What is a firewall: A simple explanation
Buildings have firewalls to stop fires from spreading. The cybersecurity world has its equivalent – firewalls that stop malicious traffic from entering and spreading all over your internal network. Read on to learn more about firewall security.
Contents
What is a firewall?
A firewall, sometimes also called a network firewall, is a cybersecurity tool that filters incoming and outgoing traffic. Its main goal is to create a barrier between your internal network or your device and external traffic coming from the internet. Why? There’s a lot of malicious traffic on the internet – viruses, malware, and hackers who are trying to compromise your system. A firewall provides network security by blocking some threats and preventing unauthorized access.
How does a firewall work?
External traffic can only reach your private network through a device’s entry points – ports. This is usually where the firewall “sits” and guards the traffic. It allows or blocks data packets based on defined rules or rule sets called access control lists. These rules can be based on IP addresses, domain names, ports, protocols, programs, and/or keywords.
Types of firewalls
There are different types of firewalls that have their pros and cons:
Different implementations:
- Software firewalls. Software firewalls are, as the name suggests, installed on devices. They are great if you want to isolate individual network endpoints as they only protect individual devices, not the network as a whole. This makes them great for individuals but not for corporate networks. Maintaining so many discrete firewalls would be difficult and time-consuming. Also, not all devices might be compatible with your chosen firewall software.
- Hardware firewalls. Hardware firewalls are physical appliances that resemble routers. They are a better choice for businesses because they inspect data packets before they reach the network. However, hardware firewalls also have downsides. They are susceptible to attacks within the system and some might not be able to handle multiple simultaneous connections.
- Cloud-based firewalls. Cloud firewalls use a cloud server, which is often set up as a proxy server (they are sometimes called proxy firewalls). Cloud-based solutions are great for companies that are planning to scale their business as adding more capacity, and managing traffic load is much easier than with software or hardware firewalls.
Different filtering types:
- Packet-filtering firewalls. These firewalls check data packets passing through the router. They don’t “open” the packet to inspect its contents, but they do check the sender and receiver’s IP addresses, packet type, port number, and other surface-level information.
- Circuit-level gateways Circuit-level gateways are pretty simplistic, too – they don’t require a lot of computing power and resources. Like packet filtering firewalls, gateways don’t check the content of the packets – just the source. For the packet to pass, it needs to come from a legitimate source approved by a transmission control protocol (TCP) handshake. However, this is rarely enough to ensure security. The packet might be hiding malware even though it’s coming from a TCP connection.
- Stateful inspection firewalls. Stateful inspection firewalls are a cross-breed of the two previously mentioned firewalls. They ensure better cybersecurity by filtering packets and checking whether they came from a legitimate source (via TCP handshake). However, because it has more functions, it also requires higher computing power.
- Application-level gateways or proxy firewalls Application-level gateways, otherwise called proxy firewalls, work at the application layer. They check your traffic between your internal network and the traffic source. It does so by passing the traffic through a proxy server first (or other cloud-based solution), where it inspects the incoming data packets and only then allows them to pass onto your network. Proxy firewalls are somewhat similar to stateful inspection because they check both the data packets and the TCP handshake. The main difference between the two is that the proxy firewall “asks” the packets about their purpose. It checks the content of the packets and performs a deep-layer packet inspection (DPI). Proxy servers also “separate” your network from the traffic source, providing your network with a layer of anonymity and extra protection. They provide a better line of defense, but they take longer to inspect the packets, so they can slow down your connection.
- Next-generation firewalls. Most new firewalls are called next-generation firewalls. However, there’s no clear description of what features next-gen firewall should have. You should verify its specifications before getting one, though you can expect to see features like DPI, TCP handshake checks, surface-level packet inspection, or new features such as intrusion prevention systems (IPSs) or encrypted traffic inspection.
Want to read more like this?
Get the latest news and tips from NordVPN