What is a Firewall, & Why is it Important?
The death of the firewall has been going around for years and continues today. Let me first say this, the firewall, as many of us know it died 10+ years ago. If I compared a firewall today to my first experience with a firewall 18 years ago, the firewall 18 years ago did next to nothing. No one was expecting it to do much more than NAT, TCP/UDP Firewall Rules, simple route, and maybe if you were lucky a VPN. The firewall of today has consolidated many pieces of technology into one appliance. Some of these technologies are Routers, Content Filtering, Bandwidth Shaping, VPN, IDS/IPS, SD-WAN, Load-Balancers, etc. The firewall of today really is so much more than it was ever created to be. Now, let’s get into an overview and history of the firewall.
What is a Firewall?
A firewall is a type of network security device that monitors all ingoing and outgoing traffic (packets of information) on a network. The firewall analyzes all traffic and blocks any traffic that appears to be suspicious when compared to a defined set of security rules.
Firewalls have been the first line of defense in network security since the 1980s. Their job is to establish an impenetrable barrier between trustworthy internal networks and potentially untrustworthy external networks, such as the internet. A firewall can be made using hardware, software, or a combination of the two.
A good firewall analogy is the front desk security guard, who verifies every person going in or out of the building, regardless of whether they are an employee or a guest. Suspicious individuals are refused entry to the portion of the building beyond the security desk.
How Do Firewalls Work?
Firewalls are programmed with specific pre-established rules, which they compare all ingoing and outgoing packets against. This helps filter out suspicious traffic and prevent cybersecurity attacks. Firewalls guard each entry point to the network (called ports) so that unauthorized individuals can’t gain access to the network.
Firewalls can also be used inside the network to limit access to critical systems. This helps prevent unauthorized employees from accessing sensitive or critical information while ensuring that select employees who do need access can get it. For example, not every employee needs to be able to access sensitive company financial records to do their job, but select employees within the accounting department do. A firewall between the accounting department and the rest of the network offers a second layer of protection to safeguard those sensitive files from unauthorized users.
Why Are Firewalls Important?
Firewalls play a vital role in your network’s defense systems. Not only can they help keep unauthorized users out, preventing cybersecurity attacks, but they can also be used to segment your network and limit access to sensitive areas on the network to individuals who genuinely require access. This helps prevent employees from inadvertently exposing critical systems or confidential information and compromising the overall security of your network.
Types of Firewalls
There are several different types of firewalls, each of which is designed to address different needs. These include:
Packet Filtering Firewalls
Packet filtering firewalls monitor all network traffic both into and out of the internal network and checks each packet that moves through it. Each packet is compared against a predefined list of rules and is either accepted or rejected. Though this type of firewall is transparent and relatively effective, it can be challenging to configure. It is also vulnerable to IP spoofing attacks, which allow unauthorized users to pretend that they are using a pre-authorized IP address to trick the system into allowing their packets through.
Proxy servers can be used to mask a user’s IP address, acting as a go-between for the user and the sites or networks they are accessing. One of the main advantages of proxy firewalls is that they can be configured to allow only select types of network traffic to pass through them (such as web pages or HTTP files). However, proxy servers and firewalls can slow down network traffic, since all traffic passing through it needs to be analyzed and masked.
Web Application Firewalls
Web application firewalls rely on specialized hardware to filter out unauthorized traffic between a web application and the wider internet. These firewalls are particularly useful against cyberattacks such as SQL injections, which involve slipping unauthorized code into a closed network via an entry field, such as a contact form, and tricking the system into revealing sensitive data. This type of firewall can also help prevent cross-site forgery attacks or cross-site scripting attacks.
Network Address Translation (NAT) Firewalls
These firewalls allow multiple devices to access the internet using a single IP address, hiding the individual IP addresses. This helps ensure that any cybercriminals scanning the network aren’t able to gain specific details about authorized users. Just like proxy firewalls, NAT firewalls act as a barrier between legitimate users and external networks, such as the internet.
Circuit-Level Gateway Implementation Firewalls
Circuit-level gateway implementation firewalls are used for TCP (transmission control protocol) or UDP (user datagram protocol) connections, which create secure connections between the host (or internal network) and the user. Once the user has been verified, and the connection has been made, data can flow freely between the two points without the need for constant verification.
Stateful Multilayer Inspection Firewalls
This type of firewall is used to filter packets at the network, transport, and application layers. Incoming or outgoing packets are compared against trusted packets, and only allows a packet through if it can be independently verified at each layer. Packets are examined to determine their contents so that packets can only be sent to and received from trusted sources.
Next Generation Firewalls (NGFW)
The firewall of today would be known as the NGFW. Next-generation firewalls do so much more than simple packet filtering and stateful inspections, and can even be configured to detect malware and thwart application layer attacks. They can also help with intrusion prevention, include application awareness technology to view and block risky applications, incorporate techniques to address evolving security threats, and can be fed new information to increase security. The NGFW can take over the shaping of bandwidth via IP/User/Application aware technology that a company used to have a separate appliance for. Many of the next-generation firewalls will have SD-WAN capabilities built-in again, eliminating the need for another appliance or point of failure.
The Benefits of Managed Firewalls
With the creation of the NGFW, it has made it increasingly difficult for a company to manage their own firewall unless they have a team of people that their sole responsibility is doing just that. That typically isn’t the case and isn’t very cost-effective from a business perspective. With the consolidating of many technologies into a single NGFW is has increased the complexity of the technology while decreasing the demand and need for so many appliances to manage and secure the network.
The shift to next-generation firewalls has only increased the demand for a managed services partner that is an expert at all things firewall. A managed firewall involves partnering with a trusted professional, who will help you select firewall services from an industry-leading organization (such as Sonicwall or Fortinet), and then calibrate your firewall to provide maximum protection while also optimizing your network performance.