Firewalls, IDS/IPS, VPNs | Cyber Security Tutorial - Learn with VOKS
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL
Back Next
Cyber Security
01. Introduction 02. Types of Cyber Threats 03. Cyber Security Domains 04. CIA Triad (Confidentiality Integrity Availability) 05. Career paths in Cyber Security 06. Certifications 07. Ethics and Responsible Disclosure 08. Laws and Regulation (e.g. GDPR, NDPR) 09. What is an OS? 10. Types: Window, Linus, macOS 11. Command-line vs GUI 12. OS Internals Overview (filesystems, processes, permissions) 13. Windows command prompt basics 14. Linux Bash Basics 15. File System Navigation 16. Basic Scripting 17. IP Addressing 18. DNS, DHCP 19. Mac Address 20. OSI VS TCP/IP Models 21. Ports and Protocols (TCP, UDP) 22. Common Protocols (HTTPS, FTP, SSH, etc.) 23. Packet structure 24. Firewalls, IDS/IPS, VPNs 25. Common attacks: MITM, Sniffing 26. Secure Network Practices 27. How the Web works 28. HTTP vs HTTPS 29. URLs, Headers, Cookies 30. Client-Server Architecture 31. Introduction To Web Security 32. OWASP Top 10 Overview 33. Common Threats (XSS, SQLi, CSRF) 34. Inpute validation and authentication flow 35. Basic Exploitation demo (e.g. XSS) 36. Burp Suite Introduction 37. Using a Browser For Testing 38. Password security 39. MFA-Antivirus 40. Cyber Hygeine Practice 41. Intro To Tools: Nmap, Wireshark, Netstat

Firewalls, IDS/IPS, VPNs

Introduction to firewalls, ids/ips, and vpns

when computers connect to the internet, they are exposed to risks such as hackers, malware, and unauthorized access. to protect systems and data, networks use security technologies like firewalls, intrusion detection/prevention systems (ids/ips), and virtual private networks (vpns).

think of a company network like a building:

  • firewall = security guard at the entrance
  • ids = security camera that watches and alerts
  • ips = security guard that actively stops intruders
  • vpn = secure private tunnel for employees entering remotely

each one plays a different but important role in cybersecurity.

1. firewall

a firewall is a security device or software that controls incoming and outgoing network traffic based on rules.

it acts as a barrier between:

  • a trusted internal network
  • an untrusted external network (like the internet)

how a firewall works:

  1. traffic enters or leaves a network.
  2. the firewall checks the packet.
  3. it compares it against a set of rules.
  4. it allows or blocks the traffic.

firewalls can filter based on:

  • ip address
  • port number
  • protocol (tcp/udp)
  • application type

Types of firewalls:

  1. packet-filtering firewall
  • checks basic packet information (ip, port).
  • simple and fast.
  1. stateful firewall
  • tracks active connections.
  • understands whether traffic belongs to an existing session.
  1. application-layer firewall
  • inspects application data (for example, http traffic).

real-world examples:

  • Windows Defender Firewall
  • pfSense

simple example of a firewall rule in linux (using iptables):

# block incoming traffic on port 23 (telnet)
sudo iptables -A INPUT -p tcp --dport 23 -j DROP

This rule blocks telnet traffic from entering the system.

2. IDS (intrusion detection system)

an intrusion detection system (ids) monitors network traffic and looks for suspicious activity.

important:

  • ids does not block traffic.
  • it only detects and alerts.

how ids works:

  1. monitors network packets.
  2. compares traffic to known attack patterns (signatures).
  3. or detects unusual behavior (anomaly detection).
  4. sends alerts if something suspicious is found.

types of ids:

  1. network-based ids (nids)
  2. monitors network traffic.
  3. host-based ids (hids)
  4. monitors activity on a specific computer.

example:

if someone tries multiple failed login attempts, ids can detect this and send an alert.

real-world example:

  • Snort

3. IPS (intrusion prevention system)

an intrusion prevention system (ips) is similar to ids but more powerful.

difference:

  • ids detects and alerts.
  • ips detects and blocks automatically.

how ips works:

  1. monitors traffic.
  2. detects malicious patterns.
  3. immediately blocks or drops harmful packets.

ips can:

  • block ip addresses
  • reset connections
  • prevent exploits

real-world example:

  • Suricata

IDS vs IPS comparison

ids:

  • monitors traffic
  • alerts only
  • does not block

ips:

  • monitors traffic
  • alerts
  • actively blocks attacks

4. VPN (virtual private network)

a virtual private network (vpn) creates a secure encrypted connection over the internet.

it allows users to:

  • access private networks remotely
  • protect data from eavesdropping
  • hide their real ip address

how vpn works:

  1. user connects to vpn server.
  2. vpn creates an encrypted tunnel.
  3. all internet traffic passes through that tunnel.
  4. data is encrypted before leaving the device.
  5. vpn server decrypts and forwards the traffic.

benefits of vpn:

  • encryption
  • privacy
  • secure remote access

real-world vpn technologies:

  • OpenVPN
  • IPsec
  • WireGuard

example of connecting to openvpn (command line):

sudo openvpn --config myvpnconfig.ovpn

How they work together in real life

example: employee working from home

  1. employee connects to company vpn.
  2. vpn encrypts traffic.
  3. traffic reaches company firewall.
  4. firewall checks if traffic is allowed.
  5. ids/ips monitors for suspicious behavior.
  6. if an attack is detected:
  • ids alerts security team.
  • ips blocks the attack automatically.

together, these tools create layered security. this approach is called defense in depth.

Simple python simulation example

below is a simplified simulation of how a firewall and ids might behave logically. this is for learning purposes only.

# simple simulation of firewall and ids

blocked_ports = [23]  # telnet blocked
suspicious_ips = ["192.168.1.100"]

def firewall(packet):
    if packet["dest_port"] in blocked_ports:
        return "blocked by firewall"
    return "allowed"

def ids(packet):
    if packet["source_ip"] in suspicious_ips:
        return "alert: suspicious ip detected"
    return "no threat detected"

def process_packet(packet):
    fw_result = firewall(packet)
    if fw_result == "blocked by firewall":
        return fw_result

    ids_result = ids(packet)
    return f"{fw_result}, {ids_result}"

# example packet
packet = {
    "source_ip": "192.168.1.100",
    "dest_port": 80
}

print(process_packet(packet))

this code demonstrates:

  • firewall blocks based on port.
  • ids checks suspicious ip.
  • system processes packet step by step.

Why these technologies are important

without firewalls:

  • anyone could directly access your system.

without ids/ips:

  • attacks could go unnoticed.

without vpn:

  • remote connections could be intercepted.

modern cybersecurity depends on combining these tools to reduce risk and protect sensitive information.

Example Code:
# =========================
# firewall rule example
# =========================
sudo iptables -A INPUT -p tcp --dport 23 -j DROP

# =========================
# openvpn connection example
# =========================
sudo openvpn --config myvpnconfig.ovpn
Cyber Security
Introduction Types of Cyber Threats Cyber Security Domains CIA Triad (Confidentiality Integrity Availability) Career paths in Cyber Security Certifications Ethics and Responsible Disclosure Laws and Regulation (e.g. GDPR, NDPR) What is an OS? Types: Window, Linus, macOS Command-line vs GUI OS Internals Overview (filesystems, processes, permissions) Windows command prompt basics Linux Bash Basics File System Navigation Basic Scripting IP Addressing DNS, DHCP Mac Address OSI VS TCP/IP Models Ports and Protocols (TCP, UDP) Common Protocols (HTTPS, FTP, SSH, etc.) Packet structure Firewalls, IDS/IPS, VPNs Common attacks: MITM, Sniffing Secure Network Practices How the Web works HTTP vs HTTPS URLs, Headers, Cookies Client-Server Architecture Introduction To Web Security OWASP Top 10 Overview Common Threats (XSS, SQLi, CSRF) Inpute validation and authentication flow Basic Exploitation demo (e.g. XSS) Burp Suite Introduction Using a Browser For Testing Password security MFA-Antivirus Cyber Hygeine Practice Intro To Tools: Nmap, Wireshark, Netstat
All Courses
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL