What Does a Firewall Do?
A firewall is a security system designed to prevent unauthorized access into or out of a computer network. Firewalls are often used to make sure internet users without access are not able to interface with private networks, or intranets, connected to the internet.
A firewall is positioned between a network or a computer and a different network, like the internet. It controls the network traffic coming in and going out of the computer or network. If you do not have a firewall, virtually any data can exit your computer or network, and virtually any individual or program can come in.
Various Types of Firewalls
What does a firewall do? The answer often depends on where it is and what it is supposed to protect. While all firewalls seek to protect your computer or network, there are different types of firewalls. What happens if you do not have a firewall depends on the attack surface the firewall is designed to shield you from.
For example, if your personal computer does not have a firewall, viruses, malware, and hackers can have open access and even take over your device completely. In other instances, even if your computer is without a firewall, as long as the network it is attached to is protected, you can enjoy a degree of security because the firewall is still between your device and attackers on the internet.
Here are some of the different firewall types and their functions:
- Packet layer: A packet layer analyzes traffic in the transport protocol layer. At the transport protocol layer, applications can communicate with each other using specific protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The firewall examines the data packets at this layer, looking for malicious code that can infect your network or device. If a data packet is identified as a potential threat, the firewall gets rid of it.
- Circuit level: A firewall at the circuit level is positioned as a layer between the transport layer and the application layer of the TCP/Internet Protocol (TCP/IP) stack. Thus, they work at the session layer of the Open Systems Interconnection (OSI) model. In the TCP model, before information can be passed from one cyber entity to another, there needs to be a handshake. A circuit level firewall examines the data that passes during this handshake. The information in the data packets can alert a firewall to potentially harmful data, and the firewall can then discard it before it infects another computer or system.
- Application layer: An application layer firewall makes sure that only valid data exists at the application level before allowing it to pass through. This is accomplished through a set of application-specific policies that allow or block communications being sent to the application or those the application sends out.
- Proxy server: A proxy server captures and examines all information going into or coming out of a network. A proxy server acts like a separate computer between your device and the internet. It has its own IP address that your computer connects to. As information comes in or goes out of the proxy server, it is filtered, and harmful data is caught and discarded.
- Software firewalls: The most common kind of software firewall can be found on most personal computers. It works by inspecting data packets that flow to and from your device. The information in the data packets is compared against a list of threat signatures. If a data packet matches the profile of a known threat, it is discarded.
What Does a Firewall Not Do?
Having a firewall does not necessarily protect you from all threats. There are several risks that can still impact your network. Malware is one of the most prevalent. Malware includes ransomware, viruses, worms, spyware, adware, pharming, phishing, and Trojan horses, each of which can be used to infect and control aspects of your computer.
A firewall cannot always protect you from these threats because they often infiltrate your system through an email. Clicking a link inside the email causes the malicious software to be installed on your computer, thereby infecting it and possibly spreading to the rest of your network. Worms, Trojans, and viruses can all spread inside your network, infecting various computers.
Trojans may come in the form of an application that appears to be harmless, but when you click on it, your system gets infected. A worm replicates on its own, spreading to other areas of your system, potentially inflicting significant damage. Similarly, a virus targets specific areas of your computer, resulting in crashes, insufficient memory, deleted files and programs, and more. If you have a firewall positioned before your wide-area network (WAN) but a computer that has accessed your WAN has one of these threats, you can be exposed.
Firewalls also cannot prevent unauthorized access to your computer. If your computer has a password, it is important to make sure you keep it private. A better defense is to use a hardware authentication device like a token. A user would need to have the token to get into your computer. If a malicious user gains access, they can abuse your device in any way they see fit.
If a firewall is placed between where your computer connects to the network and the rest of the network, the attacker may not be able to use your computer to infect others on the network. In this way, a firewall can be used to segment the network. However, keep in mind that all devices within your segment can be attacked if an unauthorized user gains access.
A firewall also does not protect devices from physical theft or data leakage. For example, a hacker may be able to connect a universal serial bus (USB) device to your computer to track your keystrokes as you log in. A firewall cannot protect you from this kind of intrusion. Also, if your computer is stolen, a firewall will not be able to block a user from gaining access. You will have to rely on login credentials or multi-factor authentication (MFA).
How Fortinet Can Help
A next-generation firewall (NGFW) like FortiGate applies filters to network traffic to protect your company from threats—external and internal. FortiGate does what regular firewalls do, including packet filtering, Internet Protocol security (IPsec), secure sockets layer virtual private network (SSL VPN) support, and network monitoring. With SSL, sensitive information like login credentials, Social Security numbers, and credit card numbers can be transmitted safely. A VPN provides you with a secure connection tunnel in which your data is encrypted. IPsec also encrypts data packets. Because FortiGate supports these features, you can use it as a firewall while taking advantage of these added security measures.
FortiGate, as an NGFW, also performs deeper inspections of data going to and from your network. These inspections give it the ability to identify malware, specific attacks, and other kinds of threats and then block them from entering your network. In addition, FortiGate performs SSL inspection, which allows it to intercept traffic, then decrypt and scan it. During the scan, FortiGate looks for threats. Without SSL inspection, encrypted threats can penetrate your network.
To make sure your network is adequately protected not just now but in the future, FortiGate has paths for future updates. This gives it the flexibility to block novel threats that appear on the threat landscape. Furthermore, the FortiGate intrusion prevention system (IPS) is built to provide enterprise-level security against known and unknown threats, including zero-day threats, which have never been seen before. FortiGate can be a central component of your threat detection and response system.