Last Updated: June 11, 2020
In our society, online privacy and security are both rare commodities. The stats say as much.
In Q1 2019 alone there were 1.9 billion records exposed. Not only that, but there are more than 900 million malware running loose in the online world. So a reasonable question stands out – is there a way any of us can be safe?
Thankfully, VPNs and anti-malware software can help protect your traffic, but sometimes they can only do so much. You need something to spearhead your defensive troops against the masses of enemies in the online space.
This is where the firewall comes in.
But what is a firewall?
In construction, a firewall is a concrete (in most cases) wall with only one purpose – to stop an eventual fire from spreading throughout the whole building.
The word “firewall” in computing derives from the term used in architecture. Its purpose is the same – to stop any danger from spreading across a network.
It’s one of the crucial elements of network security.
Alright, let’s find out what a firewall is, how it works, and why it’s substantial to have one.
What Is a Firewall?
To define a firewall, think of the Wall in Game of Thrones. Or the Great Wall of China.
People have been building walls for centuries to protect themselves from enemies. Be it from Mongols, White Walkers or cybercriminals, Genghis Khan of the Mongolian Empire managed to breach the Great Wall of China not once, but several times. A wall of fire doesn’t stop White Walkers for long, as we already know from the last season of GoT. The firewall takes care of the latter. At least this one is efficient.
So here’s the firewall definition:
A firewall is a protective system that secures a network by filtering incoming and outgoing traffic. The firewall’s user defines a set of rules, which the firewall follows. These rules define what traffic is allowed in and out of the system. Firewalls block every data packet that isn’t explicitly allowed in their configuration.
The firewall isn’t a silver bullet, but combined with other security solutions, it can make a system nearly invincible to attacks. If you want better network security, a firewall is a must – it can block most attacks originating outside of the network.
Now that you know what a firewall is, we can delve deeper to see how it actually works.
What Does a Firewall Do?
In essence, a firewall’s work is relatively simple. The user defines what traffic is okay to pass through and what isn’t. Generally, it enforces three simple commands – drop, reject, or accept/allow access to the network.
Here’s what they do:
- Drop – The data packet trying to enter or leave the system is blocked directly.
- Reject – The same as the drop command, but the sender of the data will receive an error message.
- Accept/Allow – The data packet will be able to go through the firewall.
These three commands operate thanks to predefined rules. When users establish a new firewall, they configure what traffic could reach the network or leave it.
The firewall can block (or allow) access based not only on IP addresses, but also domain names, keywords, protocols, ports, and apps.
For example, you can configure a firewall’s settings to accept traffic from an employee’s home IP address only. That way, if the same employee tried to connect to your network from a café, he would be blocked.
The firewall checks every data packet according to the predefined rules. If you’ve added 10 trusted IP addresses, the firewall will block all packets, coming from IPs outside the list. In case there are several rules, each connection will have to pass successfully through every one of them.
Generally, a user can’t predict every possible connection. So for a firewall to work whenever the specific rules don’t apply, there’s a default policy in place.
Firewall Default Policy
If your firewall security solution receives a data packet for which user-generated rules don’t apply, the default policy comes into play. In such a case, it performs only one of the three commands mentioned above.
Let’s assume the firewall default policy is set to “allow.” That means every connection, besides the explicitly forbidden ones, is approved. This is actually a lousy security protocol since in this case, malicious data packets can easily infiltrate the network.
If the default policy is set to “drop,” it will neglect all connections that don’t match the rules.
There’s a difference in how a firewall reacts to traffic. There’s incoming and outgoing traffic, thus different rules for both.
Typically, outgoing traffic is always allowed, since it comes from a presumably trusted source – your server.
However, there should be some limitations, since a cybercriminal can, in theory, overtake the server. If you think that could be the case, you wouldn’t want untrusted communication (like sharing sensitive data) going out.
The network firewall treats incoming traffic in a different way – there’s a need for a whole bunch of rules for each specific case. Maximizing the security benefits of a firewall could be a tiresome job.
Since you already have a fairly decent knowledge of what a firewall is, let’s see the differences between firewalls of various types.
Types of Firewalls
There isn’t like one firewall to rule them all. Firewalls come in different casings and have different ways of filtering the traffic.
There are three most common types of firewalls – packet filtering, stateful, and application-level.
Packet filtering is the first generation of firewalls.
When a firewall uses this method, it checks each data packet on its way into or out of the network. This firewall offers protection by accepting or dropping packets based on the rules defined by the user.
Packet filtering is a decent security option, but definitely not the best. Moreover, it requires a lot of time and effort to configure.
Stateful firewalls, also known as second generation firewalls, can compare data packets to previous ones. This makes this type of firewall more flexible than the packet filtering ones (also known as stateless). Stateful firewalls, in essence, trade speed for better security.
In simple words, stateful firewalls can “remember” data transfers to or from a trusted network, thus applying the firewall rules to the whole communication. Packet-filtering, on the other hand, has to measure each data packet against its rules.
Application Level Gateway/Proxy Server Firewall
By now you know that the previous two types of firewall control incoming and outgoing traffic. The third generation firewall – application layer, goes a step further and analyzes the data, thus allowing or denying access to specific applications (hence its name). It has the ability to block apps and services which don’t meet its user-defined policy.
Alright, so those were the three major types of firewalls.
However, this doesn’t mean a firewall uses only one of these techniques. In fact, a good network firewall combines two or all of these methods to provide a higher level of security.
These approaches are at the core of every software firewall. On top of that, there could be a hardware firewall as well, to improve the firewall security.
The hardware firewalls are usually devices with built-in packet filtering technology. They can be either a standalone device, or be implemented in a broadband router. Since they are the first line of defense against malicious data, hardware firewalls aim to protect all the systems on a local network by covering its entry and exit points.
The software firewall, also known as a host-based firewall, is the most common method for protection for individuals. Unlike the hardware firewall, a software firewall protects only the device it’s installed on, not the whole network. For better security, it’s best to use both, which is called a network-based firewall.
Software firewalls allow users to define some of their features but don’t offer the full-customization options a hardware firewall does.
Most software firewalls will not only protect you from external threats, but also from some of the most common malicious apps.
As with most security elements, it’s vital to keep your firewall up to date.
In 2009, the advisory firm Gartner defined the term “next-generation firewall.” As the name suggests, it’s an improved version of traditional firewalls.
Next-generation firewalls (NGFW) apply their policies for applications, protocols, as well as ports.
Unlike traditional firewalls, the NGFW performs what’s called a deep packet inspection (DPI.) This method differs from conventional packet filtering, which checks only the packet header. DPI, on the other hand, examines the data inside a packet to check if the package is safe or not.
Deep packet inspection combines an intrusion detection system (IDS), an intrusion prevention system (IPS), and the traditional stateful firewall.
Most enterprises use a next-gen network firewall since it provides better overall security. It is a more complex solution, providing not only data packet filtering but also detecting malicious apps.
Some next-generation firewalls can even detect and block ransomware attacks like WannaCry, NotPetya, etc. They can also stop phishing emails and other types of cyber attacks.
The latter is also known as threat-focused NGFW. These firewalls offer all the possibilities of the common new-generation firewalls – plus advanced threat detection. Cisco’s Firepower models are a typical example of a threat-focused NGFW.
Popular Firewall Vendors
Enterprises today dramatically prefer NGFW as a core element in their security framework. In fact, next-generation firewalls held 52% of the security appliance market in 2017. The traditional network firewall came in second with 18%.
What differentiates these products is like with any other security appliance. Attributes like price, performance, ease of use – the enterprise takes all of these and more into account when purchasing an NGFW solution.
So, we’ll review the firewall vendors by the market size they control.
Cisco Firepower Next-Generation Firewall
Cisco owned 14.1% of the global security appliance market in Q4, 2018. Their next-gen firewall prides itself with its complete-spectrum threat protection. (Meaning – before, during and after an attack.)
Their hardware solutions come with built-in advanced malware protection, sandboxing, and a next-gen intrusion prevention system. Sandboxing means the firewall places potentially dangerous applications in a ”sandbox”, thus isolating them in a safer environment from where they can’t reach the network.
What’s even cooler is the company claims their NGFW can detect an infection in less than a day.
That’s a handy feature since their research shows a median of 100 days from infection to detection.
All these extras don’t come cheap, though. Their prices can reach over $175,000 for a Cisco Firepower 4150.
Palo Alto Networks
The Palo Alto Networks NGFW offers its users a fast network with “little or no impact on network latency.” Their network firewall can protect all devices, which log onto the network from any part of the globe, thanks to their GlobalProtect system.
Naturally, it comes with protection from viruses, worms, and other malicious apps.
Their products’ prices are in the upper echelon, but so is the quality of security you get in return.
FortiGate by Fortinet
A more affordable option, yet without security compromises, the Fortinet NGFW is an excellent option. Named FortiGate, this network firewall comes with automation that can reduce the need for actual security staff.
FortiGate also claims to provide “ultra-low” latency and an independently certified threat intelligence updates.
Their models are a bit cheaper than their competitors’, although some models can still cost you up to $500,000 a year.
Check Point Software Technologies
Check Point’s NGFWs stand out with their unified management console. It offers centralized management control over all networks (including cloud-based). This makes it easier to manage the network’s security.
This network firewall protects against ransomware, zero-day exploits, and many other cyber attacks. Checkpoint’s next-gen firewall builds upon traditional NGFW features, like IPS, VPN, and app control. On top of that, Checkpoint adds key improvements like virtual firewalls on both public and private clouds.
One of the other benefits of Fortinet is that their products are more affordable.
These four companies stand out as “leaders” in the firewall industry, according to the 2018 Gartner Magic Quadrant for Enterprise Network Firewalls. The advisory firm places Huawei as a challenger, but the Chinese giant has a lot of ground to cover to gain on the leaders.
We’ve covered the basics of what a firewall is, how it works, and the different types of firewalls. Whichever type of network firewall you choose – it is what stands at the entry and exit points of your system.
No matter if you are in charge of an enterprise, an SMB owner, or just a regular Joe – having a firewall is a must. Without one, your network is vulnerable to all kinds of cyber attacks.
Thankfully you have plenty of options to choose from – be it software, hardware, or both.
Stay safe online and I’ll see you next time.
A firewall is a software solution, which safeguards your computer from unwanted traffic and malicious apps. It acts as a filter for data packets and allows or denies access to connections, based on user-defined rules. The firewall works both ways – for incoming and outgoing traffic.
A network firewall has one primary function – to deny access to the network from any malicious data packets. Still, most firewalls serve many other purposes – like anti-malware protection, unifying all security management, etc.
Today most businesses use next-generation firewalls (NGFWs,) which are multi-purpose network security solutions. They feature additional tools such as antivirus software and anti-malware alongside the typical firewall functions. This creates a universal security layer that enterprises and SMBs can utilize.
That said, the average Joe can also benefit from a firewall. Personal firewalls don’t offer as many security tools – mostly because they don’t need them. Enterprises are way more attractive targets, which warrants the extra edge in firewall security that most people will never need.
There are actually five different types of firewalls:
Application level gateways (or Proxy Server firewalls)
Next-generation firewalls (NGFWs)
Businesses mostly use next-gen firewalls, which are a combination of two or more types of firewalls + some additional security features on top of that.
Now here’s how each type of firewall works:
They control the access to the network by comparing each incoming and outgoing data packet to a set of rules. These rules are user-defined and relate to the IP, ports, and protocols that are allowed to enter or leave the network.
More secure and faster than packet filtering, a stateful firewall inspects the state of data packets throughout the whole communication process. Unlike their less-sophisticated cousin we just mentioned, these firewalls check the header and the proxies of incoming or outgoing data, thus making the process faster and more secure.
These firewalls work between the application layer (more on that in a bit) and the transport layer. They observe TCP handshaking to validate if a session is allowed to reach the network. They create a virtual circuit between the proxy and the client. This is one of the differences between circuit-level gateways and application level gateways, which use proxy servers to hide and protect the network.
However, circuit-level gateways don’t filter individual data packets.
Application level gateways
This firewall is the most secure of the basic types of firewalls. It analyzes the data and can block not only communications but malicious apps as well. By using proxy servers, this firewall masks the user’s IP address, which further improves the overall security of a network. And after all, that’s what a firewall is all about.