Posts

What Are These Devices? Three different network security devices that control and inspect internet traffic, each operating at different layers and serving different purposes. 1. Network Firewall Physical or virtual device at network perimeter that blocks/allows traffic based on IP, port, and protocol. Key Characteristics Layer: 3-4 (Network/Transport Layer) Location: On-premises, between internal network and internet Type: Physical appliance or virtual machine Purpose: Control which connections are allowed What It Checks ✓ Source IP address ✓ Destination IP address ✓ Port number (80, 443, 22, etc.) ✓ Protocol (TCP, UDP, ICMP) ✗ Cannot see HTTP headers ✗ Cannot see URLs ✗ Cannot see content Example Decision Rule: Allow port 443 (HTTPS) to any destination Request: 192.168.1.100 → 203.0.113.50:443 Decision: ALLOW (port 443 is allowed) Rule: Block port 22 (SSH) to internet Request: 192.168.1.100 → 203.0.113.50:22 Decision: BLOCK (port 22 is blocked) Common Products Palo Alto Networks PA-Series (physical appliance) Cisco ASA (physical appliance) Fortinet FortiGate (physical appliance) AWS Network Firewall (virtual/cloud) pfSense (software firewall) Physical Deployment [Internet] | [Physical Firewall Appliance] ← Rack-mounted in data center | [Internal Network Switch] | [User Devices] 2. Proxy Server Physical or virtual device that forwards HTTP/HTTPS requests, can inspect and modify content. ...

What is AWS Console API Call Architecture? When you use the AWS Management Console in your browser, it makes API calls to AWS services. Understanding how these calls work is important for debugging, blocking specific services, or understanding the security model. Two Types of API Calls 1. Direct Browser → AWS Service API Example: SSM (Systems Manager) API call Browser JavaScript ↓ https://ssm.us-east-1.amazonaws.com/ ↓ AWS Service responds directly Characteristics: Browser makes HTTPS request directly to service endpoint Uses AWS SigV4 authentication (signed with temporary credentials) Subject to CORS (Cross-Origin Resource Sharing) rules Can be blocked via /etc/hosts Shows in DevTools Network tab with service endpoint URL Example from Session Manager: ...

What is CORS? CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls which websites can make API calls to other domains. What is an Origin? Origin = Protocol + Domain + Port https://example.com:443 ↑ ↑ ↑ Protocol Domain Port Same-Origin Examples: Origin 1: https://example.com/page1 Origin 2: https://example.com/page2 → Same origin ✓ Cross-Origin Examples: Origin 1: https://example.com Origin 2: https://api.example.com → Different domain = Cross-origin ✗ Origin 1: https://example.com Origin 2: http://example.com → Different protocol = Cross-origin ✗ Origin 1: https://example.com:443 Origin 2: https://example.com:8080 → Different port = Cross-origin ✗ Why CORS Exists Without CORS: ...