Firewall is a security device or software that acts like a shield for your computer systems, network and applications. The firewall monitors incoming and outgoing traffic, choosing whether to allow or deny the traffic access. The decision is based on a set of predetermined rules. A firewall can be a physical standalone device, a software or set of rules configured to a network device such as a router. We can liken the firewall to a security officer or a secretary in an office. Once a visitor comes to the help desk or front office, they are asked where they are going or whom they want to see. As per the instruction that the secretary already has, the visitor is either allowed through or denied access. The security officer can check the visitors when leaving the premises to ensure they are not carrying from the company anything they aren’t supposed to (in a case of a Data Loss Prevention).

 

Types of Firewalls

There are several types of firewalls. We shall look at the most common ones;

Network firewall: This is a device or software application that monitors, checks and controls incoming and outgoing network traffic based on predetermined security rules. The main function of this type of firewall is to institute a barrier between an internal trusted secure and controlled network and untrusted external networks, like the internet. It aims to protect against unauthorized access, data leakage or breaches and generally, cyber attacks. A network firewall can either be hardware or software.

Hardware firewall: This is a dedicated security device that provides firewall operations through specialized hardware components. Hardware firewalls are standalone devices intended with a goal of securing network traffic.

Software firewall: This firewall is configured as a software running on a dedicated server, personal computer, a router or virtual machine. Software firewalls depend on resources and operating system of the device it is installed on, to put into effect the security policies and rules.

End point firewall: Sometimes referred as host-based firewalls, they operate on individual personal computers, laptops or servers and control the inflow and outflow of traffic at the device level.

Perimeter firewall: This is a type of network security device or software that sits at the edge or border of an organization’s network. This forms the boundary between the trusted internal network and the external (internet). Some organisations deploy this firewall type in form of SaaS to protect their cloud environment and in a case where their network is spread in a large area (Wide Area network). It is often referred to as Firewall as a Service or simply Cloud Firewalls.

Next-generation firewall (NGFW): A highly upgraded firewall that merges the capabilities of conventional firewall with advanced security features, such as deep packet inspection, intrusion, detection and prevention.

Web Application Firewall: A WAF is a type of firewall specialized to provides security for web applications. It monitors, filters and examines HTTP traffic between a targeted web application and the internet.

 

Firewalls Features

Now, we have seen how these firewalls have different functionalities and designs. But what is an indication of a suitable and reliable firewall? Some aspects are used to gauge their worth as per the intended use;

Flexibility: A good firewall has provisions to allow network administrators to define, customize and enforce security policies based on some criteria such as applications, IP addresses, protocols and even specific port numbers.

Stateful Packet Inspection (SPI): The SPI feature allows the firewall to map and track the state of active network connections and make intelligent filtering choices based on the context of the traffic. Each packet is inspected and sometimes a comparison is made with previous packets that had been scrutinized. This feature helps prevent unauthorized access thus ensuring that only legitimate and genuine traffic is allowed to pass through.

Application Awareness: When a firewall is aware of the applications or services it controls, it only allows traffic that deem fit for the services. Such advanced firewalls identify and control network traffic based on specific applications or services enforcing security policies at the application layer therefore mitigating risks associated with specific applications or protocols in place.

Intrusion Detection and Prevention: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are systems that most advanced firewalls tend to have as it makes it easier to detect and prevent malicious intrusion attempts, malware infections and even denial of service (DoS) attacks.

Logging and Reporting: Reports, audit trials and logs are important as it helps to geta a summary of threats and overall activities of devices connected to a network. This can be used to monitor traffic, analyze security events and generate reports for compliance and regulatory or auditing reasons.

Content Filtering: An easy way to avoid bloated sites is to block them. With a firewall that can blacklist and whitelist sites and have time restrictions can be used to restrict access to some websites at certain times, therefore improving productivity in some organisations, protect against web-based threats and also ensure network efficiency. Social media, movie streaming, adult content and betting sites can be controlled by this feature.

Redundancy: The firewall shouldn’t be a bottleneck, where it becomes a point of  weakness of the company’s network. There should be a provision to ensure the firewall is always available for continuous protection and availability of network services. The elements provided to support redundancy can be load balancing and automatic failover in the event of a network failure.

Access Control: As part of the flexibility, some firewalls have access control features such as user authentication. This gives the administrators a provision to configure the firewall to control access to network resources based on user identity and resources they need. This works well when the firewall has VPN capabilities too.

Virtual Private Network (VPN) Support: The firewalls should have a VPN functionality so as to allow secure connection to the internal network from the internet. This way, there will be no need to have another VPN in place.

 

Benefits of a firewall in place

There are a lot of benefits of having a reliable firewall in place. A few of them include;

  • Improved network security as the firewalls act as a barrier between a trusted internal network and untrusted external networks, such as the internet therefore blocking malware and other threats. We have described some of the threats in our IT Threats article.
  • As we have seen as part of a feature, a firewall can be used to control access to network resources.
  • The IDS and IPS can be used to prevent and protect breach of sensitive data.
  • The firewall can be used to monitoring network activities and generate a report on the same.
  • Some regulatory bodies require a firewall to be in place, therefore a firewall is an indication of compliance.

Related Articles