Firewalls 101: What is Firewall?

Monitoring and filtering out the incoming and outgoing network traffic is essential for your organization’s network security. You must install a software barrier between the public internet and your internal network. This digital barrier is known as a firewall. It comprises a set of hardware and software which blocks unauthorized access to your networks and computers. Firewalls are built while keeping the Zero Trust security model into consideration. It ensures strict access controls and does not trust anyone.

Firewalls initially started in 1989 as packet filters to examine the data exchanged between the network. Only the networks and devices with proper permissions and authorized access are allowed into the access points. For further details regarding firewalls and Zero Trust, check out https://nordlayer.com/learn/zero-trust/what-is-zero-trust/.

How does a firewall work?

A firewall mainly consists of a defined set of rules against which it matches the network traffic. Only the traffic which passes the criteria is allowed to pass the network. For added security and prevention of unwanted communication, rules are also set on the outgoing traffic. The traffic which reaches the firewall mainly belongs to one of these three Transport Layer protocols:

• TCP
• UDP
• ICMP

What are the types of firewalls?

Different types of firewalls are available depending on the standardized communications models in which they operate. The main difference between home and business filtering systems is in their range. On home systems, the control of applications and packets concerns a single device (PC or workstation). While on corporate systems, the firewall often acts as a network proxy, thus filtering all connections made from an internal network to another network or the Internet.

1. Static Packet-Filtering Firewall

This is also referred to as the first generation of firewalls. It is designed to analyze every packet that passes, regardless of origin or application state. This firewall monitors the traffic at the transport protocol layer and controls the flow of incoming and outgoing packets based on their IP addresses, ports, and protocols. It can only give access to the packets based on their unique packet headers. These firewalls are an easy target for hackers since this type of firewall can’t tell whether the packet is part of an existing stream or traffic.

2. Stateful Inspection Firewall

This is also referred to as the second generation of firewalls. The stateful firewall allows you to monitor each connection’s activation status, thus checking whether the application is active or not. A dynamic packet filtering system determines the state of the communication and decides which network packets (such as TCP streams) to allow in an active connection. This type of firewall maintains a history in the state table and filters packets at the network, transport, and application layers.

3. Application Layer Firewall

This is the third generation of firewalls. This is the most advanced filtering system, able to operate up to level 7 of the OSI model, filtering all the traffic of every single application. Many modern filtering systems integrate additional features, such as NAT and VPN, to better manage all aspects of network traffic and protect connections to an insecure network (such as a wi-fi network, for example).

4. Next-Generation Firewall (NGFW)

These are the modern-day firewalls and come with functions such as application inspection and SSL/SSH inspection. They are deployed to stop application-layer attacks and advanced malware attacks. Some of the main features of NGFW are an integrated intrusion prevention system and URL filtering based on reputation and geolocation. This firewall can detect evasive or suspicious behavior through network and endpoint event correlation.

5. Circuit-Level Gateway Firewall

This type of firewall works at the session layer of the OSI model. To monitor the legitimacy, it monitors the TCP handshaking between packets. It is comparatively cheaper and easier to set up. It has minimal impact on the end-user experience and provides more efficient processing traffic compared to the application-level gateways.

Firewall Best Practices

You should ensure that the installed firewall is well-suited for your network architecture. You should keep your software updated at all times. Other good practices include managing privileges, arranging data backups, and conducting regular network assessments.

Some features are essential to look for in a firewall to ensure that the chosen one is the best solution for your security. There are several things to consider when choosing the best firewall for yourself. Security block is one of the most important factors to consider.

In case of an attack, the firewall must immediately block all incoming and outgoing communication, isolating the network and preventing the threat from spreading. The warnings and alerts given by the firewall program must be clear and understandable, even for inexperienced users.

There should be an option for selective filtering. In addition to the automatic settings (obtained through learning or personal certificates), the firewall should have the option to apply a manual block for a specific port, a specific program, or a network protocol. This will allow the administrators to filter any suspicious connections immediately. There should be a whitelist option in the firewall.

Although this feature tends to decrease the security of a firewall, the whitelist allows you to exclude a specific application or process from being monitored to avoid receiving excessive alerts. A good firewall should be proactive. It must have the tools and functions to identify suspicious behavior, blocking it immediately or signaling it in a more obvious way.

What are the Advantages of a Firewall?

A firewall is essential to avoid unauthorized accesses that may steal data or infect the system with harmful programs such as viruses, spyware, or malware. It can help us preserve the security of personal and secret information contained in the system.

At a corporate level, firewalls can help us in countering espionage. It helps us fulfill the need to respect the privacy of our customers, which is fundamental for complying with the General Data Protection Regulation or GDPR.

Conclusion

A computer connected to the Internet is exposed to numerous threats daily, often carried out by hackers. They aim to take control of the systems and steal personal data, and access services of all kinds. A firewall is one of the most effective online safety and security solutions. It can stop new infections and prevent unauthorized programs or users from accessing your system.

A firewall continuously monitors all types of data exchanged with the web (both incoming and outgoing). It analyzes the behavior of programs and the ways used to access certain services or features. The legitimate features can pass through the firewall without problems; in other cases, the exchange of data is suspect or even prohibited.