What Is a Firewall?
Definition of a Firewall
A firewall is a network security solution that protects your network from unwanted traffic. Firewalls block incoming malware based on a set of pre-programmed rules. These rules can also prevent users within the network from accessing certain sites and programs.
Firewalls are based on the simple idea that network traffic from less secure environments should be authenticated and inspected before moving to a more secure environment. This prevents unauthorized users, devices, and applications from entering a protected network environment or segment. Without firewalls, computers and devices in your network are susceptible to h ackers and make you an easy target for attacks.
While an advanced firewall can no longer single-handedly defend a network against today’s complex cyber threat landscape, these devices are still considered to be the foundational building block for creating a proper cybersecurity system. As part of the first line of defense against cyberattacks, firewalls offer essential monitoring and filtering of all traffic, including outgoing traffic, application-layer traffic, online transactions, communications and connectivity— such as IPSec or SSL VPN— and dynamic workflows. Proper firewall configuration is also essential, as default features may not provide maximum protection against cyberattacks.
As the digital landscape grows more complex due to more devices, users, and applications crossing through the network perimeters – especially due to the growing volume of IoT and end user devices – and less overall centralized control from IT and security teams, companies are becoming much more vulnerable to cyberattacks. Therefore, it is essential to understand how firewalls work, what different types are available, and which are the best for securing which areas of your network.
History of a Firewall
Firewall security has been around since the 1980s. Originally, it only consisted of packet filters and existed within networks designed to examine the packets of data sent and received between computers. Since then, firewalls have evolved in response to the growing variety of threats:
- Generation 1 firewalls—antivirus protection: These consisted of antivirus protections designed to stem the proliferation of viruses invading PCs in the 1980s.
- Generation 2 firewalls—network protection: In the mid-1990s, physical firewalls had to be created to protect networks.
- Generation 3 firewalls—applications: In the early 2000s, firewalls were developed to address vulnerabilities in applications.
- Generation 4 firewalls—payload: These firewalls, developed around 2010, were designed to address evasive and polymorphic attacks.
- Generation 5 firewalls—large-scale protection: Around 2017, large-scale attacks using new and more complex methods necessitated advanced threat detection and prevention solutions.
What Does a Firewall Do?
Originally, firewalls were divided into two camps: proxy and stateful. Over time, stateful inspection became more sophisticated and the performance of proxy firewalls became too slow., Today, nearly all firewalls are stateful and divide into two general types: network firewalls and host-based firewalls.
A host-based or computer firewall protect just one computer, or "host," and are typically deployed on home or personal devices, often coming packaged with the operating system. Occasionally, though, these firewalls can also be used in corporate settings to provide an added layer of protection. Considering the fact that host-based firewalls must be installed and maintained individually on each device, the potential for scalability is limited.
Firewall networks, on the other hand, protect all devices and traffic passing a demarcation point, enabling broad scalability. As the name implies, a network firewall functions at the network level, OSI Layers 3 and 4, scanning traffic between external sources and your local area network (LAN), or traffic moving between different segments inside the network. They are placed at the perimeter of the network or network segment as a first line of defense and monitor traffic by performing deep packet inspection and packet filtering. If the content of the packets do not meet previously selected criteria based on rules that the network administrator or security team has created, the firewall rejects and blocks that traffic.
How Does a Firewall Work?
How does a firewall work? Firewalls work by inspecting packets of data and checking them for threats to enhance network security. They can check the contents of the data, the ports it uses to travel, and its origin to see if it poses a danger. Further, next-generation firewalls (NGFWs) use machine learning to detect patterns of data behavior that may signify anomalous—and dangerous—activity. These capabilities can prevent several kinds of attacks.
Backdoors are a form of malware that allow hackers to access an application or system remotely. Firewalls can detect and stop data that contains backdoors.
Denial of Service
Denial-of-service (DoS) attacks overwhelm a system with fake requests. You can use a network firewall with an access control list (ACL) to control which kinds of traffic are allowed to reach your applications. You can also use a web application firewall (WAF) to detect DoS-style traffic and stop it from impacting your web app.
Macros can be used by hackers to destroy data on your computer. A firewall can detect files with malicious macros and stop them from entering your system.
Firewalls can prevent people from remotely logging in to your computer, which can be used to control it or steal sensitive information.
Spam, which involves unwanted emails being sent without the consent of the recipient, can also be stopped by firewalls. An email firewall can inspect incoming messages and detect spam using a predesigned assortment of rules.
Viruses copy themselves and spread to adjacent computers on a network. Firewalls can detect data packets containing viruses and prevent them from entering or exiting the network.
What Are the Components of a Firewall?
A firewall consists of hardware and software that combine to protect a section of a network from unwanted data. A hardware firewall runs software installed inside it, and software firewalls use your computer as the hardware device on which to run. Whether you have your own firewall or a managed firewall run by a Firewall-as-a-Service (FWaaS) vendor, components will be similar.
The hardware of a firewall has its own processor or device that runs the software capabilities of the firewall. The software of a firewall consists of various technologies that apply security controls to the data trying to go through the firewall. Some of these technologies include:
- Real-time monitoring, which checks the traffic as it enters the firewall
- Internet Protocol (IP) packet filters, which examine data packets to see if they have the potential to contain threats
- Proxy servers, which serve as a barrier between your computer or network and the internet. Requests you send go to the proxy server first, which forwards your web request on. A proxy server can control which websites users interact with, refusing to forward requests to sites that may pose a threat.
- VPN, which is a type of proxy server that encrypts data sent from someone behind the firewall and forward it to someone else
- Network Address Translation (NAT) changes the destination or source addresses of IP packets as they pass through the firewall. This way, multiple hosts can connect to the internet using the same IP address.
- Socket Secure (SOCKS) server that routes traffic to the server on the client’s behalf. This enables the inspection of the client’s traffic.
- Mail relay services, which takes email from one server and delivers it to another server. This makes it possible to inspect email messages for threats.
- Split Domain Name System (DNS), which allows you to dedicate internal usage of your network to one DNS and external usage to another. The firewall can then monitor the traffic going to each server individually.
- Logging, which keeps an ongoing log of activity. This can be reviewed later to ascertain when and how threats tried to access the network or malicious data within the network attempted to get out.
Types of Firewalls
Here are some of the different firewall types and their functions:
- Packet layer: A packet layer analyzes traffic in the transport protocol layer. At the transport protocol layer, applications can communicate with each other using specific protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The firewall examines the data packets at this layer, looking for malicious code that can infect your network or device. If a data packet is identified as a potential threat, the firewall gets rid of it.
- Circuit level: A firewall at the circuit level is positioned as a layer between the transport layer and the application layer of the TCP/Internet Protocol (TCP/IP) stack. Thus, they work at the session layer of the Open Systems Interconnection (OSI) model. In the TCP model, before information can be passed from one cyber entity to another, there needs to be a handshake. A circuit level firewall examines the data that passes during this handshake. The information in the data packets can alert a firewall to potentially harmful data, and the firewall can then discard it before it infects another computer or system.
- Application layer: An application layer firewall makes sure that only valid data exists at the application level before allowing it to pass through. This is accomplished through a set of application-specific policies that allow or block communications being sent to the application or those the application sends out.
- Proxy server: A proxy server captures and examines all information going into or coming out of a network. A proxy server acts like a separate computer between your device and the internet. It has its own IP address that your computer connects to. As information comes in or goes out of the proxy server, it is filtered, and harmful data is caught and discarded.
- Software firewalls: The most common kind of software firewall can be found on most personal computers. It works by inspecting data packets that flow to and from your device. The information in the data packets is compared against a list of threat signatures. If a data packet matches the profile of a known threat, it is discarded.
Fortinet Named a Leader in The Forrester Wave™: Enterprise Firewalls, Q4 2022
According to the Forrester report, “Fortinet excels at performance for value and offers a wide array of adjacent services. Long known for its bang-for-the-buck approach to network security, Fortinet has built a flexible and capable platform with its flagship product, the FortiGate Firewall.Get the Report
Firewall Best Practices
What is firewall configuration? To ensure you get the most from your firewall, follow these best practices. They will enable you to block more threats and better guard your system.
1. Block Traffic by Default
When you block traffic by default, all traffic is prevented from entering your network at first, and then only specific traffic headed towards known, safe services is allowed through.
2. Specify Source IP Address, Destination IP Address, and Destination Port
When you specify the source IP address, you can eliminate the possibility of getting malicious traffic coming directly from IP addresses that are known to present threats. By specifying the destination IP address, you can protect devices with—or those that share—a certain IP address.
Specifying the destination port can protect processes that receive data through certain destination ports, such as databases, which may be targeted by Structured Query Language (SQL) injections meant to tamper with the queries that applications make to databases.
3. Update Your Firewall Software Regularly
With regular software updates, the profiles of known threats that are relatively new to the landscape can be included in your firewalls filters. This ensures you have the most recent protections.
4. Conduct Regular Firewall Software Audits
Regular software audits of your firewalls ensure that they are managing and filtering traffic the way they need to. This reduces risk as well as ensures your system is meeting regulatory or internal requirements.
5. Have a Centralized Management Tool for Multi-vendor Firewalls
With a centralized management tool, you can see the status of and make changes to several different firewalls from disparate vendors all within a single dashboard. In this way, you can check to see how each one is performing and make adjustments as needed without having to navigate through several screens or travel to different workstations.
Firewall vs. Antivirus
What is a firewall compared to antivirus software? While both firewalls and antivirus software protect you from threats, the ways they go about doing so are different. A firewall filters traffic that enters and exits your network, Antivirus software is different in that it works by scanning devices and storage systems on your network looking for threats that have already penetrated your defenses. It then gets rid of this malicious software.
Four Limitations of a Firewall
Firewalls can stop a wide range of threats, but they also have the following limitations:
- They can’t stop users from accessing information on malicious websites after the user has already connected to the website.
- They don’t protect organizations from social engineering.
- If your system has already been infected, the firewall cannot find the threat unless it tries to spread by crossing through the firewall.
- A firewall cannot prevent hackers from using stolen passwords to access sensitive areas of your network.
How Fortinet Can Help
The Fortinet line of FortiGate next-generation firewalls (NGFWs) combine the functionality of traditional firewalls with deep packet inspection (DPI) and machine learning to bring enhanced protection to your network. In this way, FortiGate can identify malware, attacks by hackers, and many other threats and block them.
FortiGate also provides secure sockets layer (SSL) inspection, so even encrypted traffic is examined and filtered. FortiGate has paths allowing for future updates that incorporate the latest information from the threat landscape.
Download the 2022 Gartner Magic Quadrant for Network Firewalls where Fortinet was recognized for the 12th time in the Magic Quadrant.
What Is a Firewall?
A firewall is a network security solution that protects your network from unwanted traffic. Firewalls block incoming malware based on a set of pre-programmed rules.
What is the purpose of a firewall?
Firewalls are based on the simple idea that network traffic from less secure environments should be authenticated and inspected before moving to a more secure environment. This prevents unauthorized users, devices, and applications from entering a protected network environment or segment
What are examples of a firewall?
Different firewall types include; Packet layer, Circuit level, Application layer, Proxy server, and Software firewalls.