A Network Computer Security Guide: What is a Firewall?
What is a Network Firewall?
A firewall is a network security solution that protects your network from unwanted traffic. Firewalls block incoming malware based on a set of pre-programmed rules. These rules can also prevent users within the network from accessing certain sites and programs.
Firewalls are based on the simple idea that network traffic from less secure environments should be authenticated and inspected before moving to a more secure environment. This prevents unauthorized users, devices, and applications from entering a protected network environment or segment.,
While a state-of-the-art firewall can no longer single-handedly defend a network against today’s complex cyber threat landscape, these devices are still considered to be the foundational building block for creating a proper cybersecurity system. As part of the first line of defense against cyberattacks, firewalls offer essential monitoring and filtering of all traffic, including outgoing traffic, application-layer traffics, online transactions, communications and connectivity— such as IPSec or SSL VPN— and dynamic workflows. Proper firewall configuration is also essential, as default features may not provide maximum protection against cyberattacks.
As the digital landscape grows more complex due to more devices, users, and applications crossing through the network perimeters – especially due to the growing volume of IoT and end user devices – and less overall centralized control from IT and security teams, companies are becoming much more vulnerable to cyberattacks. Therefore, it is essential to understand how firewalls work, what different types are available, and which are the best for securing which areas of your network.
How do Firewalls work?
Originally, firewalls were divided into two camps: proxy and stateful. Over time, stateful inspection became more sophisticated and proxy firewalls became too slow., Today, nearly all firewalls are stateful and divide into two general types: network firewalls and host-based firewalls.
Host-based firewalls protect just one computer, or "host," and are typically deployed on home or personal devices, often coming packaged with the operating system. Occasionally, though, these firewalls can also be used in corporate settings to provide an added layer of protection. Considering the fact that host-based firewalls must be installed and maintained individually on each device, the potential for scalability is limited.
Network firewalls, on the other hand, protect all devices and traffic passing a demarcation point, enabling broad scalability. As the name implies, a network firewall functions at the network level, OSI Layers 3 and 4, scanning traffic between external sources and your local area network (LAN), or traffic moving between different segments inside the network. They are placed at the perimeter of the network or network segment as a first line of defense and monitors traffic by performing deep packet inspection and packet filtering. If those packets do not meet previously selected criteria based on rules that the network administrator or security team has created, they are rejected and that traffic is blocked.
Why Are Network Firewalls Important?
Without a network firewall, your organization is wide open to bad actors who could steal or compromise your data or infect your network with malware. All internet traffic could enter and exit your network unrestricted, even if it’s carrying malicious threats.
Network firewalls are foundational components of an organization’s security infrastructure. Their main job is to monitor incoming and outgoing traffic and either allow or block it. They help protect the network from threats such as:
- Malicious websites
Some immediate consequences of a firewall breach are company-wide outages, which result in productivity loss. Longer term problems include data breaches and reputation damage.
Types of Firewalls
Beyond network and host-based firewalls, there are a few other types to know about, as well. These types of firewalls include:
Web Application Firewalls
A web application firewall operates at a different level than a network firewall, examining incoming traffic for Open Systems Interconnection (OSI) Layer 5 to 7 protocols. Layer 5, the session layer, provides the mechanism for opening, closing and managing sessions between end-user application processes. Layer 6 is responsible for the delivery and formatting of information to the application layer for further processing or display. And Layer 7 allows the user to interact directly with the software application.
Web application firewalls add an extra layer of protection by inspecting and ensuing the integrity of all web and application-based traffic. They offer advantages because they examine more than just the network address and port number of incoming traffic and go deeper to assess threats coming from application protocols (like HTTP and FTP). They also have logging capabilities, which prove invaluable to security teams investigating security incidents.
Unified Threat Management Firewall
Unified Threat Management (UTM) firewalls offer a modern approach to security by incorporating several critical security features under a single dashboard. These firewall solutions combine elements of a stateful inspection firewall with other key security elements such as antivirus, intrusion prevention systems (IPS), anti-spam, virtual private networks (VPN), and more. UTM firewalls are typically deployed as a single security solution, providing multiple security functions. By layering security features on an organization’s network, security teams ensure complete protection and more robust defense against cyber threats.
UTM firewalls offer reduced complexity for security teams who are tasked with protecting and defending their networks with limited staff or resources. Enterprises and even small and medium-sized businesses (SMBs) that are faced with a complex array of vendors on their network, each with its own security function, can pull security under a single umbrella, thereby reducing complexity and overhead. With a UTM firewall, just one security team is needed – even when there are multiple branches to secure.
Network Address Translation Firewalls
Network Address Translation (NAT) firewalls funnel device traffic through a single gateway to the Internet. They generally do not provide any traffic inspection, but simply work to hide the internal network from external devices and to preserve limited IP addresses by using a single IP address for external connections and then using the broad set of available internal address for managing traffic. NAT gateways are often deployed on a Wi-Fi router, but are also sometimes deployed via VPN services.
Internal Segmentation Firewalls
Internal Segmentation Firewalls (ISFW) sit at strategic points of the internal network – in front of specific servers that contain valuable intellectual property, or a set of devices or web applications sitting in the cloud – to provide instant “visibility” to traffic traveling into and out of predetermined areas of the network. They are also designed to deliver proactive segmentation, working in conjunction with solutions like Network Access Control (NAC) to dynamically assign new devices and workflows to specific segments of the network based on a variety of criteria.
Next-Generation Firewalls (NGFW)
A next-generation firewall (NGFW) is similar to a UTM firewall that has been designed to block modern threats. They combine the functionalities and capabilities of previous-generation firewalls – stateful inspection, for example – with techniques that address the ongoing, evolving threat landscape. This is especially critical as cyber criminals become more sophisticated in their attack methods, increasing the level of risk facing networks and the data and devices they hold.
FortiGate: Network Firewall Security
Fortinet’s FortiGate NGFWs exceed the industry standard in providing superior protection, as recognized for the 10th time in Gartner’s Magic Quadrant for Network Firewalls. FortiGate solutions combine all of the various firewall permutations into a single, integrated platform, including new SD-WAN functionality. Its single-pane-of-glass management offers a simplified experience for a broad array of use cases, as well as flexible deployment across all network edges. Fortinet’s security-driven approach to networking enables security to be built into every aspect of the network, from the ground level up.