I. Network Security Involves protecting devices and systems connected within a network from cyber threats. Common devices included in security networking are: Firewalls, Computers, Routers, Servers, Switches, IDS, IPS, VPN , Network Monitoring Tools, Proxy Servers and Network Security Cameras& Io 1. What is a Firewall A firewall is a network security device (or software) that acts as a barrier between your trusted internal network and untrusted external sources like the internet. Think of it as a digital security guard that filters which data is allowed in and out based on predefined rules.
2. Why Do Firewalls Matter Without a firewall, your server or application could be open to anyone, including malicious actors. Firewalls protect your system by Blocking suspicious traffic Preventing unauthorized access Reducing the risk of malware and denial-of-service (DoS) attacks. They are essential for keeping confidential data safe and maintaining system availability.
3. Types of Firewalls a. Packet Filtering checks headers of each packet and blocks/allows based on IP, port, or protocol. b. Stateful Inspection tracks the state of active connections and makes decisions based on context. c. Proxy Firewalls act as intermediaries, processing requests before sending them to the destination.
II. packet filtering --- Security Groups — The First Line of Defense In AWS EC2, the first network-level security control I used was a Security Group. Think of it like a virtual firewall that filters traffic before it even touches my server. These work like packet filters:
My EC2 server is protected by AWS Security Groups, which are:
a. form of Packet Filtering Firewall
b. Operate at Layer 3 and 4 of the OSI model
c. Control traffic based on IP address, port number, and protocol
d. Stateless: No memory of past packets

Here is a screenshot from my blog:
This is my server running in AWS: (IF you don't know what AWS is contact me)

Let’s break down the firewall rules I’ve set up on my EC2 server to protect the blog:

When you click on edit inbound rules you will be directed to this window. In this window you can set up any rules you want.

What Firewall Rules Are Applied Here are the key rules I’ve applied to my EC2 instance:
• ✅ Allow TCP on Port 443 (HTTPS) from 0.0.0.0/0
This allows anyone on the internet to access my blog securely. Port 443 is standard for HTTPS traffic.
• ✅ Allow TCP on Port 22 (SSH) from my specific IP
This permits only me to remotely access the server using SSH. It’s locked down to just my IP for security.
• ❌ Deny all other traffic (default)
Any traffic that doesn’t match the rules above is automatically blocked. This “deny by default” approach significantly reduces exposure to potential attacks.

Here is a short video for demonstration:
short video:

III. What Happens After the traffic reaches the actual server Once traffic passes the security group, it reaches the actual server. That’s where more components step in:

Virtual Firewall like ufw or firewalld
On the EC2 instance itself, I can run a virtual firewall like UFW (Uncomplicated Firewall) to add another layer of filtering. While AWS handles cloud-level protection, this protects at the operating system level.
Example:
• Allow only ports 22 and 443
• Block local brute-force attacks
• Monitor suspicious outbound connections
This is like saying: “Even if AWS lets you through, you still have to pass another checkpoint inside the house.”
Here is a real world example: I will show you the command to use to run virtual firewall.
After you SSH to the EC2 Linux Server: you will see the terminal:

and here is the command you have to use:

sudo ufw enable
this will lock you out. So you have to unlock yourself
because by default, you have this:
- Default incoming: deny
- Default outgoing: allow
After you enable the UFW, you have to this:
sudo ufw allow OpenSSH #allow yourself to SSH
sudo ufw allow 80 #HTTP allow people to visit website
sudo ufw allow 443 #HTTPS allow people to visit website

Short video for demonstration:

Now that we've strengthened the server's basic security by configuring UFW (Uncomplicated Firewall) to control incoming traffic, the next critical step is to properly manage how our application handles and serves web requests. This is where Nginx and Gunicorn come into play, working together to efficiently and securely deliver content to users.
NGINX Reverse Proxy NGINX is a high-performance web server that I use as a reverse proxy. Its job is to:
• Accept incoming requests from users on the internet.
• Handle SSL (HTTPS) traffic.
• Forward valid requests to Gunicorn, which actually runs my blog application.
• Serve static files like CSS and JavaScript directly.

How Nginx Handles Traffic
Here's the basic flow:

🌐 User types your website address (securecyberwar.com) in their browser.

🛡️ Nginx receives the request first.

🚦 Nginx decides if the request should be:

Served directly (static files like images, CSS, JavaScript). Or forwarded to your Django app (dynamic content like blog posts).

🚀 Nginx forwards dynamic content requests to Gunicorn.

📦 Gunicorn processes the request with Django and sends the response back to Nginx.

🌎 Nginx sends the final response back to the user's browser.

Gunicorn Python WSGI Server Gunicorn is the application server that runs my Django blog. Once NGINX sends it a request:
• Gunicorn runs the Python code that powers the blog.
• It generates the response (like an HTML page).
• The response goes back to NGINX, and then to the user.
Gunicorn is great at managing multiple user requests and making sure the blog stays responsive and fast.

🔄 Recap: The Layers of Network Security on My Blog