How A Firewall Protects a Network
Table of Contents
- By Greg Brown
- Published: Jun 26, 2023
- Last Updated: Jul 07, 2023
Network security has become increasingly significant due to the growing number and sophistication of cyber threats. Unsecured networks are particularly vulnerable to various risks. Without modern security measures in place, unauthorized individuals can gain access to network resources, compromising sensitive data and systems. Hackers, cybercriminals, and malicious actors continually develop new techniques to exploit vulnerabilities in computer networks, posing a significant risk to individuals, businesses, and even governments.
What Is a Firewall?
A firewall is a security device — computer hardware or software —designed to help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.
Firewalls are typically substantial barriers between trusted networks or computers and an untrusted network. Firewalls can have rules that only one outside source is allowed or many. The barrier only accepts what it is programmed to accept.
For over 30 years, the firewall has remained a primary means of controlling malicious traffic before reaching the source. Firewalls trace back to the beginning of the internet when admins discovered outside influences had breached the network. A researcher at AT&T is considered the first expert to coin the phrase firewall to describe protection from the spread of unwanted network influences, mimicking how walls would stop the spread of fire. The name was likened to partitions that kept fire out of a particular structure.
What Are the Main Types of Firewalls?
Packet-filtering firewalls
A packet-filtering firewall is a management program that can block network traffic IP protocol, an IP address, and a port number. This type of firewall is the most basic form of protection and is meant for smaller networks.
Proxy service firewalls
The proxy service firewall is a system that can help protect your network security by filtering messages at the application layer. It essentially serves as a gateway or middle man between your internal network and outside servers on the web.
Stateful multi-layer inspection (SMLI) firewalls
The stateful multi-layer inspection firewall has standard firewall capabilities and keeps track of established connections. It filters traffic based on state, port, and protocol, along with administrator-defined rules and context. This involves using data from prior connections and packets from the same connection.
Unified threat management (UTM) firewalls
A unified threat management firewall is a program that combines the functions of the SMLI firewall with intrusion prevention and antivirus. Additional services like cloud management may be included under the UTM umbrella of services.
Next-generation firewalls (NGFW)
Next-generation firewalls are more sophisticated than packet-filtering and stateful inspection firewalls. Why? They have more levels of security, going beyond standard packet-filtering to inspect a packet in its entirety.
Network address translation (NAT) firewalls
A Network address translation (NAT) firewall is able to assess internet traffic and block unsolicited communications. In other words, it only accepts inbound web traffic if a device on your private network solicited it.
Virtual firewalls
A virtual firewall is an appliance used in a cloud-based system, both private and public network. This type of firewall is used to assess and manage internet traffic over both physical and virtual networks.
How to Deploy a Firewall?
In the modern era, three delivery methods for deploying a firewall exist. Within each deployment method, there are several types specific to the circumstance.
- Hardware-based firewalls are physical devices like servers that filter malicious or unwanted traffic to a computer or network. Rather than a user plugging a cable directly into a computer, the cables are plugged into the firewall first. The hardware firewall sits directly behind the router analyzing and controlling traffic, looking for specific threats.
- Cloud-hosted firewalls are a relatively new player on the block. These types of firewalls are software-based and cloud-deployed. Built specifically for mitigating direct cyber attacks on private networks, Cloud firewalls are modern solutions to online environments. Several advantages exist for cloud-hosted firewalls. Scalability and easy deployment make cloud barricades a skyrocketing option for many individuals and businesses.
- Software firewalls have been the standard bearer since the technology was created. These types of barriers are excellent at inspecting large amounts of data quickly. Software firewalls can be highly configurable on the fly to meet any need. Software firewalls are perfect for heavy workloads with several types of incoming traffic. Software barriers provide many deployment options to match the environment. These software barriers can be deployed into any network or computer system.
Within each delivery method, there are firewall types to fit the environment. Depending on complexity and size, multiple firewall types may be needed. Firewalls are traditionally inserted inline across a network and are tasked with telling which packets are benign or part of an attack. With the rise of malicious packets, network firewalls must be configured correctly to mitigate a host of various incoming malware.
What Are Firewall Advancements?
Advancements in network technology have allowed admins to configure firewalls to spot known patterns across incoming traffic based on previous attacks. Even though there are a host of various firewall types, here are five that can be deployed within each of the delivery methods above.
- Application-level gateways function as a single entry and exit point on the network. These gateways filter packets according to their inherited service and other characteristics, such as an HTTP request string. Application gateways are also referred to as Proxy firewalls. Application barriers dramatically affect network performance and can be challenging to manage. Application-level barriers are fine-grained security tools that are costlier than most other solutions.
- Circuit-level gateways are a quick solution for restricting access to a network that can quickly identify malicious content. Circuit-level barriers monitor network protocols such as TCP handshakes; however, these firewalls are not designed to inspect incoming and outgoing packets. Circuit-level barriers only process specific requests; all other traffic is rejected. These firewalls must be used with other security measures, or no protection is given.
- Packet filtering firewalls are inline at junction points such as routers or switches. This firewall does not route a packet. Instead, the configuration compares each packet to a set of established rules. Packets are flagged if there are abnormalities in IP addresses, packet types, port numbers, or protocols. Packet filtering firewalls can handle an entire network's traffic if needed. However, this firewall can be easily spoofed by altering the packet payload.
- Stateful inspection firewalls examine each packet and track whether the information is part of an established TCP network. Stateful inspection of firewalls' security is exemplary but takes a high toll on network performance. These firewalls manage entire network sessions to determine their viability while checking IP addresses and payloads. Stateful firewalls are resource intensive and may interfere with network performance.
- Next-generation firewalls combine packet inspection with stateful inspections for malware filtering and antivirus. Traditional firewalls look at packer headers, while NGFW looks at the entire packet and any additional information. Next-generation firewalls track web browsing and can determine whether a packet payload constitutes a legitimate HTML formatted response. These firewalls can be updated automatically and offer more insight than other methods. Next-generation firewalls are costlier than other types.
What to Consider When Choosing a Firewall?
When an enterprise needs additional security, it must ask essential questions, including what needs to be protected. How vital are protecting the resources of the organization and its infrastructure? A firewall for one organization may not be suitable for another.
There are a few issues that need to be considered. What are the technical objectives of the firewall, and will there be more than one? Always consider features and capabilities when deciding on a specific piece of technology. Firewalls can be intended for low-level internet applications or high-level security devices.
There are many implementations of a firewall that incorporate features of several different barriers. Choosing the proper firewall implementation is rarely a matter of finding a single solution that works for everything. Choosing the ideal solution means fully understanding the organization's architecture and functions.
It must be understood that a misconfigured or underpowered firewall may be worse than having no firewall at all. A properly configured barrier to incoming traffic is an asset every organization must have.