What is a Firewall?

A firewall is a type of network security device that monitors incoming and outgoing network traffic and allows or denies data packets depending on a set of security rules. Its objective is to create a barrier between your internal network and incoming traffic from outside sources (such as the internet) in order to prevent unwanted traffic such as viruses and hackers.

How does a firewall work?

To prevent attacks, firewalls thoroughly examine incoming traffic based on pre-defined criteria and filter traffic coming from unsecured or suspect sources. Firewalls protect traffic at a computer’s entrance point, known as ports, where data is exchanged with external devices.

Why Firewall is needed?

Firewalls are designed to prevent malware and application-layer attacks. Together with an integrated intrusion prevention system (IPS), these Next Generation Firewalls can identify and battle assaults across the entire network in real-time. Firewalls can operate on previously defined policies to better safeguard your network and can do fast assessments to detect and shut down unwanted or suspicious activities, such as malware. When you use a firewall as part of your security infrastructure, you configure your network with precise policies that allow or prohibit incoming and outgoing traffic.

Types of Firewalls

Types of firewalls are mainly classified into four types. They are

  • Next-Generation Firewalls
  • Proxy Firewalls
  • Stateful Multilayer Inspection (SMLI) Firewalls
  • Network Address Translation (NAT) Firewalls

Next-generation firewalls (NGFW) integrate classic firewall technology with new features such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Deep packet inspection is its most remarkable feature (DPI). Deep packet inspection, as opposed to typical firewalls, analyses the data within the packet itself, allowing users to more efficiently identify, categorize, and stop harmful data packets.

Proxy Firewalls: At the application level, proxy firewalls filter network traffic. Unlike traditional firewalls, the proxy operates as a middleman between two end systems. The client must send a request to the firewall, which must then analyse it against a set of security rules before allowing or blocking it. Proxy firewalls, in particular, monitor traffic for layer 7 protocols such as HTTP and FTP and detect malicious traffic using both stateful and deep packet inspection.

Stateful Multilayer Inspection (SMLI) Firewalls: Firewalls using stateful multilayer inspection (SMLI) filter packets at the network, transport, and application levels by comparing them to known trusted packets. SMLI, like NGFW firewalls, examines the entire packet and only allows it to pass if it passes each tier individually. These firewalls scan packets to determine the status of the communication (thus the name) in order to ensure that all initiated communication occurs only with trustworthy sources.

Network Address Translation (NAT) Firewalls enable numerous devices with distinct network addresses to connect to the internet using a single IP address while concealing individual IP addresses. As a result, attackers scanning a network for IP addresses are unable to obtain precise details, increasing protection against attacks. NAT firewalls, like proxy firewalls, serve as an intermediate between a group of computers and outside traffic.

Proxy and Application Layer Firewalls: By filtering and inspecting the payload of a packet, proxy firewalls can protect the application layer by distinguishing valid requests from dangerous code masquerading as valid data requests. Proxy firewalls keep application layer attacks on web servers from becoming more frequent. Furthermore, proxy firewalls provide security engineers with greater granular control over network traffic.

Application layer filtering using proxy firewalls, on the other hand, allows us to prevent malware and distinguish misused protocols such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), specific programs, and domain name systems (DNS).

Advantages and Disadvantages of Firewalls

Advantages of Firewalls

Firewalls play a significant role in security management in businesses. The following are some of the most significant benefits of firewalls.

  • It improves security and privacy when using susceptible services. It keeps unauthorised users from connecting to a private network that is linked to the internet.
  • Firewalls respond faster and can manage higher traffic loads.
  • A firewall makes it possible to manage and update security protocols from a single authorised device.
  • It protects your network from phishing assaults.

Disadvantages of Firewalls

  • Firewalls are unable to prevent users from obtaining data or information from rogue websites, exposing them to internal dangers or attacks.
  • It cannot guard against the transfer of virus-infected data or software if security rules are incorrectly implemented, nor can it protect against non-technical security concerns (social engineering)
  • It does not prevent password misuse or attackers using modems from dialing in or out of the internal network.
  • Firewalls do not protect systems that are already compromised.