Headers

HTTP Response headers are simply like an HTTP Request where it has that work to send some important
files and data to the HTTP Response Body.

HTTP Response Body

HTTP Responses are the responses that are received successfully upon the request. Generally, it comes
under the requests generated by the web. In most cases, the request is of transferring the HTML data into a
webpage.

HTTP Status Code

HTTP Status Codes are the 3-Digit codes that tell the message or simply tell us about the HTTP Request
whether it has been completed or not. There are simply 5 types of status codes.

 Informational

 Successful
  Re-directional

 Client-Error

 Server-Error

Characteristics of HTTP

HTTP is IP based communication protocol that is used to deliver data from server to client or vice-versa.

 The server processes a request, which is raised by the client, and also server and client know each
other only during the current bid and response period.

 Any type of content can be exchanged as long as the server and client are compatible with it.

 Once data is exchanged, servers and clients are no longer connected.

 It is a request and response protocol based on client and server requirements.

 It is a connection-less protocol because after the connection is closed, the server does not remember
anything about the client and the client does not remember anything about the server.

 It is a stateless protocol because both client and server do not expect anything from each other but
they are still able to communicate.

Advantages of HTTP

 Memory usage and CPU usage are low because of fewer simultaneous connections.

 Since there are few TCP connections hence network congestion is less.

 Since handshaking is done at the initial connection stage, then latency is reduced because there is no
further need for handshaking for subsequent requests.

 The error can be reported without closing the connection.

 HTTP allows HTTP pipe-lining of requests or responses.

Disadvantages of HTTP

 HTTP requires high power to establish communication and transfer data.

 HTTP is less secure because it does not use any encryption method like HTTPS and use TLS to
encrypt regular HTTP requests and response.

 HTTP is not optimized for cellular phones and it is too gabby.

 HTTP does not offer a genuine exchange of data because it is less secure.

 The client does not close the connection until it receives complete data from the server; hence, the
server needs to wait for data completion and cannot be available for other clients during this time.
DNS

Domain Name System (DNS) is a hostname for IP address translation service. DNS is a distributed
database implemented in a hierarchy of name servers. It is an application layer protocol for message
exchange between clients and servers. It is required for the functioning of the Internet.

What is the Need of DNS?

Every host is identified by the IP address but remembering numbers is very difficult for people also the IP
addresses are not static therefore a mapping is required to change the domain name to the IP address. So
DNS is used to convert the domain name of the websites to their numerical IP address.

Types of Domain

There are various kinds of domain:

1. Generic domains: .com(commercial), .edu(educational), .mil(military), .org(nonprofit organization),

.net(similar to commercial) all these are generic domains.

2. Country domain: .in (India) .us .uk

3. Inverse domain: if we want to know what is the domain name of the website. IP to domain name
mapping. So DNS can provide both the mapping. for example to find the IP addresses of
www.w3tech.org then we have to type

nslookup www.w3tech.org

Organization of Domain

It is very difficult to find out the IP address associated with a website because there are millions of websites
and with all those websites we should be able to generate the IP address immediately, there should not be a
lot of delays for that to happen organization of the database is very important.
  DNS record: Domain name, IP address what is the validity? what is the time to live? and all the
information related to that domain name. These records are stored in a tree-like structure.

 Namespace: Set of possible names, flat or hierarchical. The naming system maintains a collection of
bindings of names to values – given a name, a resolution mechanism returns the corresponding
value.

 Name server: It is an implementation of the resolution mechanism.

DNS = Name service in Internet – A zone is an administrative unit, and a domain is a subtree.

Name-to-Address Resolution

The host requests the DNS name

server to resolve the domain name.
And the name server returns the IP
address corresponding to that
domain name to the host so that the
host can future connect to that IP
address.

Name-to-Address Resolution

 Hierarchy of Name Servers Root name servers: It is contacted by name servers that can not
resolve the name. It contacts the authoritative name server if name mapping is not known. It then
gets the mapping and returns the IP address to the host.

 Top-level domain (TLD) server: It is responsible for com, org, edu, etc, and all top-level country
domains like uk, fr, ca, in, etc. They have info about authoritative domain servers and know the
names and IP addresses of each authoritative name server for the second-level domains.

 Authoritative name servers are the organization’s DNS servers, providing authoritative hostnames
to IP mapping for organization servers. It can be maintained by an organization or service provider.
In order to reach cse.dtu.in we have to ask the root DNS server, then it will point out to the top-level
domain server and then to the authoritative domain name server which actually contains the IP
address. So the authoritative domain server will return the associative IP address.

Domain Name Server

The client machine sends a request to the local name server, which, if the root does not find the address in its
database, sends a request to the root name server, which in turn, will route the query to a top-level domain
(TLD) or authoritative name server. The root name server can also contain some hostName to IP address
mappings. The Top-level domain (TLD) server always knows who the authoritative name server is. So
finally the IP address is returned to the local name server which in turn returns the IP address to the host.
How Does DNS Work?

o DNS is a client/server network communication protocol. DNS clients send requests to the. server
while DNS servers send responses to the client.

o Client requests contain a name which is converted into an IP address known as a forward DNS
lookups while requests containing an IP address which is converted into a name known as reverse
DNS lookups.

o DNS implements a distributed database to store the name of all the hosts available on the internet.

o If a client like a web browser sends a request containing a hostname, then a piece of software such
as DNS resolver sends a request to the DNS server to obtain the IP address of a hostname. If DNS
server does not contain the IP address associated with a hostname, then it forwards the request to
another DNS server. If IP address has arrived at the resolver, which in turn completes the request
over the internet protocol.
World Wide Web

World Wide Web which is also known as a Web, is a collection of websites or web pages stored in web
servers and connected to local computers through the internet. These websites contain text pages, digital
images, audios, videos, etc. Users can access the content of these sites from any part of the world over the
internet using their devices such as computers, laptops, cell phones, etc. The WWW, along with internet,
enables the retrieval and display of text and media to your device.

The building blocks of the Web are web pages which are formatted in HTML and connected by links called
"hypertext" or hyperlinks and accessed by HTTP. These links are electronic connections that link related
pieces of information so that users can access the desired information quickly. Hypertext offers the
advantage to select a word or phrase from text and thus to access other pages that provide additional
information related to that word or phrase.

A web page is given an online address called a Uniform Resource Locator (URL). A particular collection of
web pages that belong to a specific URL is called a website, e.g., www.facebook.com, www.google.com, etc.
So, the World Wide Web is like a huge electronic book whose pages are stored on multiple servers across
the world.

Small websites store all of their WebPages on a single server, but big websites or organizations place their
WebPages on different servers in different countries so that when users of a country search their site they
could get the information quickly from the nearest server.

So, the web provides a communication platform for users to retrieve and exchange information over the
internet. Unlike a book, where we move from one page to another in a sequence, on World Wide Web we
follow a web of hypertext links to visit a web page and from that web page to move to other web pages. You
need a browser, which is installed on your computer, to access the Web.

Difference between World Wide Web and Internet:

Some people use the terms 'internet' and 'World Wide Web' interchangeably. They think they are the same
thing, but it is not so. Internet is entirely different from WWW. It is a worldwide network of devices like
computers, laptops, tablets, etc. It enables users to send emails to other users and chat with them online. For
example, when you send an email or chatting with someone online, you are using the internet.

But, when you have opened a website like google.com for information, you are using the World Wide Web;
a network of servers over the internet. You request a webpage from your computer using a browser, and the
server renders that page to your browser. Your computer is called a client who runs a program (web
browser), and asks the other computer (server) for the information it needs.
How the World Wide Web Works

The Web works as per the internet's basic client-server format as shown in the following image. The servers
store and transfer web pages or information to user's computers on the network when requested by the users.
A web server is a software program which serves the web pages requested by web users using a browser.
The computer of a user who requests documents from a server is known as a client. Browser, which is
installed on the user' computer, allows users to view the retrieved documents.

All the websites are stored in web servers. Just as someone lives on rent in a house, a website occupies a
space in a server and remains stored in it. The server hosts the website whenever a user requests its
WebPages, and the website owner has to pay the hosting price for the same.

The moment you open the browser and type a URL in the address bar or search something on Google, the
WWW starts working. There are three main technologies involved in transferring information (web pages)
from servers to clients (computers of users). These technologies include Hypertext Markup Language
(HTML), Hypertext Transfer Protocol (HTTP) and Web browsers.

Firewall

A firewall is a network security device, either hardware or software-based, which monitors all incoming and
outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific
traffic. Accept : allow the traffic Reject : block the traffic but reply with an “unreachable
error” Drop : block the traffic with no reply A firewall establishes a barrier between secured internal

networks and outside untrusted network, such as the Internet .

How does Firewall work?

Firewall match the network traffic against the rule set defined in its table. Once the rule is matched,
associate action is applied to the network traffic. For example, Rules are defined as any employee from HR
department cannot access the data from code server and at the same time another rule is defined like system
administrator can access the data from both HR and technical department. Rules can be defined on the
firewall based on the necessity and security policies of the organization. From the perspective of a server,
network traffic can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the
cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Still, setting a rule on
outgoing traffic is always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these three major
Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port number which
identifies purpose of that packet. Default policy: It is very difficult to explicitly cover every possible rule on
the firewall. For this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop). Suppose no rule is defined about SSH connection to the server on the
firewall. So, it will follow the default policy. If default policy on the firewall is set to accept, then any
computer outside of your office can establish an SSH connection to the server. Therefore, setting default
policy as drop (or reject) is always a good practice.

Generation of Firewall

Firewalls can be categorized based on their generation.

1. First Generation- Packet Filtering Firewall: Packet filtering firewall is used to control network
access by monitoring outgoing and incoming packets and allowing them to pass or stop based on
source and destination IP address, protocols, and ports. It analyses traffic at the transport protocol
layer (but mainly uses first 3 layers). Packet firewalls treat each packet in isolation. They have no
ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the
packets based on unique packet headers. Packet filtering firewall maintains a filtering table that
decides whether the packet will be forwarded or discarded. From the given filtering table, the packets
will be filtered according to the following rules:

Incoming packets from network 192.168.21.0 are blocked.

Incoming packets destined for the internal TELNET server

(port 23) are blocked.

Incoming packets destined for host 192.168.21.3 are

blocked.

All well-known services to the network 192.168.21.0 are

allowed.
 1. Second Generation- Stateful Inspection Firewall: Stateful firewalls (performs Stateful Packet
Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall,
which makes it more efficient. It keeps track of the state of networks connection travelling across it,
such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on
packet’s history in the state table.

2. Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter
the packets on any OSI layer, up to the application layer. It has the ability to block specific content,
also recognize when certain application and protocols (like HTTP, FTP) are being misused. In other
words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the
direct connection between either side of the firewall, each packet has to pass through the proxy. It
can allow or block the traffic based on predefined rules. Note: Application layer firewalls can also be
used as Network Address Translator(NAT).

3. Next Generation Firewalls (NGFW): Next Generation Firewalls are being deployed these days to
stop modern security breaches like advance malware attacks and application-layer attacks. NGFW
consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many
functionalities to protect the network from these modern threats.

Types of Firewall

Firewalls are generally of two types: Host-based and Network-based.

1. Host- based Firewalls : Host-based firewall is installed on each network node which controls each
incoming and outgoing packet. It is a software application or suite of applications, comes as a part of
the operating system. Host-based firewalls are needed because network firewalls cannot provide
protection inside a trusted network. Host firewall protects each host from attacks and unauthorized
access.

2. Network-based Firewalls : Network firewall function on network level. In other words, these
firewalls filter all incoming and outgoing traffic across the network. It protects the internal network
by filtering the traffic using rules defined on the firewall. A Network firewall might have two or
more network interface cards (NICs). A network-based firewall is usually a dedicated system with
proprietary software installed.

Advantages of using Firewall

1. Protection from unauthorized access: Firewalls can be set up to restrict incoming traffic from
particular IP addresses or networks, preventing hackers or other malicious actors from easily
accessing a network or system. Protection from unwanted access.

2. Prevention of malware and other threats: Malware and other threat prevention: Firewalls can be
set up to block traffic linked to known malware or other security concerns, assisting in the defense
against these kinds of attacks.

3. Control of network access: By limiting access to specified individuals or groups for particular
servers or applications, firewalls can be used to restrict access to particular network resources or
services.

4. Monitoring of network activity: Firewalls can be set up to record and keep track of all network
activity. This information is essential for identifying and looking into security problems and other
kinds of shady behavior.
 5. Regulation compliance: Many industries are bound by rules that demand the usage of firewalls or
other security measures. Organizations can comply with these rules and prevent any fines or
penalties by using a firewall.

6. Network segmentation: By using firewalls to split up a bigger network into smaller subnets, the
attack surface is reduced and the security level is raised.

Disadvantages of using Firewall

1. Complexity: Setting up and keeping up a firewall can be time-consuming and difficult, especially
for bigger networks or companies with a wide variety of users and devices.

2. Limited Visibility: Firewalls may not be able to identify or stop security risks that operate at other
levels, such as the application or endpoint level, because they can only observe and manage traffic at
the network level.

3. False sense of security: Some businesses may place an excessive amount of reliance on their
firewall and disregard other crucial security measures like endpoint security or intrusion detection
systems.

4. Limited adaptability: Because firewalls are frequently rule-based, they might not be able to respond
to fresh security threats.

5. Performance impact: Network performance can be significantly impacted by firewalls, particularly

if they are set up to analyze or manage a lot of traffic.

6. Limited scalability: Because firewalls are only able to secure one network, businesses that have
several networks must deploy many firewalls, which can be expensive.

7. Limited VPN support: Some firewalls might not allow complex VPN features like split tunneling,
which could restrict the experience of a remote worker.

8. Cost: Purchasing many devices or add-on features for a firewall system can be expensive, especially
for businesses.

Real-Time Applications of Firewall

1. Corporate networks: Many businesses employ firewalls to guard against unwanted access and other
security risks on their corporate networks. These firewalls can be set up to only permit authorized
users to access particular resources or services and to prevent traffic from particular IP addresses or
networks.

2. Government organizations: Government organizations frequently employ firewalls to safeguard

sensitive data and to adhere to rules like HIPAA or PCI-DSS. They might make use of cutting-edge
firewalls like Next-generation firewalls (NGFW), which can detect and stop intrusions as well as
manage access to particular data and apps.

3. Service providers: Firewalls are used by service providers to safeguard their networks and the data
of their clients, including ISPs, cloud service providers, and hosting firms. They might make use of
firewalls that accommodate enormous volumes of traffic and support advanced features such as VPN
and load balancing.

4. Small enterprises: Small firms may use firewalls to separate their internal networks, restrict access
to specific resources or applications, and defend their networks from external threats.
5. Networks at home: To guard against unwanted access and other security risks, many home users
employ firewalls. A firewall that many routers have built in can be set up to block incoming traffic
and restrict access to the network.

6. Industrial Control Systems (ICS): Firewalls are used to safeguard industrial control systems
against illegal access and cyberattacks in many vital infrastructures, including power plants, water
treatment facilities, and transportation systems.