A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on defined security rules. Acting as a barrier between a trusted network and untrusted networks, such as the Internet, a firewall can be hardware, software, or a combination of both.
Let’s delve into the key aspects of firewalls:
Primary Function:
Traffic Control: Firewalls regulate network traffic to protect networks and systems from unauthorized access, cyberattacks, and other malicious activities.
Policy Enforcement: They enforce security policies by allowing or blocking network packets based on the rules defined by the network administrator.
The original firewalls were not standalone devices, but routers or servers with software features added to provide firewall functionality. Over time, several companies developed standalone firewalls.
Dedicated firewall devices enabled routers and switches to offload the memory- and processor-intensive activity of filtering packets. Modern routers, such as the Cisco Integrated Service Routers(ISRs), also can be used as sophisticated stateful firewalls for organizations that may not require a dedicated firewall.
Features of Firewalls
Firewalls share some common properties:
i. Resistant to attacks
ii. Only transit points between networks. (all traffic flows through the firewall)
iii. Enforces the access control policy
How Firewall Works
Stateless Firewall.
The early firewalls were created to inspect packets to verify if they matched sets of rules, with the option of forwarding or dropping the packets accordingly. This type of packet filtering is known as stateless filtering, each packet is filtered based solely on the values of certain parameters in the packet header, similar to how ACLs (access control lists) filter packets.
Stateful Firewall.
The first stateful firewall appeared in 1989, it was developed by AT&T Bell Laboratories. This type of firewall filters packets of information stored in the firewall based on data flowing through the firewall. The stateful firewall can determine if a packet belongs to an existing flow of data. They help to mitigate DoS attacks that exploit active connections through a networking device. Stateful filtering provides dynamic packet filtering capabilities to firewalls. It operates at the Network Layer of the OSI, although for some applications it can also analyze traffic at Layer 4 and Layer 5.
Packet-filtering Firewall.
This can be in the form of a router with the capacity to filter some packet content, such as Layer 3 and sometimes Layer 4 information. They permit and deny based on Layer 4 information such as protocol, and source and destination port numbers.
Packet filtering firewall uses access control lists (ACLs) to determine whether to permit or deny traffic, based on source and destination IP addresses, protocol, source and destination port numbers, and packet type. Packet-filtering firewalls are usually part of a router firewall.
Application Gateway Firewall or Proxy Firewall.
A type of firewall that filters information at Layers 3, 4, 5, and 7 of the OSI reference model. Most of the firewall control and filtering is done in software. The mainly focus on traffic on specific applications or services (like HTTP, SMTP) and can inspect the content of the traffic to identify and block specific content, such as malware or certain types of behavior.
Address-Translation Firewall.
A firewall type that increases available IP addresses and hides network addressing. NAT (Network Address Translation) is a commonly used firewall type that provides both increased available IP addresses and hides network addressing. NAT allows multiple devices on a local network to share a single public IP address, providing an added layer of security by masking the internal IP addresses of the devices.
Host-based Firewall.
A computer or server running firewall software. A host-based firewall is a critical component of a robust cybersecurity strategy, as it provides a layer of defense by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules.
By running firewall software on individual computers or servers, organizations can better protect their systems from unauthorized access, malware, and other cyber threats. It is important to regularly update and configure the firewall to ensure it is effectively safeguarding the host system against evolving security risks.
Transparent firewall.
A firewall that filters IP traffic between two bridged interfaces.This type of firewall will inspect each packet passing between the two interfaces and make decisions based on predefined rules. This will help prevent unauthorized access and protect the network from potential security threats.
Hybrid firewall
A firewall is a combination of different firewall types. For instance, an application inspection firewall merges a stateful firewall with an application gateway firewall. This hybrid approach allows for a more comprehensive and layered security solution, providing protection at both the network and application levels.
By combining the strengths of different firewall types, organizations can better defend against a wide range of cyber threats and attacks. Additionally, hybrid firewalls often offer more flexibility and customization options, allowing businesses to tailor their security measures to meet their specific needs and requirements. Overall, hybrid firewalls are a powerful tool in the ongoing battle to safeguard sensitive data and networks from malicious actors.
In conclusion, firewalls are a crucial element of network security, providing a first line of defense against a range of cyber threats. They help to create a controlled environment where access to network resources is regulated based on security policies, protecting the integrity and confidentiality of data within the network.
