A firewall is a network security device that monitors and controls incoming and outgoing traffic from a computer network. By allowing only authorized traffic and blocking unwanted traffic, firewalls protect against unauthorized access, malware and other security threats. Firewalls can also prevent sensitive data from leaving the network.
What Are the 3 Types of Firewalls?
- Network Firewalls — including static network firewalls, stateful firewalls and next-generation firewalls (NGFW)
- Host-Based Firewalls
- Web Application Firewalls
How Does a Firewall Work?
A firewall inspects incoming and outgoing network traffic, and makes decisions based on the ruleset. The data sent over a computer network is assembled into a packet, which contains the sender and recipient’s IP addresses and port numbers. Before a packet is delivered to its destination, it’s sent to the firewall for inspection. If the firewall determines the packet is permitted, it will send it to the destination; otherwise, the firewall will drop the packet.
The criteria the firewall uses to determine whether or not the packet is permitted is called a ruleset. For example, a firewall rule may say to drop all traffic incoming to port 22, which is commonly used to log in to computers remotely using SSH (secure shell). In this case, when a packet arrives with the destination port of 22, the firewall will ignore it and fail to deliver it to the source IP.
Firewall Network Communication Concepts to Know
- Ruleset: A list of rules the firewall compares with the incoming packet.
- Packet: A data structure that contains, among other data, the sender and recipient’s IP address.
- IP Address: Similar to a physical address, an IP address helps to uniquely identify a user.
- Port Number: If an IP address is like a physical address, then a port number is akin to an apartment number.
- Protocol: A protocol is like the language two devices are using to communicate. Protocols define the rules of how data is sent and received so that both the device sending a packet and the device receiving a packet can understand it.
Advantages of a Firewall
- Firewalls create a layer of protection against unauthorized access to your network.
- Firewalls help organizations manage their bandwidth usage.
- Firewalls help you monitor your network traffic so you can identify and respond to threats quickly.
- Firewalls prevent viruses and malware from infecting systems and spreading throughout the network.
Network Security
Firewalls are essential tools for keeping networks secure and there are many advantages to using them in your network design. One of the most important advantages is that firewalls create a layer of protection against unauthorized access to your network. By blocking traffic from untrusted sources, firewalls act as a gatekeeper and prevent external threats like unauthorized access attempts, malware and viruses. In short, a firewall helps keep an organization’s data safe and prevent security breaches that can cause significant damage.
Organizational Control
Firewalls also give an organization control over their network traffic. This means it’s easier for organizations to manage their bandwidth use and prioritize what applications they use regularly. For example, you can set rules to ensure that business-critical applications get the resources they need while limiting the amount of bandwidth used by non-essential applications like social media or video streaming. Additionally, firewalls provide real-time visibility into your network traffic, thereby allowing you to detect and respond to potential security threats quickly.
Protection Against Malware and Viruses
Another critical advantage of using a firewall is that it provides protection against malware and viruses. By blocking traffic from known malicious sources, firewalls prevent viruses and malware from infecting systems and spreading throughout the network. With cyber threats becoming more sophisticated, firewalls are an essential defense against these risks. Some firewalls can even scan for malware and viruses on outgoing traffic, which provides even more protection against cyber attacks.
Types of Firewalls
There are three major categories of firewalls: network firewalls, host-based firewalls and web application firewalls.
1. Network Firewalls
A network firewall is the most common type of firewall. It inspects and manages both incoming and outgoing communications from the network. For example, a company may place a network firewall to block incoming and outgoing communications from the internet. Organizations may also place network firewalls within their network between what are called network segments. These types of firewalls allow the organization to control communications between different groups of devices. There are different types of network firewalls.
Static Network Firewalls
Static network firewalls, also known as packet-inspection firewalls, filter only on the individual packet information using the source and destination IP address, protocol and ports.
Stateful Firewalls
Stateful firewalls keep track of network sessions, which helps the firewall understand the context of a single packet in relation to others and make better decisions about what to allow or deny.
Next-Generation Firewalls (NGFW)
Next-generation firewalls combine multiple features such as application-level filtering, integrated intrusion detection and prevention systems (IDS/IPS) and content filtering. This combination of features makes NGFWs the most common type of firewall today.
2. Host-Based Firewalls
Host-based firewalls monitor and control the inbound and outbound network traffic of an individual device on which they are installed. Unlike network firewalls, which control the flow of traffic across an entire network, host-based firewalls work on a per-device basis. We can install them as third-party software but they’re also sometimes included in the base operating system such as Windows or MacOS.
By controlling the traffic on a per-device basis, host-based firewalls can provide more granular control over the communication of an individual device. This control can be useful in situations where a device needs to communicate with specific servers or services, but not others. For example, we can configure a host-based firewall to allow communication with a particular web server, but block communication with other servers.
In addition, our devices may be vulnerable to security threats when connected to unknown networks, such as a local coffee shop’s public network. Host-based firewalls are useful for devices we often connect to different networks.
3. Web Application Firewalls (WAF)
Web application firewalls are specialized firewalls designed to control network access to web applications, such as websites. Web application firewalls are placed in front of a web application, which means that if you’re interacting with a website, you’ll be sending packets to the WAF instead of the web server itself. The WAF will then determine if your connection is permitted or denied. Web application firewalls operate at layer seven of the OSI model and filter HTTP connections in order to protect against threats such as injection attacks, request forgery, cross-site scripting, broken access control and distributed denial of service (DDoS) attacks.
Firewall Applications
Firewalls provide the foundation for network security and can have multiple applications for protecting an organization’s resources. Here are some common scenarios.
- Preventing unauthorized access to resources
- Preventing command and control traffic
- Content filtering
- Network data loss protection
- Identifying network intrusion attempts
1. Preventing Unauthorized Access to Resources
One of the core applications of a firewall is to control access to resources on a network and prevent unauthorized access to those resources.
For example, let’s say we deployed a file share server that allows employees to store and access files centrally instead of keeping local copies on their devices. Anyone who is not an employee, however, should not be able to access this file share. To help enforce this, we can create a firewall rule that states any incoming networking communication to the file share server that did not originate from the corporate network should be denied.
2. Preventing Command and Control Traffic
When attackers gain unauthorized access to a network, they will sometimes install malware that enables them to remotely send the computer commands. Large groups of these infected computers are often referred to as “botnets.” Using threat intelligence such as the IP addresses of known command and control infrastructure, the network traffic can be denied by the firewall before it ever establishes a connection.
3. Filtering Content
You may know content filtering as the annoying blocks when you visit sites such as Facebook. While blocking sites that do not have a business purpose is a capability of most modern firewalls, the most common reason we implement content filtering is to prevent employees from accessing known malicious websites.
For example, if we know that a website is compromised and could pose a risk of malware, content filtering allows us to check if the user is attempting to access that site. If so, the traffic can be denied and the user redirected to a notice message instead.
4. Preventing Network Data Loss
Similar to inspecting network traffic for known malicious websites, we can inspect network traffic for sensitive data such as credit card information, personally identifiable information or trade secrets. If this data is detected in the traffic, we can choose to allow or deny it based on various parameters, such as the destination site.
Let’s say, for example, that a user is attempting to upload credit card information to Dropbox. Before their network traffic leaves the network, it is routed through a firewall that has a rule to drop all traffic with credit card information unless the website is one of the few approved by the information security team, which prevents the employee from uploading the data.
5. Identifying Network Intrusion Attempts
Most modern firewalls also include built-in intrusion detection and/or prevention systems. These tools analyze the network traffic reaching the firewall to detect malicious traffic that is likely to originate from an attacker. If this traffic is detected, an alert will be raised for investigation and, in some instances, blocked.