What is a firewall?
A firewall is a cybersecurity tool that monitors network traffic, blocks malicious activity, and prevents unauthorized access. It filters incoming and outgoing online traffic based on set rules before the traffic reaches the network. This way, a firewall creates a barrier between devices and external internet traffic.
How does a firewall work?
A firewall works as a barrier between a network and the external traffic coming from the internet. External traffic can only reach a private network through a device’s entry points — ports. This is usually where the firewall “sits” to monitor and filter traffic. A firewall allows or blocks data packets coming from outer networks based on predefined firewall rules. These rules are typically organized into rule sets called access control lists (ACLs) and are based on factors like IP addresses, domain names, ports, protocols, applications, and specific keywords.
Why are firewalls important?
Firewalls are crucial to computer network defense because they serve as the first line of protection against cyberattacks. They help maintain internet security by:
Blocking malicious activities.
Preventing the spread of malware.
Reducing the risk of direct attacks on internal devices.
Stopping unauthorized software from exploiting the network.
Without firewalls, networks are left vulnerable to unauthorized access attacks, malicious traffic, data breaches, and account hacking. Firewalls are an essential cybersecurity tool, and network security is inconceivable without them.
Types of firewalls
Firewalls can be categorized in two ways – by their implementation or by their filtering method.
Types based on implementation
All firewalls fall under three different categories according to how they're implemented:
Software firewalls are installed on individual devices and protect only that device's network connections. The most common types include host-based firewalls and personal firewalls. Software firewalls are great for individual use but may not be ideal for corporate networks because maintaining a large number of separate firewalls can be difficult and time-consuming. It's also important to note that some software firewalls may not be compatible with particular devices. However, virtual firewalls, a subset of software firewalls, can still secure traffic at the network level even when traditional firewalls can't be integrated.
Hardware firewalls are physical appliances that inspect data packets before they reach the internal network. They are well-suited for business use because they can efficiently handle large-scale network traffic and provide enhanced protection against external threats without affecting system resources. However, hardware firewalls are susceptible to attacks originating within the network.
Cloud firewalls operate using a cloud server, which can sometimes be set up as a proxy server. It allows them to operate remotely without needing on-device installation or physical equipment. Many cloud-based firewalls offer optional DNS firewall capabilities, filtering and blocking malicious domains at the DNS level. Cloud-based firewalls are great for companies planning to scale their business because they can handle large traffic loads more efficiently than software or hardware firewalls.
Types based on filtering
Firewalls are also categorized according to how they function:
Packet-filtering firewalls, such as stateless firewalls, inspect data packets passing through the router. They don't "open" the packet to inspect its contents but instead check surface-level information, such as the destination IP address, packet type, and port number.
Circuit-level gateways, like packet-filtering firewalls, don't inspect the contents of a packet — only its source. As a result, they require minimal computing power and resources. A packet must come from a legitimate source approved by a transmission control protocol (TCP) handshake to pass through a circuit-level gateway. However, this alone is rarely enough to ensure security because a packet might be hiding malware despite originating from a valid TCP connection.
Stateful inspection firewalls combine features of packet-filtering firewalls and circuit-level gateways. They enhance cybersecurity by filtering surface-level packet information and verifying whether packets come from a legitimate source via a TCP handshake. Stateful inspection firewalls are often enhanced with zone-based firewalls that help organize network interfaces into security zones. Because stateful inspection firewalls have more functions, they require more computing power than the previously mentioned firewalls.
Proxy firewalls, also known as application-level gateways, monitor online traffic between an internal network and external sources. This type of firewall routes traffic through a proxy server and inspects incoming data packets before deciding whether to allow them into the network. Proxy firewalls are similar to stateful inspection firewalls because they check both data packets and the TCP handshake. Moreover, proxy firewalls also examine the packet's contents through deep packet inspection (DPI). While it adds an extra layer of protection, proxy firewalls take longer to inspect packets compared to their counterparts.
Next-generation firewalls are advanced firewalls that go beyond basic packet filtering and port-based control. They incorporate advanced security features like threat intelligence, application-layer filtering, and user-based security policies. Next-generation firewalls provide better network visibility and control and offer automated threat response.
Alternatives to the main firewall types
Security experts have designed a broad spectrum of firewalls that combine various features from traditional types of firewalls. Blending features allow companies and individuals to adapt firewalls to their specific needs and better control, segment, and secure their network.
The noteworthy alternatives to traditional firewalls are:
Perimeter firewalls that check traffic at the network’s boundaries to enforce security policies between external and internal networks.
Screen subnet firewalls, also known as demilitarized zone (DMZ) firewalls, that create three isolated zones between external and internal networks to protect systems against third-party attacks.
Distributed firewalls that are deployed across multiple devices in a network, forming a distributed network security model.
VPN firewalls that make sure only authorized VPN traffic passes through to the network.
Hybrid firewalls that combine packet filtering, stateful inspection, and proxy functions to enhance network security.
Firewall threats and vulnerabilities
Designed to secure networks, firewalls can fail their purpose if they aren't correctly set up or get more traffic than they can handle. Among the most common vulnerabilities associated with firewalls are:
Misconfiguration
Incorrect setup or misconfiguration of a firewall can lead to various security gaps. One example is overly permissive firewall rules that could allow unauthorized traffic to pass through the network. That's why firewall rules should be regularly checked to make sure they're defined correctly and permit only the necessary traffic into the system.
Bypassing
Hackers can sometimes pass through firewalls with the help of tunneling, proxy servers, or malware that encrypts traffic and evades firewall inspection. One possible solution to avoid bypassing is deep packet inspection (DPI). DPI can check encrypted traffic and secure the network from attackers' attempts.
Outdated firmware
If the firewall's software isn't regularly updated, cyber attackers can exploit known vulnerabilities to access the network. That's why it's important to keep firewall firmware and software up to date with the latest security patches.
Denial-of-service (DoS) attacks
A high volume of online traffic caused by DoS can sometimes overwhelm a firewall and make it unable to process legitimate requests. The best defense against such attacks is rate-limiting and traffic-filtering tools that can limit network traffic load, or specialized DoS and DDoS protection services.
Insufficient monitoring
If firewalls fail to properly log and monitor traffic, malicious activity or cyberattacks might pass through to the network unnoticed. To avoid potential attacks, those responsible for setting firewalls should enable detailed traffic logging and regularly monitor firewall logs for suspicious activity.
Want to keep learning?
Subscribe to our newsletter for cybersecurity news and online privacy tips.
Firewall use cases
Various industries use firewalls to secure networks and limit access to critical resources. Some of the examples include:
The healthcare industry
Firewalls help healthcare institutions comply with HIPAA regulations by preventing unauthorized access to patient health information, which is typically kept in electronic health records. Firewalls are extremely important because they act as a barrier against external threats, such as malware, ransomware, and phishing attacks that could compromise the healthcare network.
Financial institutions
Banks use firewalls as part of their multi-layered security strategy to protect their networks from cyberattacks and fraud. Firewalls typically secure transactions between ATMs, bank branches, and central databases. They also block unauthorized access to financial systems and protect customer data held in them.
The retail industry
E-commerce sites use firewalls to prevent unauthorized access to online shops and customer payment systems. Firewalls ensure secure checkout operations, safeguarding credit card and personal information. E-commerce sites also use firewalls to protect websites against SQL injection, cross-site scripting (XSS), and DDoS attacks that can steal customer data or disrupt services.
FAQ
Online security starts with a click.
Stay safe with the world’s leading VPN
