What is a firewall?
A firewall is a network security device or software that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been the first line of defence in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted from outside networks, such as the Internet.
What are the types of firewalls?
There are two main types of firewalls:
- network-based
- host-based.
Network-based firewalls, as the name suggests, protect an entire network. They are usually deployed at the edge of a network, between the network and the Internet. Network-based firewalls inspect traffic coming into and leaving the network and make decisions based on a set of predefined security rules
On the other hand, host-based firewalls are installed on individual hosts or devices. They protect the host from malicious traffic from other devices on the same network. Host-based firewalls usually have more granular control over traffic than network-based firewalls because they can inspect traffic from within the host.
Firewalls can be hardware-based, software-based, or a combination of both. Hardware-based firewalls are usually integrated into routers or other network equipment. Software-based firewalls are typically installed on computers and servers.
How do firewalls work?
Firewalls use various techniques to control traffic flowing in and out of a network. Some standard firewall features include:
- Packet filtering looks at the header of each packet and allows or blocks it based on the source and destination IP addresses, port numbers, and other criteria.
- Stateful inspection tracks the status of each connection passing through the firewall and only allows packets that are part of an established connection.
- Access control lists are rules that define what traffic is allowed or denied.
- Intrusion detection and prevention look for suspicious activity, such as attempts to scan for vulnerabilities or inject malicious code.
- Firewalls are an essential part of any network security strategy. They can help to protect your network from a wide range of attacks, including denial-of-service attacks, viruses, worms, and other malware.
What are the firewall category groupings?
There are several different types of firewalls, each with its strengths and weaknesses.
- Hardware firewalls are physical devices installed between your network and the Internet. They can be stand-alone or integrated into other devices, such as routers or switches.
- Software firewalls are programs that are installed on computers and servers. They can be configured to protect a single device or an entire network.
- Cloud-based firewalls are firewall services that are hosted in the cloud. They can protect individual devices or an entire network.
- Unified threat management (UTM) appliances are all-in-one security devices that combine a firewall with other security features, such as intrusion detection and prevention, antivirus, and web filtering.
- A proxy firewall is a server between a network and the Internet. It intercepts all traffic flowing in and out of the network and can be used to enforce security policies.
- Application-level gateway firewall is a proxy firewall that inspects traffic at the application level. It allows it to control which applications are permitted to access the network and to block any that are not approved.
- Next-generation firewall (NGFW) goes beyond simple packet filtering to provide additional features, such as intrusion detection and prevention, application control, and web filtering.
Why use a firewall?
- Firewalls can help to protect your network from
- Blocking unwanted traffic: This can help to prevent malicious code, traffic or behaviour and any other thing from entering your network.
- Tracking activity – firewalls can keep logs of all the traffic passing through them, which can be helpful for monitoring and troubleshooting purposes.
- A firewall can be used to enforce security policies – rules about what type of traffic is allowed on your network.