Cyber Security
What Is a Firewall: Safeguarding Your Cyber Borders
Andrea Abbondanza , 14 Mar, 2024
The internet is a boundless realm, teeming with possibilities—and, unfortunately, with potential threats, too. Just as a fortress protects its treasures with sturdy walls. Much like a fortress safeguards its treasures with sturdy walls, we shield our digital assets with firewalls, creating a barrier against malicious intruders.
Firewalls are popular protection devices that have been used for decades. Thanks to them, many companies can operate confidently today, knowing that their sensitive information is safeguarded against cyber security threats.
To learn more about what is a firewall, continue reading this article!
What Is a Firewall?
So, what is a firewall? A firewall is a network security device that acts as a gatekeeper, monitoring and controlling incoming and outgoing traffic based on predetermined security rules. The term “firewall” comes from real walls that slow down fires. In this case, the firewall slows down cyber threats until they can be stopped.
In a simple term, think of a firewall as a digital bouncer, deciding who gets in and who stays out of your network party. It’s like a barrier between your computer and the internet, checking every guest’s ID to make sure they’re legit.
Firewalls started as basic filters in the late 1980s, looking at data packets and deciding whether they were safe. Now, they’re more advanced, checking not just the packets but also the applications sending them.
Today, firewalls come in various forms, such as hardware devices, software programs, or virtual walls in the cloud network security. They play a crucial role in protecting your computer from hackers, viruses, and other harmful content on the Internet.
How Do Firewalls Work?
Basically, a firewall acts as a barrier between a private network and the outside world, deciding which traffic is safe to allow and which is potentially harmful. It filters out malicious or unauthorized traffic, ensuring that only trusted communication enters or leaves the network.
To understand how firewalls work, it’s important to know about the structure of networks first. Networks consist of endpoint devices, such as computers, that communicate with each other. These devices use networks to access the internet and other internal networks. The internet is divided into sub-networks, including:
- External public networks (like the internet)
- Internal private networks (like home or corporate networks)
- Perimeter networks (which act as a buffer between internal and external networks)
Firewalls can be placed at different points in a network. Network firewalls are placed between external and internal networks and regulate inbound and outbound traffic. They can be hardware devices, software programs, or virtual appliances. Host firewalls, on the other hand, are installed on individual devices and regulate traffic to and from specific applications. They can be part of the device’s operating system or a separate security application.
Firewalls use rules to filter traffic based on factors like the source and destination of the connection, the content being sent, and the packet and application protocols being used. Based on these rules, they can allow, deny, or inspect traffic.
Types of Firewalls
There are several types of firewalls, each with its own functions and capabilities. These include:
Proxy service
A proxy service, also called a proxy firewall, is a network security tool that filters messages at the application layer. It sits between your device and the internet, acting as a middleman.
Proxy firewalls monitor traffic for layer 7 protocols like HTTP and FTP. Based on preset security rules, they decide whether to let traffic through or block it. They can also store commonly used data to speed up internet access and hide your IP address for privacy and security.
Next Generation Firewall (NGFW)
A Next-Generation Firewall (NGFW) is a special kind of firewall that does more than look at the outside of data packets. It goes deeper, checking the actual data inside the packets to detect threats better and stop them. NGFWs also pay attention to the kind of applications trying to send or receive data, which helps them catch sneaky threats hiding in normal-looking traffic.
These firewalls mix the usual firewall stuff with extra features like checking encrypted data for problems, spotting and stopping suspicious activities, and scanning for viruses. This makes NGFWs better at keeping networks safe than regular firewalls.
Packet filtering
Packet filtering is a type of firewall that examines data packets as they move through a network. It looks at packet headers to decide if they should be allowed or blocked based on preset rules. This method filters traffic based on IP addresses, port numbers, and protocols.
However, it only examines packet headers and not their contents, which can limit its effectiveness in detecting specific threats. Despite this limitation, packet filtering is commonly used alongside other firewall types for comprehensive network security.
Stateful inspection
A stateful inspection firewall, also known as dynamic packet filtering, is a type of firewall that monitors active connections to decide which network packets to allow through. It initially worked at the transport layer (layer 4) but now operates at multiple layers, including the application layer (layer 7).
One key feature of stateful inspection firewalls is their ability to track and filter network traffic based on connection state. This means that the firewall maintains a state table that keeps track of the state of each connection passing through it.
Network address translation (NAT) firewalls
Network Address Translation (NAT) firewalls include NAT functionality, which modifies network address information in packet headers as they pass through a router. This allows multiple devices on a local network to share a single public IP address, providing security by hiding internal IP addresses and conserving public IP addresses. NAT firewalls are commonly used to enhance network security and address conservation.
How to Use Firewall Protection
Firewalls cannot stand alone. They need help to ensure that protection is effective. Here are the things you should do to make your firewall work effectively:
Use antivirus protection
Firewalls are like the gatekeepers of your network, but they’re not the only ones fighting malware and infections. Using antivirus software is one of the most necessary things to do to truly protect your company.
Antivirus software acts as your network’s immune system, constantly scanning for threats and removing them before they can cause harm. Most antivirus software includes a firewall feature, which adds an extra layer of protection by monitoring and controlling incoming and outgoing network traffic based on predefined security rules.
Segmented network
Malicious actors moving through a network can pose a severe threat, but this movement can be slowed down by restricting communication between different parts of the network. This is why segmenting your network is necessary, as it can limit access to only the people you trust.
Always update your firewalls as soon as possible
Cyber threats are constantly changing. As technology advances, criminals find new and creative ways to attack systems. That’s why keeping your firewalls up to date is essential.
Some types of firewalls, such as personal and home firewalls, can usually be updated safely right away. However, companies or large organizations may need to verify configurations and compatibility throughout their network initially.
Have active network redundancies to avoid downtime
Setting up backup systems or pathways in your network is essential to prevent interruptions in case of failure. This is important for maintaining continuous firewall protection. If one firewall fails, the redundant system can take over, ensuring that your network remains protected from cyber threats.
Limit accessible ports and hosts with an allow list
Restricting access to your network to only approved ports and hosts can be done by creating a whitelist of trusted IP addresses that can communicate with your network. By doing this, you reduce the risk of unauthorized access and potential security breaches. It is easier to maintain security by allowing access only when necessary rather than trying to revoke access and mitigate damage after a security incident.
Firewall Examples
Firewalls have been around for a long time, so there are many different places where people have used them. Here are a few examples:
U.S. power grid operator’s unpatched firewall exploited
In 2019, a U.S. power grid operator faced a cyber attack due to a Distributed Denial-of-Service, or DDoS attack, in their firewall. While the attack did not disrupt electrical delivery or outages, it caused interruptions in the electrical system’s operations. In this context, “operations” refers to the computer systems used within the utilities, including those for office functions or operational software.
This incident highlights the critical importance of regularly updating software, including firewall systems, to protect against cyber attacks and ensure the reliable operation of critical infrastructure like the power grid.
Great Firewall of China, internet censorship
The “Great Firewall of China” refers to the internet censorship and surveillance system used by the Chinese government to control and monitor internet traffic within the country. Since approximately 2000, China has established internal firewall frameworks to create a closely monitored intranet. These firewalls allow for the creation of a customized version of the global internet, where access to specific websites and services is restricted or blocked.
Additionally, China’s firewall enables the government to limit internet services to local companies, promoting domestic internet companies and controlling the flow of information.
COVID-19 U.S. federal agency compromised due to remote work weaknesses
In 2020, a United States federal agency was breached due to various security weaknesses, including a misconfigured firewall. The firewall had numerous outbound ports left open to traffic, potentially allowing unauthorized access to the agency’s network. Additionally, the agency’s network faced new challenges related to remote work, as many employees were working from home due to the COVID-19 pandemic.
These vulnerabilities underscore the importance of properly configuring and maintaining security systems, especially with the rise of remote work.
Frequently Asked Questions
Why is a Firewall a Threat?
A firewall is not a threat itself. However, if a firewall is misconfigured or improperly maintained, it can become a threat by allowing unauthorized access to a network or failing to block malicious traffic. It’s important to note that a firewall cannot defend a network from internal threats such as backdoors.
Is a Firewall a Good Thing?
Yes, a firewall is generally considered suitable for network security. It acts as a barrier between a trusted network and untrusted networks, such as the Internet. It helps prevent cyber criminal activities such as phishing, spreading viruses, and more.
Do Firewalls Stop Viruses?
Firewalls can stop viruses from spreading to a network by blocking harmful traffic. However, they can’t find or delete viruses from specific devices. For this, antivirus software is needed.
Conclusion
Firewalls serve as digital gatekeepers, determining which network traffic is safe and potentially harmful. They protect digital assets from cyber threats by filtering and monitoring connections.
These defenses continue to evolve from basic packet filtering to advanced Next-Generation Firewalls (NGFW). However, firewalls require support to be effective, such as antivirus software, network segmentation, and regular updates. By implementing these measures, you can ensure that your network remains well-protected against cyber threats.
To learn more about comprehensive cybersecurity solutions, visit Fluxgate now!