What is a firewall?
A firewall is a computer security system that monitors and controls network traffic. The software or hardware unit selectively blocks or allows data packets to pass through, following established security rules.
Often positioned as a barrier between the public internet and your device or network, it protects against various online threats. A firewall is one of the fundamental staples of network security that has always adapted to the changing cybersecurity landscape.
What is the purpose of firewalls?
Firewalls are used in business and consumer settings to enhance network security. The main use cases of this tool are to intercept incoming malicious packets or create segmentation within the network. Configuring a firewall according to specific security policies allows network administrators to have additional controls within a network.
Apart from threat defense, firewalls contribute to cybersecurity intelligence by performing logging and auditing functions. The logs can then be analyzed to improve security policies. At the same time, this helps to paint a broader threat landscape that businesses are dealing with daily.
Finally, firewalls with added DNS-based filtering can also be used for content filtering, especially when set up within the network. By denying unwanted URLs and IP address ranges, network administrators can deny access to various websites.
The different types of firewalls
Despite the naming, firewalls can have numerous differences that set them apart.
Proxy firewalls
A proxy firewall protects network resources by filtering exchanged application layer packets. Users connect to the gateway (or proxy) between a local network and the public internet. A firewall is set up on the server inspecting outgoing traffic packets and creating a connection to other web servers.
The same process happens in reverse when a web server initiates a connection back to the client, inspecting what is being sent. This eliminates a direct connection between the client and the web server, enforcing the established security policies.
One of the biggest flaws of this system is when a single proxy server is assigned for multiple users, and sometimes the proxy server can be a bottleneck in terms of efficiency. Exponentially, the processing time at every exchange can take longer with each user. Higher latency is something that network administrators have to take into consideration when contemplating this method.
Stateful firewalls
Stateful firewalls keep track of and monitor active network connections while analyzing incoming traffic. Operating at network and transport layers within the OSI model, it intercepts packets and derives data for analysis to improve security. All information from previous interactions and events is retained rather than inspecting every incoming data packet, making its operations much faster.
Context is the primary foundation for stateful firewalls for all of their decisions. In practice, a firewall will allow incoming data packets only if certain specific conditions are met. It also applies to ports, as they can be closed unless a connection requires access to a specific port. This stops attack patterns when hackers are scanning for the ports that are left open.
One of the biggest vulnerabilities of stateful firewalls is that they can be manipulated. Some stateful firewalls can attract outside connections with simple actions like viewing a webpage. In addition, they are extremely susceptible to man-in-the-middle and denial-of-service attack types.
Next-generation firewalls (NGFW)
According to Gartner, NGFWs are highly sophisticated firewalls that can be implemented in either software or hardware. This type greatly expands the functionality of network address translation firewalls allowing them to detect and block sophisticated attacks at application, port, and protocol levels.
Some of the advanced NGFW functions include:
Deep packet inspection (DPI) — looks at packet payloads and checks which applications are accessed by the packets.
Application awareness — firewalls check which applications are running and which ports they are using. It can neutralize certain types of malware that can aim to terminate a running process and take over its port.
Identity awareness — allows the firewall to enforce rules based on users' identities.
Sandboxing — isolates pieces of code from incoming traffic packets executing them in a closed-off environment to ensure that they're not malicious.
In addition, most next generation firewalls integrate at least three basic firewall functionalities like enterprise firewall capabilities, intrusion prevention systems, or application control. This creates a well-rounded mechanism for network security.
Web application firewalls (WAF)
WAFs protects web applications by filtering, monitoring, and blocking malicious HTTP traffic. This firewall can protect against cross-site forgeries, cross-site scripts (XSS), file inclusions, SQL injections, and others. In a way, the WAFs mode of operation is similar to a proxy server, with the key difference being that it acts as an intermediary between the web app server and a client.
As such, web application firewalls are deployed in front of a web application shielding it from the rest of the public internet. That way, the server is protected from threats, as everything must first pass WAF. This type of firewall can come in various forms like software, appliance, or delivered as-a-service.
Like other types of firewalls, WAF operates by enforcing security policies. However, a significant advantage of WAFs is that they adjust policies exceptionally fast. This translates into a more agile system that reacts to varying attack vectors faster.
Firewall-as-a-Service (FWaaS)
FWaaS provides cloud-based internet traffic inspection. What is unique about this type of firewall is that it's delivered exclusively via the cloud. Using FWaaS usually means offloading on-premise data center equipment and shrinking the infrastructure that needs to be maintained.
The deployment of FWaaS is very similar to other cloud-based services. Each customer is assigned a virtual instance of the service, which can be customized from the web interface. More often than not, FWaaS providers offer identical management interfaces that in-house network administrators are already familiar with.
The downsides of such a setup are similar to those of cloud services. For instance, the online delivery model has latency concerns, especially when compared to in-house operations. Finally, there is always a question regarding data privacy, as firewalls are fully outsourced and managed by third-party.
Firewall delivery methods
As was briefly mentioned in the previous section, firewall deployment options can be very different. Here are the main types of firewall delivery methods.
Hardware-based firewalls
Hardware firewalls are self-contained appliances acting as a secure gateway between devices inside the network perimeter and outside it. As they aren't attached to any host devices, they don't consume as much processing power. Their only function is to enforce security policies.
It's an ideal solution for medium and large companies looking to protect many devices within a defined network perimeter. On the downside, they can be complicated to set up effectively and require higher maintenance.
Software-based firewalls
A software firewall runs on a computer or server with the single task of ensuring network security. Also known as a host firewall, it must be installed on each device requiring protection. This means that a portion of the device's processing power needs to be allocated to keep a firewall service operational.
As for their usage, this type of firewall provides security for individual devices against viruses and other threats. This also includes malicious processes running on the host while packet filtering network traffic.
Cloud firewalls
Managed security service providers (MSPs) offer firewalls that are hosted in the cloud. While the provider takes responsibility for the technical side, the client must configure the firewall according to their security policies. This approach works best for huge or globally distributed organizations as it eliminates the need to set it up per device.
History
Originally referring to construction walls intended to contain fire from spreading to other buildings, firewall as a term was introduced in the networking world only in the 1980s. However, it was only understood as one of the router's functions by blocking or filtering the packets sent to them. Its increasing use in various Hollywood media, like the movie WarGames, likely spearheaded its later association with specific functionalities.
Only in the 1990s did application layer firewalls appear performing much more thorough inspections. This marked the development route of firewalls, with all future iterations combining application and network layer packet filtering functionalities and expanding on them in the following years.
The importance of a firewall
Network traffic, especially when it's coming from the public internet, should always be treated with caution. Therefore, firewalls stand as the first line of defense against various threats.
By keeping unused ports closed and filtering out malicious data packets, firewalls safeguard the security of your network.
More importantly, they're pushing the threats away from the endpoint. That way, the threat can often be shot down before it causes any critical damage to the device. It's also a much more secure method as it's much easier to handle the threat rather than try to get it removed once it breaches your network.
Future of next-gen firewalls
Much like the remainder of the cybersecurity inventory — the firewall is changing. Even with the developments in next-generation firewalls, the trend is moving towards higher autonomy and remote delivery methods.
It's expected that firewalls will be even more active in the future and better communicate with various other cybersecurity components, creating a more holistic security mechanism. The next logical step would be integration into Security Information and Event Management solutions.
One thing is sure — as firewalls are such a key component of network security, they will remain as one of the fundamental areas of cybersecurity.