What is a Firewall?
A Firewall is a cybersecurity tool (computer hardware or software) that helps to protect your network by filtering unwanted or blocking specific traffic based on defined security rules. The primary goal of a firewall is to protect the network from malicious traffic requests and allow only authorized traffic through.
The term firewall is originally referred to as a wall, intended for confining fire within a line of adjacent buildings. Firewall generally works at layer 3 and 4 of the OSI (Open Systems Interconnection) model.
Types of Firewalls
Firewalls are divided into several categories based on their method of operation and structure.
Note: According to their structure they are classified into software, hardware, or both. The rest are the firewall techniques that can be set up as software or hardware.
Stateful Inspection Firewalls
Here is a brief explanation of the above-listed firewall types.
Software Firewalls are installed on individual host devices and require individual configuration for each device. They can distinguish between different programs, i.e can deny access to one device while allowing access to another. Software firewalls can also filter outgoing data as well as outgoing requests.
The main disadvantage while using a software firewall is the time it requires to administrate firewalls for each device. When compared to hardware firewalls, software firewalls consume more system resources such as disk space.
Hardware Firewall is a security device that sits between the local computer network and the Internet. A Hardware firewall depends on hardware to perform packet filtering. Since they don’t run on your computer, they don’t affect system performance.
It serves as a gateway for traffic passing to and from an internal network. Large organizations that have many computers use hardware firewalls and are also time-saving when compared to software firewalls. Configuring a hardware firewall requires knowledge and skill, so make sure there is a skilled team working and willing to take on the responsibility.
Packet-Filtering firewall is the most oldest and basic type of firewall. It creates a checkpoint at a traffic router or switch. It monitors network traffic by filtering incoming packets. Each packet consists of a header and data, it decides whether a specified packet is allowed or denied access based on its header information.
Packet-filtering is a fast solution but not the safest as it only inspects the header and doesn’t check the data itself, as malware can also be found in the data packet, packet-filtering is not considered the best option.
A Proxy Firewall serves as a gateway between internal and external systems communicating over the network. It ensures the user’s anonymity by hiding the client’s identification and geolocation and protects them from potential attacks. A proxy firewall protects the network by filtering messages at the application layer.
These can provide additional functionality such as content caching, and security by preventing direct connections from outside network.
Circuit-Level Gateways work at the session layer of the OSI model. They work by verifying the TCP (Transmission Control Protocol), for determining whether a requested session is legitimate or not. These firewalls are not that secure as they do not check the packet itself, in case if a packet held malware but had the right handshake would pass right through.
Stateful Inspection Firewalls
A Stateful Inspection Firewall blocks or allows traffic based on port, state, and protocol. Stateful inspection monitors the active connections and checks if they are valid. Dynamic packet filter like stateful inspection can provide better security for networks through session information like port numbers or IP addresses.
Next-Generation Firewall (NGFW)
A Next-Generation Firewall has additional features than the traditional firewall, including intrusion prevention, SSL and SSH inspection, and application-layer attacks. NGFWs combine many of the capabilities of traditional firewalls including packet filtering, URL blocking, port address translation(PAT). NGFWs are also able to block malware before it enters the network.
Why do I need a firewall?
Without a firewall, your network is open to threats. A firewall controls the incoming and outgoing traffic based on the security parameters.
Using a firewall you can prevent unauthorized access to your computers and networks, and also protects your data from being compromised. Without a firewall, anyone can attempt to connect to your network via any of your connections.
Which firewall to buy?
This is the list of the best firewalls for use at the enterprise level.
Cisco ASA Firewall
Check Point NGFW
Cisco Firepower NGFW Firewall
Palo Alto Networks NG Firewalls