What Is a Firewall? A Short Guide
Nobody wants unwanted guests in their house, and the same goes for our personal computers and other smart devices. Keeping our private network safe from intruders is a firewall's primary purpose.
Jan 20,2023 January 20,2023
With the increase in cybersecurity attacks in recent years, no one can afford to skimp out on network protection. Whether you are an owner of a small company or just want to protect your personal PC, having a good firewall is essential for multilevel security. But, what is a firewall in the first place, and what does it do, exactly? Let’s find out.
A firewall is a network security software or hardware solution that monitors all network traffic that passes through it. It compares the data packets it receives with the strict set of security rules before it either blocks it or allows it further.
What Is the Purpose of a Firewall?
A firewall aims to create a security screening barrier between networks, usually internal (private) and external (public) networks, that prevents unauthorized access and helps prevent the spread of malicious software. It can be placed at the entrance to a private network, on an endpoint device, or in both locations for maximum security.
How Does a Firewall Work?
Think of your private network as a fortress without anyone guarding the gates. Anyone can come in and take what they want. But if you place a guard post at the entrance, suddenly it’s not so easy anymore. The guard in that post? That’s the firewall.
It thoroughly checks all incoming and outgoing traffic for any suspicious activities. If it also works as a gateway firewall, you’ve just added another guard to watch the back of your fortress.
Without one, a private network almost becomes an open network: a fortress with its gates left unbarred and unguarded.
Types of Firewalls
Different types of network firewalls use different filtering methods, which is one way we can distinguish between them. The other one is by their structure.
- Hardware firewall
- Software firewall
- Cloud firewall (hybrid)
- Stateless packet-filtering firewall
- Circuit-level gateways firewall
- Stateful packet-filtering firewalls
- Proxy Firewall
- Next-gen firewall (NGFW)
As mentioned earlier, one of the ways we differentiate firewalls is by their structure. Combining more than one type of firewall will improve network security and firewall protection.
1. Hardware Firewall
As the name suggests, a hardware firewall is a physical device located between the gateway and the internal network. They work as a barrier between the internal and external networks like the internet. They excel at protecting against external attacks but cannot stop internal ones. That is why software firewalls are needed on endpoint devices.
2. Software Firewall
A software firewall is the most common firewall protection available to regular consumers. The software firewall is installed separately on each endpoint device. It serves as the last line of network defense and sometimes even the only one. The drawback is that they can be a drain on the machine’s CPU or RAM resources and sometimes have to be configured manually on each device.
3. Cloud Firewall
Like any other cloud solution, this type of firewall is designed for modern business needs. That means it’s easy to scale with the company’s growth without needing to buy the hardware, hire people, and allocate a designated office space.
A cloud firewall combines a software-based solution with cloud-deployed hardware to stop or limit unwanted access to private networks. In a nutshell, it’s a combination of both the software and hardware-based approaches. Such firewalls are often asked with protecting other cloud platforms, applications, and on-premise infrastructure.
Each new firewall tries to introduce a new way of filtering data packets and further increases firewall protection.
Firewalls also operate at a different Open System Interconnection model (OSI) layer or across multiple layers. Let’s look at a few common types of firewalls in terms of filtering functionality.
1. Stateless Packet-Filtering Firewall
The most common type of firewall is a packet-filtering firewall. It operates on the network layer (OSI layer 3) and provides the most basic kind of filtering.
It checks all the data packets sent based on their origin and the destination on the network. Connections accepted or denied by the firewall are not tracked, so the firewall checks each packet repeatedly. The rules for filtering are based on a manually created access control list, and there are no logs, so tracking and discovering any security leaks is almost impossible. It requires constant correction to be used effectively.
The stateless firewall security model is rudimentary at best. It is also unable to read the application protocol (layer 7) of the data packet, making it unable to determine if the packet contains any malicious content. It only matches the source, and if the source is trusted, the file will go through to its target.
2. Circuit-Level Gateways Firewall
Circuit-level gateways firewalls operate at the transport layer (layer 4). It works by monitoring the transmission control protocol (TCP) and User Datagram Protocol (UDP) handshake between packets before determining whether the request is legitimate. As long as nothing suspicious happens, the request will be allowed. From that point on, the firewall doesn’t monitor the connection.
Since the connection is left unmonitored, it could be used to permit malicious software or attackers into the system. Due to its design flaw, it’s rarely used without additional features like packet filtering and application layer proxy services to provide complete firewall protection.
3. Stateful Packet-Filtering Firewall
Stateful packet-filtering, also known as a dynamic packet-filtering firewall, started off by operating at the transport layer (layer 4) but nowadays operates across multiple OSI stack layers, including the application layer (layer 7).
A stateful firewall checks the packet origin and destination on the network, just like a stateless firewall. It monitors the handshake for any suspicious activities, like a circuit-level firewall. But unlike both of them, it remembers the previous connection's details and continuously checks for any changes or suspicious activities.
Filtering decisions are based on the rules set by the network administrator. Still, the firewall can change them based on its previous experience with a packet it identifies as troublesome or harmful.
4. Proxy Firewall
Also known as an application-level firewall (layer 7 firewall) or gateway firewall, this is the closest firewall representing a physical barrier between networks.
The hardware which holds the firewall, also known as a bastion host, becomes a go-between for every connection to the internet. If any of the machines on the internal network need to communicate with the external network, all the traffic is routed through the proxy server.
Proxy firewall security uses deep packet inspection (DPI) and proxy-based architecture to inspect application traffic. Like stateful packet-filtering firewall security, it checks the handshake protocol, inspects the packet, monitors connections, and remembers past ones. It can block specific application content and recognize when the attackers misuse certain protocols.
The only downside is that its heavy use of security protocols can slow down or interfere with incoming packets that aren’t a threat, but that is the price of security.
5. Next-gen firewall (NGFW)
Cybercriminals keep evolving their tactics and malicious payloads. Next-generation firewall protection needs to stay on top of things by implementing cutting-edge technologies with best-practice examples from previous generations of network firewalls.
It needs to include encrypted traffic inspection, anti-virus software, an intrusion prevention system, deep packet inspection, and more to stay on top of the ever-evolving malware and zero-day attacks.
Future of Firewall Technology
As our networks evolve to accommodate a new way of doing business, so must our network security. Tradicional network traffic flowed from client to server and server to client, but in the past few years )because of virtualization and converged infrastructure), server to server connections have become far more common.
Some organizations migrated away from traditional three-layer data center architecture to various other forms of leaf-like architecture to adapt to this new change. Such leaf-like structures make networks more vulnerable than before, making network firewall security more relevant today than ever before.
The current solution isn’t to have one firewall but many. The ideal option is placing multiple firewall points across the network with a centralized policing system and advanced security functionality. Firewalling should benefit from intelligence sharing across all the control points to establish constant threat visibility and control.
It needs to help system administrators detect, investigate, and remove threats completely in the shortest possible amount of time. In such a system, overall security is as strong as its weakest link, so every part of the network must be well-protected.
What Is a Human Firewall?
Overreliance on programs for our protection sometimes leads to forgetting the last and best line in our defense against cybercriminals: people.
Cybercriminals often use methods that don’t require any malicious code, only bad intentions, and social engineering. Because such attacks don’t use any detectable malicious code, they can fly under the radar of even the most advanced firewalls and anti-malware protection. We are talking about phishing attacks.
Phishing attacks are engineered to force its victim to act without thinking, doing the hacker’s job for them and allowing malware to get past security systems. The consequences can be catastrophic. They range from data to financial loss, or worse, leaks of sensitive, highly-confidential company information.
Our human firewall, the company's workforce, needs to be trained to recognize and identify such attempts, as firewall protection alone cannot keep us 100% safe from cyber threats.
According to their location on the security network, firewalls can be divided into three groups: software, hardware, and cloud-based.
To protect a network from unauthorized connections which could have malicious intent, such as infecting local computers with malware or stealing confidential data.
A firewall is network security software or hardware that monitors all incoming and outgoing network traffic for potentially malicious data packets.
Your email address will not be published.*