What Is a Firewall and Why Does It Matter? [A Beginner’s Guide]

by Deyan G.

In our society, online privacy and security are both rare commodities. The stats say as much.

In Q1 2019 alone there were 1.9 billion records exposed. Not only that, but there are more than 900 million malware running loose in the online world. So a reasonable question stands out – is there a way any of us can be safe? 

Thankfully, VPNs and anti-malware software can help, but they can only do so much. You need something to spearhead your defensive troops against the masses of enemies in the online space.

This is where the firewall comes in.

But what is a firewall?

In construction, a firewall is a concrete (in most cases) wall with only one purpose – to stop an eventual fire from spreading throughout the whole building.

The word “firewall” in computing derives from the term used in architecture. Its purpose is the same – to stop any danger from spreading across a network.

It’s one of the crucial elements of network security

Alright, let’s find out what a firewall is, how it works, and why it’s substantial to have one.

What Is a Firewall?

To define a firewall, think of the Wall in Game of Thrones. Or the Great Wall of China. 

A network firewall in comparison to the Wall of China

People have been building walls for centuries to protect themselves from enemies. Be it from Mongols1Genghis Khan of the Mongolian Empire managed to breach the Great Wall of China not once, but several times., White Walkers2A wall of fire doesn’t stop White Walkers for long, as we already know from the last season of GoT., or cybercriminals. The firewall takes care of the latter. At least this one is efficient.

So here’s the firewall definition:

A firewall is a protective system that secures a network by filtering incoming and outgoing traffic. The firewall’s user defines a set of rules, which the firewall follows. These rules define what traffic is allowed in and out of the system. Firewalls block every data packet that isn’t explicitly allowed in their configuration. 

What is the function of a firewall?

The firewall isn’t a silver bullet, but combined with other security solutions, it can make a system nearly invincible to attacks. If you want better network security, a firewall is a must – it can block most attacks originating outside of the network. 

Now that you know what a firewall is, we can delve deeper to see how it actually works.

What Does a Firewall Do?

In essence, a firewall’s work is relatively simple. The user defines what traffic is okay to pass through and what isn’t. Generally, it enforces three simple commands – drop, reject, or accept/allow access to the network. 

Here’s what they do: 

  • Drop – The data packet trying to enter or leave the system is blocked directly.
  • Reject – The same as the drop command, but the sender of the data will receive an error message.
  • Accept/Allow – The data packet will be able to go through the firewall.

These three commands operate thanks to predefined rules. When users establish a new firewall, they configure what traffic could reach the network or leave it. 

The firewall can block (or allow) access based not only on IP addresses, but also domain names, keywords, protocols, ports, and apps.

For example, you can configure a firewall’s settings to accept traffic from an employee’s home IP address only. That way, if the same employee tried to connect to your network from a café, he would be blocked. 

The firewall checks every data packet according to the predefined rules. If you’ve added 10 trusted IP addresses, the firewall will block all packets, coming from IPs outside the list. In case there are several rules, each connection will have to pass successfully through every one of them. 

Generally, a user can’t predict every possible connection. So for a firewall to work whenever the specific rules don’t apply, there’s a default policy in place.

Firewall Default Policy

If your firewall security solution receives a data packet for which user-generated rules don’t apply, the default policy comes into play. In such a case, it performs only one of the three commands mentioned above. 

Let’s assume the firewall default policy is set to “allow.” That means every connection, besides the explicitly forbidden ones, is approved. This is actually a lousy security protocol since in this case, malicious data packets can easily infiltrate the network. 

If the default policy is set to “drop,” it will neglect all connections that don’t match the rules.

Now.

There’s a difference in how a firewall reacts to traffic. There’s incoming and outgoing traffic, thus different rules for both.

Typically, outgoing traffic is always allowed, since it comes from a presumably trusted source – your server. 

However, there should be some limitations, since a cybercriminal can, in theory, overtake the server. If you think that could be the case, you wouldn’t want untrusted communication (like sharing sensitive data) going out. 

The network firewall treats incoming traffic in a different way – there’s a need for a whole bunch of rules for each specific case. Maximizing the security benefits of a firewall could be a tiresome job. 

This is a simplified example of configuring firewall settings:

types of firewalls - hardware firewall

Image by the author. Made with Comodo. You can download the firewall for free.

Since you already have a fairly decent knowledge of what a firewall is, let’s see the differences between firewalls of various types.

Types of Firewalls

There isn’t like one firewall to rule them all. Firewalls come in different casings and have different ways of filtering the traffic.

There are three most common types of firewallspacket filtering, stateful, and application-level.

Packet Filtering

Packet filtering is the first generation of firewalls.

When a firewall uses this method, it checks each data packet on its way into or out of the network. This firewall offers protection by accepting or dropping packets based on the rules defined by the user. 

Packet filtering is a decent security option, but definitely not the best. Moreover, it requires a lot of time and effort to configure.

Stateful Firewall

Stateful firewalls, also known as second generation firewalls, can compare data packets to previous ones. This makes this type of firewall more flexible than the packet filtering ones (also known as stateless). Stateful firewalls, in essence, trade speed for better security.

In simple words, stateful firewalls can “remember” data transfers to or from a trusted network, thus applying the firewall rules to the whole communication. Packet-filtering, on the other hand, has to measure each data packet against its rules. 

Application Level Gateway/Proxy Server Firewall

By now you know that the previous two types of firewall control incoming and outgoing traffic. The third generation firewall – application layer, goes a step further and analyzes the data, thus allowing or denying access to specific applications (hence its name). It has the ability to block apps and services which don’t meet its user-defined policy.

Alright, so those were the three major types of firewalls

However, this doesn’t mean a firewall uses only one of these techniques. In fact, a good network firewall combines two or all of these methods to provide a higher level of security.

These approaches are at the core of every software firewall. On top of that, there could be a hardware firewall as well, to improve the firewall security

Hardware Firewall

types of firewalls - hardware firewall

The hardware firewalls are usually devices with built-in packet filtering technology. They can be either a standalone device, or be implemented in a broadband router. Since they are the first line of defense against malicious data, hardware firewalls aim to protect all the systems on a local network by covering its entry and exit points

One of the benefits of hardware firewalls is that they are easy to configure. Once configured, you can test it with any of these free tools: NMap, Tenable, and Personal Firewall.

Software Firewall

The software firewall, also known as a host-based firewall, is the most common method for protection for individuals. Unlike the hardware firewall, a software firewall protects only the device it’s installed on, not the whole network. For better security, it’s best to use both, which is called a network-based firewall.

Software firewalls allow users to define some of their features but don’t offer the full-customization options a hardware firewall does.

Most software firewalls will not only protect you from external threats, but also from some of the most common malicious apps. 

As with most security elements, it’s vital to keep your firewall up to date.

Next-Generation Firewall

In 2009, the advisory firm Gartner defined the term “next-generation firewall.” As the name suggests, it’s an improved version of traditional firewalls

Next-generation firewalls (NGFW) apply their policies for applications, protocols, as well as ports. 

Unlike traditional firewalls, the NGFW performs what’s called a deep packet inspection (DPI.) This method differs from conventional packet filtering, which checks only the packet header. DPI, on the other hand, examines the data inside a packet to check if the package is safe or not.

Deep packet inspection combines an intrusion detection system (IDS), an intrusion prevention system (IPS), and the traditional stateful firewall.

Most enterprises use a next-gen network firewall since it provides better overall security. It is a more complex solution, providing not only data packet filtering but also detecting malicious apps. 

Some next-generation firewalls can even detect and block ransomware attacks like WannaCry, NotPetya, etc. They can also stop phishing emails and other types of cyber attacks

The latter is also known as threat-focused NGFW. These firewalls offer all the possibilities of the common new-generation firewalls – plus advanced threat detection. Cisco’s Firepower models are a typical example of a threat-focused NGFW.

Popular Firewall Vendors

Enterprises today dramatically prefer NGFW as a core element in their security framework. In fact, next-generation firewalls held 52% of the security appliance market in 2017. The traditional network firewall came in second with 18%. 

What differentiates these products is like with any other security appliance. Attributes like price, performance, ease of use – the enterprise takes all of these and more into account when purchasing an NGFW solution. 

So, we’ll review the firewall vendors by the market size they control.

Cisco Firepower Next-Generation Firewall

Cisco owned 14.1% of the global security appliance market in Q4, 2018. Their next-gen firewall prides itself with its complete-spectrum threat protection. (Meaning – before, during and after an attack.)

Their hardware solutions come with built-in advanced malware protection, sandboxing3Sandboxing means the firewall places potentially dangerous applications in a ”sandbox”, thus isolating them in a safer environment from where they can’t reach the network., and a next-gen intrusion prevention system.

What’s even cooler is the company claims their NGFW can detect an infection in less than a day

That’s a handy feature since their research shows a median of 100 days from infection to detection. 

All these extras don’t come cheap, though. Their prices can reach over $175,000 for a Cisco Firepower 4150.

Palo Alto Networks

The Palo Alto Networks NGFW offers its users a fast network with “little or no impact on network latency.” Their network firewall can protect all devices, which log onto the network from any part of the globe, thanks to their GlobalProtect system. 

Naturally, it comes with protection from viruses, worms, and other malicious apps. 

Their products’ prices are in the upper echelon, but so is the quality of security you get in return.

FortiGate by Fortinet

A more affordable option, yet without security compromises, the Fortinet NGFW is an excellent option. Named FortiGate, this network firewall comes with automation that can reduce the need for actual security staff. 

FortiGate also claims to provide “ultra-low” latency and an independently certified threat intelligence updates. 

Their models are a bit cheaper than their competitors’, although some models can still cost you up to $500,000 a year. 

Check Point Software Technologies

Check Point’s NGFWs stand out with their unified management console. It offers centralized management control over all networks (including cloud-based). This makes it easier to manage the network’s security.

This network firewall protects against ransomware, zero-day exploits, and many other cyber attacks. Checkpoint’s next-gen firewall builds upon traditional NGFW features, like IPS, VPN, and app control. On top of that, Checkpoint adds key improvements like virtual firewalls on both public and private clouds.  

One of the other benefits of Fortinet is that their products are more affordable.

These four companies stand out as “leaders” in the firewall industry, according to the 2018 Gartner  Magic Quadrant for Enterprise Network Firewalls. The advisory firm places Huawei as a challenger, but the Chinese giant has a lot of ground to cover to gain on the leaders. 

firewall software - Gartner Magic Quadrant

Source: Gartner, Credit: Palo Alto Networks

Wrap Up

We’ve covered the basics of what a firewall is, how it works, and the different types of firewalls. Whichever type of network firewall you choose – it is what stands at the entry and exit points of your system. 

No matter if you are in charge of an enterprise, an SMB owner, or just a regular Joe – having a firewall is a must. Without one, your network is vulnerable to all kinds of cyber attacks.

Thankfully you have plenty of options to choose from – be it software, hardware, or both. 

Stay safe online and I’ll see you next time.

FAQ

What is a firewall on a computer?

A firewall is a software solution, which safeguards your computer from unwanted traffic and malicious apps. It acts as a filter for data packets and allows or denies access to connections, based on user-defined rules. The firewall works both ways – for incoming and outgoing traffic. 

What is the function of a firewall?

A network firewall has one primary function – to deny access to the network from any malicious data packets. Still, most firewalls serve many other purposes – like anti-malware protection, unifying all security management, etc. 

Today most businesses use next-generation firewalls (NGFWs,) which are multi-purpose network security solutions. They feature additional tools such as antivirus software and anti-malware alongside the typical firewall functions. This creates a universal security layer that enterprises and SMBs can utilize. 

That said, the average Joe can also benefit from a firewall. Personal firewalls don’t offer as many security tools – mostly because they don’t need them. Enterprises are way more attractive targets, which warrants the extra edge in firewall security that most people will never need.

What are the three types of firewalls?

There are actually five different types of firewalls:

  • Packet-filtering firewalls
  • Stateful firewalls
  • Application level gateways (or Proxy Server firewalls)
  • Circuit-level gateways
  • Next-generation firewalls (NGFWs)

Businesses mostly use next-gen firewalls, which are a combination of two or more types of firewalls + some additional security features on top of that. 

Now here’s how each type of firewall works:

Packet-filtering firewalls:

They control the access to the network by comparing each incoming and outgoing data packet to a set of rules. These rules are user-defined and relate to the IP, ports, and protocols that are allowed to enter or leave the network. 

Stateful firewalls:

More secure and faster than packet filtering, a stateful firewall inspects the state of data packets throughout the whole communication process. Unlike their less-sophisticated cousin we just mentioned, these firewalls check the header and the proxies of incoming or outgoing data, thus making the process faster and more secure.

Circuit-level gateways

These firewalls work between the application layer (more on that in a bit) and the transport layer. They observe TCP handshaking to validate if a session is allowed to reach the network. They create a virtual circuit between the proxy and the client. This is one of the differences between circuit-level gateways and application level gateways, which use proxy servers to hide and protect the network. 

However, circuit-level gateways don’t filter individual data packets. 

Application level gateways

This firewall is the most secure of the basic types of firewalls. It analyzes the data and can block not only communications but malicious apps as well. By using proxy servers, this firewall masks the user’s IP address, which further improves the overall security of a network. And after all, that’s what a firewall is all about.

Related Posts

Leave a Comment