How Does a Firewall Work?
When searching for the answer to “what is a firewall,” you probably already discovered that a firewall helps protect your network from attackers. However, the way a firewall shields your network is unique because it acts as a 24/7 filter, scanning the data that attempts to enter your network and preventing anything that looks suspicious from getting through.
A simple way to explain how a firewall works is to think of it as a security guard with intimate knowledge of millions of potential criminals. If the guard sees one, he or she keeps the criminal out of the building. Similarly, a firewall’s protection comes from monitoring and regulating traffic that goes in and out of your network. This is accomplished using a few different methods, including packet filtering, a proxy service, and stateful inspection.
Firewalls can be either hardware or software, and they form a wall between your network and the internet or between segments of your network and the rest of your system. Not only do firewalls keep malicious code out of your network, but some, because they can examine data both as it comes in and goes out, can also prevent an attacker from using your system to spread harmful code.
A hardware firewall is a system that works independently from the computer it is protecting as it filters information coming from the internet into the system. If you have a broadband internet router, it likely has its own firewall.
To protect your system, a hardware firewall checks the data coming in from the various parts of the internet and verifies that it is safe. Hardware firewalls that use packet filtering examine each data packet and check to see where it is coming from and its location. The data the firewall collects about each packet is then compared to a permissions list to see if it fits the profile of data that should be discarded. A hardware firewall can protect all the computers attached to it, making it an easily scalable solution.
A software firewall is a program used by a computer to inspect data that goes in and out of the device. It can be customized by the user to meet their needs. Like hardware firewalls, software firewalls filter data by checking to see if it—or its behavior—fits the profile of malicious code.
Software firewalls can monitor traffic trying to leave your computer as well, preventing it from being used to attack other networks or devices. A software firewall has to be installed on each computer in the network. Therefore, a software firewall can only protect one computer at a time.
Firewalls use different methods to protect your network or computer. They include the following:
Data is organized in packets. When a firewall executes packet filtering, it examines the packets of data, comparing it against filters, which consist of information used to identify malicious data. If a data packet meets the parameters of a threat as defined by a filter, then it is discarded and your network is protected. Data packets that are deemed safe are allowed to pass through.
With a proxy service, the firewall acts as a go-between positioned between your computer and anything that tries to connect to it. A proxy firewall is like a mirror of your computer and detects malicious actors attempting to get through to your device.
Proxy firewalls are a secure solution because of the separation they provide between your computer and the internet. Attackers often need to connect directly to your computer to attack it. Because a proxy is between your computer and the internet, hackers cannot form a direct connection to it, rendering their attack useless.
However, there are applications that proxies are not capable of supporting, and if one of these is important to your business, this could pose an issue. For example, Spotify, Google Play, and QWebView have all been known to have issues when interfacing with a proxy. Proxies also tend to work slower than other types of firewalls, which could reduce throughput and impact important business processes.
A stateful inspection firewall inspects every data packet and compares it against a threat database. During the inspection process, the firewall checks where the data is coming from, the ports it uses, and the applications it is associated with. If the data packet checks out, it is allowed to pass. Otherwise, it is discarded.
Stateful inspection can also collect information about the data packets that go through it and use that to gain more insights into data that may pose potential threats in the future.
How Does a Firewall Protect Data?
Firewall filters keep harmful data outside your computer. Some of the top risks from which firewalls protect your computer include backdoors, denial-of-service (DoS) attacks, macros, remote logins, spam, and viruses.
Backdoors are “doorways” to applications with vulnerabilities that attackers exploit to get inside. This includes operating systems that may have bugs that hackers can use to gain access to your computer.
DoS attacks are executed when a hacker requests permission to connect to a server, and when the server responds, it cannot find the system that made the request. When this is done again and again, the server gets flooded and has to expend so much power to deal with the mass of requests, rendering it unable to meet the needs of legitimate visitors. In some cases, the server has to come offline completely. There are some firewalls that can check whether the connection requests are legitimate, and thus, protect your network from DoS attacks.
Macros refer to scripts run by applications to automate processes. A macro can contain a series of dependent steps that are all launched by one command. Hackers design or purchase macros intended to work within certain applications. A macro can be hidden inside seemingly innocent data, and once it enters your computer, it wreaks havoc on your system. A firewall can detect malicious macros as it examines the packets of data that attempt to pass through.
Remote logins are often used to help someone with a computer issue. However, in the hands of the wrong person, they can be abused, particularly because remote logins provide nearly complete access to your system.
Spam can sometimes include links to malicious websites. These types of sites activate malicious code that forces cookies onto a computer. The cookies create backdoors for hackers to gain access to the computer. Preventing a spam attack is often as simple as not clicking on anything suspicious in an email, regardless of who the sender appears to be. A firewall can inspect your emails and prevent your computer from getting infected.
Viruses, once on a computer, copy themselves and spread to another device on the network. Viruses can be used to do a variety of things, ranging from relatively harmless activity to erasing data on your computer. Firewalls can inspect data packets for viruses, but it is better to use antivirus software in conjunction with a firewall to maximize your security.
How Fortinet Can Help
The Fortinet FortiGate solution is a next-generation firewall (NGFW) that filters traffic to protect your network from attacks coming from both the outside and within. It uses packet filtering, Internet Protocol security (IPsec), secure sockets layer (SSL) inspection, Internet Protocol (IP) mapping, network monitoring, and deep inspection. As a result, FortiGate can help keep malware out of your system, as well as identify attacks before they affect your network.
In addition, FortiGate is constantly updated on the new methods cyber criminals use to infiltrate networks. With this capability, FortiGate is a reflexive, automated threat-detection solution that keeps up with the latest dangers on the landscape.