What Is a Firewall?
What is a firewall in computer networks? A firewall is a device that filters the traffic that is allowed to go to or from a section of your network. Also, within this firewall definition, a firewall can be used to set up a secure virtual private network (VPN) by encrypting the data that gets transmitted between the parties connected to it.
Companies use firewall protection to ensure the data coming into their networks is harmless, as well as to prevent data from being stolen or components within the network from being used to launch attacks on other networks.
History of Firewall
Firewall security has been around since the 1980s. Originally, it only consisted of packet filters and existed within networks designed to examine the packets of data sent and received between computers. Since then, firewalls have evolved in response to the growing variety of threats:
- Generation 1 firewalls—antivirus protection: These consisted of antivirus protections designed to stem the proliferation of viruses invading PCs in the 1980s.
- Generation 2 firewalls—network protection: In the mid-1990s, physical firewalls had to be created to protect networks.
- Generation 3 firewalls—applications: In the early 2000s, firewalls were developed to address vulnerabilities in applications.
- Generation 4 firewalls—payload: These firewalls, developed around 2010, were designed to address evasive and polymorphic attacks.
- Generation 5 firewalls—large-scale protection: Around 2017, large-scale attacks using new and more complex methods necessitated advanced threat detection and prevention solutions.
Why Is a Firewall Important?
What does a firewall do? Firewalls are important not only for their threat prevention capabilities but also the ways in which they enhance privacy and monitor traffic. In the context of this firewall meaning, firewalls provide several benefits.
Sends Alerts About Malicious Activity
Firewalls are able to send alerts about malicious data in addition to stopping the attacks. This enables administrators to see the frequency of attacks and take note of attack patterns.
Monitor and Stop Malicious Traffic
Firewalls provide visibility into when and how threats attempt to penetrate your network. In addition, they prevent attacks from gaining a foothold in your system.
Defend From Phishing Attacks
Firewalls can inspect the traffic generated by users as they try to access content linked to in a phishing attack. This is one of the key benefits of firewall technology. In this way, a firewall in a computer can protect well-meaning users from hurting their own devices or networks.
Firewalls, particularly when used to prevent data theft, can enhance the privacy of a network. Also, when firewalls are used to set up VPNs, they can ensure private communications between users.
How Does a Firewall Work?
How does a firewall work? Firewalls work by inspecting packets of data and checking them for threats to enhance network security. They can check the contents of the data, the ports it uses to travel, and its origin to see if it poses a danger. Further, next-generation firewalls (NGFWs) use machine learning to detect patterns of data behavior that may signify anomalous—and dangerous—activity. These capabilities can prevent several kinds of attacks.
Backdoors are a form of malware that allow hackers to access an application or system remotely. Firewalls can detect and stop data that contains backdoors.
Denial of Service
Denial-of-service (DoS) attacks overwhelm a system with fake requests. You can use a network firewall with an access control list (ACL) to control which kinds of traffic are allowed to reach your applications. You can also use a web application firewall (WAF) to detect DoS-style traffic and stop it from impacting your web app.
Macros can be used by hackers to destroy data on your computer. A firewall can detect files with malicious macros and stop them from entering your system.
Firewalls can prevent people from remotely logging in to your computer, which can be used to control it or steal sensitive information.
Spam, which involves unwanted emails being sent without the consent of the recipient, can also be stopped by firewalls. An email firewall can inspect incoming messages and detect spam using a predesigned assortment of rules.
Viruses copy themselves and spread to adjacent computers on a network. Firewalls can detect data packets containing viruses and prevent them from entering or exiting the network.
What Are the Components of a Firewall?
A firewall consists of hardware and software that combine to protect a section of a network from unwanted data. A hardware firewall runs software installed inside it, and software firewalls use your computer as the hardware device on which to run. Whether you have your own firewall or a managed firewall run by a Firewall-as-a-Service (FWaaS) vendor, components will be similar.
The hardware of a firewall has its own processor or device that runs the software capabilities of the firewall. The software of a firewall consists of various technologies that apply security controls to the data trying to go through the firewall. Some of these technologies include:
- Real-time monitoring, which checks the traffic as it enters the firewall
- Internet Protocol (IP) packet filters, which examine data packets to see if they have the potential to contain threats
- Proxy servers, which serve as a barrier between your computer or network and the internet. Requests you send go to the proxy server first, which forwards your web request on. A proxy server can control which websites users interact with, refusing to forward requests to sites that may pose a threat.
- VPN, which is a type of proxy server that encrypts data sent from someone behind the firewall and forward it to someone else
- Network Address Translation (NAT) changes the destination or source addresses of IP packets as they pass through the firewall. This way, multiple hosts can connect to the internet using the same IP address.
- Socket Secure (SOCKS) server that routes traffic to the server on the client’s behalf. This enables the inspection of the client’s traffic.
- Mail relay services, which takes email from one server and delivers it to another server. This makes it possible to inspect email messages for threats.
- Split Domain Name System (DNS), which allows you to dedicate internal usage of your network to one DNS and external usage to another. The firewall can then monitor the traffic going to each server individually.
- Logging, which keeps an ongoing log of activity. This can be reviewed later to ascertain when and how threats tried to access the network or malicious data within the network attempted to get out.
Types of Firewalls
There are several different types of firewalls, and each one protects your network in a different way.
- Packet layer: A packet layer analyzes traffic in the transport protocol layer. At the transport protocol layer, applications can communicate with each other using specific protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The firewall examines the data packets at this layer, looking for malicious code that can infect your network or device. If a data packet is identified as a potential threat, the firewall gets rid of it.
- Circuit level: A firewall at the circuit level is positioned as a layer between the transport layer and the application layer of the TCP/Internet Protocol (TCP/IP) stack. Thus, they work at the session layer of the Open Systems Interconnection (OSI) model. In the TCP model, before information can be passed from one cyber entity to another, there needs to be a handshake. A circuit level firewall examines the data that passes during this handshake. The information in the data packets can alert a firewall to potentially harmful data, and the firewall can then discard it before it infects another computer or system.
- Application layer: An application layer firewall makes sure that only valid data exists at the application level before allowing it to pass through. This is accomplished through a set of application-specific policies that allow or block communications being sent to the application or those the application sends out.
- Proxy server: A proxy server captures and examines all information going into or coming out of a network. A proxy server acts like a separate computer between your device and the internet. It has its own IP address that your computer connects to. As information comes in or goes out of the proxy server, it is filtered, and harmful data is caught and discarded.
- Software firewalls: The most common kind of software firewall can be found on most personal computers. It works by inspecting data packets that flow to and from your device. The information in the data packets is compared against a list of threat signatures. If a data packet matches the profile of a known threat, it is discarded.
Firewall Best Practices
What is firewall configuration? To ensure you get the most from your firewall, follow these best practices. They will enable you to block more threats and better guard your system.
Block Traffic by Default
When you block traffic by default, all traffic is prevented from entering your network at first, and then only specific traffic headed towards known, safe services is allowed through.
Specify Source IP Address, Destination IP Address, and Destination Port
When you specify the source IP address, you can eliminate the possibility of getting malicious traffic coming directly from IP addresses that are known to present threats. By specifying the destination IP address, you can protect devices with—or those that share—a certain IP address.
Specifying the destination port can protect processes that receive data through certain destination ports, such as databases, which may be targeted by Structured Query Language (SQL) injections meant to tamper with the queries that applications make to databases.
Update Your Firewall Software Regularly
With regular software updates, the profiles of known threats that are relatively new to the landscape can be included in your firewalls filters. This ensures you have the most recent protections.
Conduct Regular Firewall Software Audits
Regular software audits of your firewalls ensure that they are managing and filtering traffic the way they need to. This reduces risk as well as ensures your system is meeting regulatory or internal requirements.
Have a Centralized Management Tool for Multi-vendor Firewalls
With a centralized management tool, you can see the status of and make changes to several different firewalls from disparate vendors all within a single dashboard. In this way, you can check to see how each one is performing and make adjustments as needed without having to navigate through several screens or travel to different workstations.
How Fortinet Can Help
The Fortinet line of FortiGate next-generation firewalls (NGFWs) combine the functionality of traditional firewalls with deep packet inspection (DPI) and machine learning to bring enhanced protection to your network. In this way, FortiGate can identify malware, attacks by hackers, and many other threats and block them.
FortiGate also provides secure sockets layer (SSL) inspection, so even encrypted traffic is examined and filtered. FortiGate has paths allowing for future updates that incorporate the latest information from the threat landscape.