In AP Cybersecurity, a firewall is software (on its own device or built into something like a router) that allows or denies traffic in and out of a network based on a set of rules called an access control list (ACL).
A firewall is the gatekeeper between a network and the traffic trying to enter or leave it. It's software, not always a physical box. It can run on a standalone device or be baked into another device like a router (EK 3.4.A.1). Its whole job is simple to say: allow or deny traffic.
There are two main flavors. A stateless firewall looks only at packet headers, things like source and destination IP addresses, ports, and protocols, and decides one packet at a time (EK 3.4.A.2). A stateful firewall (also called dynamic packet filtering) is smarter. It tracks the state of each connection, so it knows whether a packet belongs to an already-established session and can filter on connection-related rules on top of the header checks (EK 3.4.A.3). Either way, the firewall makes decisions using an access control list (ACL), a list of permit/deny rules the network admin writes (EK 3.4.B.1).
Firewalls live in Unit 3: Securing Networks, specifically topic 3.4. This term carries all four learning objectives for that topic: identifying firewall types (AP Cybersecurity 3.4.A), explaining how a firewall uses an ACL (AP Cybersecurity 3.4.B), determining where to place firewalls (AP Cybersecurity 3.4.C), and configuring a firewall to manage traffic flow (AP Cybersecurity 3.4.D). That's a lot of CED real estate riding on one concept. Firewalls are how the abstract idea of "securing a network" becomes concrete, so you'll be asked both what they are and how to write and place their rules.
Keep studying AP Cybersecurity Unit 3
Visual cheatsheet
view galleryAccess Control List and Packet Filtering (Unit 3)
A firewall is the device; the ACL is its rulebook. The firewall reads ACL rules in order and acts on the FIRST one that matches a packet, then stops checking. Packet filtering is the actual act of comparing each packet against those rules.
Ports and Protocols (Unit 3)
Firewall rules are written in the language of ports and protocols. A rule like Allow inbound TCP port 22 from ALL; only makes sense if you know port 22 is SSH. Knowing source vs. destination ports and common protocols is what lets you read and write firewall rules correctly.
Host-Based Firewall (Unit 3)
Topic 3.4 focuses on network-based firewalls that guard a whole network or segment. A host-based firewall protects a single device instead. Same allow/deny logic, smaller scope.
Deep Packet Inspection (Unit 3)
Basic firewalls inspect packet headers. Deep packet inspection goes further and reads the actual contents of packets, so it can catch threats hiding inside traffic that header-only filtering would wave through.
Expect multiple-choice questions that hand you a scenario and ask you to name the concept. One stem describes a system that controls which incoming and outgoing packets pass through, and the answer is a firewall. Another describes a system that filters based on whether traffic belongs to an established session, and the answer is a stateful firewall. A third type tests stateless firewalls by asking what they inspect (packet headers) or for examples of header info they use (IP addresses, ports, protocols). You may also need to read or write ACL rules, knowing that rules are checked in order and that each specifies direction (inbound/outbound), a filter criterion, and an action (permit/deny).
A stateless firewall judges each packet on its own, looking only at header info like IP, port, and protocol. A stateful firewall remembers connections, so it knows whether a packet is part of an established session and can filter on that too. Stateful is the one that "keeps track."
A firewall allows or denies network traffic, and it's software that can run on its own device or be built into something like a router.
A stateless firewall filters using only packet header info (IP addresses, ports, protocols), one packet at a time.
A stateful firewall tracks the state of connections and can filter based on whether traffic belongs to an established session.
A firewall uses an access control list (ACL), and rules are checked in order with the first matching rule executed.
Each network segment and each point where the internal network meets the public internet should have a firewall, with security set independently per segment.
A firewall is software used to allow or deny network traffic going in or out of a network. It can be hosted on a standalone device or integrated into another device like a router, and it makes decisions using a rule list called an ACL.
No. The CED is clear that a firewall is software (EK 3.4.A.1). It can live on its own dedicated device, but it can also be integrated into another network device such as a router, so the firewall is the software doing the filtering, not necessarily a separate box.
A stateless firewall filters using only packet header info like IP addresses, ports, and protocols, judging each packet alone. A stateful firewall (dynamic packet filtering) tracks the state of connections, so it can also filter based on whether traffic is part of an established session.
Network admins write an ACL, a set of permit/deny rules. The firewall checks these rules in order and executes the FIRST rule that matches the traffic. Each rule specifies the direction (inbound or outbound), what to filter by (IP, port, service, or application), and the action (permit or deny).
Every network segment should have a firewall to control data flowing in and out of it, and every point where the internal network connects to the public internet (each ingress and egress point) should have one too. Security levels can be set independently per segment based on its data and services.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.