Firewall: What It Is, How It Works, and How to Choose the Best One for Your Network

[Man]

Introduction​

In today's digital world, we are constantly connected to various networks, such as the Internet, corporate intranets or home networks. But how can we be sure that our data and devices are protected from malicious attacks or unwanted access? For this, there is a special network security tool called a firewall.

The purpose of this article is to explain what a firewall is, how it works, what types of firewalls exist, and why it is important for our privacy and security online. We will also look at some examples of firewall use cases and provide recommendations on choosing and using firewalls.

Definition of a firewall​

A firewall is a network security system that controls incoming and outgoing network traffic based on specified security rules. A firewall establishes a barrier between a trusted network and an untrusted network, such as the Internet.

The purpose of a firewall is to filter good from bad, or trusted from untrusted traffic. The term comes from the concept of physical walls that serve as barriers to slow the spread of a fire until firefighters arrive. Similarly, firewalls are designed to manage network traffic - usually to slow the spread of network threats.

History of the development of firewalls​

The first firewalls appeared in the late 1980s in response to the growing number of cyber attacks on computer systems. They were based on the principle of a proxy server, which acted as an intermediary between two networks for a specific application. Proxy servers could provide additional features such as content caching and security by preventing direct connections from outside the network. However, this could also impact bandwidth and application support.

In the early 1990s, a new type of firewall was developed called a stateful firewall. This type of firewall allowed or blocked traffic based on state, port, and protocol. It monitored all activity from the opening of a connection to its closing. Filtering decisions were made based on rules defined by the administrator, as well as context, which referred to the use of information from previous connections and packets belonging to the same connection.

In the late 1990s and early 2000s, unified threat management (UTM) firewalls emerged. These devices combined the functions of a firewall with intrusion detection and antivirus. They could also include additional services and cloud management. UTMs focused on simplicity and ease of use.

Today, most companies use next-generation firewalls (NGFW) to block modern threats such as advanced malware and application-layer attacks. According to Gartner, Inc., a next-generation firewall should include:

• State-based intelligent access control
• Integrated Intrusion Prevention System (IPS)
• App awareness and control to see and block risky apps
• Upgrade paths to include future information flows
• Methods for Addressing Evolving Security Challenges
• URL filtering based on geolocation and reputation

Beyond these capabilities, NGFWs can do more. Threat-aware firewalls include all the capabilities of a traditional NGFW, plus advanced threat detection and mitigation.

How does a firewall work?​

A firewall decides what network traffic is allowed to pass through and what traffic is considered dangerous. Essentially, it works by filtering the good from the bad, or the trusted from the untrusted. However, before we get into the details, it is useful to understand the structure of network networks.

Firewalls are designed to protect private networks and the endpoint devices on them, called network hosts. Network hosts are devices that “talk” to other hosts on the network. They send and receive between internal networks, and outgoing and incoming between external networks. Computers and other endpoints use networks to access the Internet and each other. However, the Internet is divided into subnetworks or “subnets” for security and privacy. The main subnet segments are:

• External public networks typically refer to the public/global Internet or various extranets.
• Internal private networks define home networks, corporate intranets, and other “closed” networks.
• Perimeter networks describe edge networks consisting of bastion hosts - computer hosts dedicated to enhanced security that are prepared to withstand external attack. As a secure buffer between internal and external networks, they can also be used to host any externally facing services provided by the internal network (e.g., servers for web, mail, FTP, VoIP, etc.). They are more secure than external networks, but less secure than internal ones.

Firewalls are typically installed at the boundary between a trusted and untrusted network to create a “choke point” through which all traffic passes. They analyze data sent over a computer network and make decisions based on a set of rules. Data sent over a computer network is collected into a packet that contains the sender and receiver IP addresses, port numbers, and other information. Before the packet reaches its destination, it is sent to the firewall for inspection. If the firewall determines that the packet is allowed, it forwards it to its destination; otherwise, the firewall discards the packet.

The criteria that a firewall uses to determine whether a packet is allowed or not is called a rule set. For example, a firewall rule might say: drop all incoming traffic to port 22, which is commonly used to remotely log into computers using SSH (secure shell). In this case, when a packet arrives with a destination port of 22, the firewall ignores it and does not deliver it to the source IP address.

Types of Firewalls​

Firewalls can be different in their structure, functionality and location. Depending on these factors, we can distinguish the following types of firewalls:

• Packet filtering firewall. This is the simplest and fastest type of firewall, which operates at the network layer of the OSI model and compares each data packet to a set of rules based on IP addresses, ports, and protocols. If the packet matches a rule, it is allowed through; if not, it is blocked. This type of firewall does not take into account the context or state of the connection, so it can be susceptible to attacks such as IP spoofing or fragmentation.
• Session-layer gateway firewall. This type of firewall operates at the session layer of the OSI model and monitors TCP (Transmission Control Protocol) connections between networks. It checks whether the connection is trusted based on the TCP handshake and allows or blocks traffic based on that. It does not analyze the contents of packets or applications, so it may miss some types of attacks.
• Stateful firewall. This type of firewall is an improvement on the previous types and operates at the transport layer of the OSI model. It tracks the state, port, and protocol of each connection and remembers information about previous packets belonging to the same connection. It can also check the headers and contents of packets for compliance with security rules. This type of firewall is more effective in blocking complex attacks such as DoS (Denial of Service) or DDoS (Distributed Denial of Service).
• Unified Threat Management (UTM) Firewall. This is an appliance that combines stateful firewall functionality with other security services such as antivirus, IPS (Intrusion Prevention System), URL (Uniform Resource Locator) filtering, VPN (Virtual Private Network) and cloud management. UTM focuses on simplicity and ease of use for small and medium businesses.
• Next-generation firewall (NGFW). This is an advanced type of firewall that includes all the capabilities of a stateful firewall, but also provides additional features such as application awareness and control, integrated IPS, geolocation- and reputation-based URL filtering, support for future information flows, and methods for addressing evolving security challenges. An NGFW is capable of blocking modern threats such as advanced malware and application-level attacks.
• Threat-focused firewall. This is the most advanced type of firewall, which includes all the capabilities of an NGFW, but also provides advanced threat detection and mitigation. With this type of firewall, you can:
• Threat-focused firewall. This is the most advanced type of firewall, which includes all the capabilities of an NGFW, but also provides advanced threat detection and mitigation. With this type of firewall, you can:
• Detect and block known and unknown threats in real time
• Automatically correlate security events and network activity
• Use global threat intelligence to update rules and policies
• Isolate infected systems and restore normal operation
• Hardware and software firewalls. This is a division of firewalls by the method of implementation. A hardware firewall is a separate device that connects to a network and filters traffic between networks. A software firewall is a program that is installed on a computer or other device and filters traffic between the device and the network. Hardware firewalls are usually more powerful, reliable and secure, but also more expensive and difficult to configure and maintain. Software firewalls are usually cheaper, flexible and easy to use, but also more vulnerable, slower and dependent on the device's resources.
• Network and personal firewalls. This is a division of firewalls by location. A network firewall is a firewall that protects the entire network or part of it from external traffic. It can be hardware or software, but is usually located on the border between networks. A personal firewall is a firewall that protects one device from incoming and outgoing traffic. It is always software and is usually built into the operating system or antivirus software.

The Importance of Firewalls in Today's Digital World​

Firewalls play a key role in ensuring information security and privacy on the network. They provide the following benefits:

• Protecting information and privacy. Firewalls prevent unauthorized access to your data, files, passwords, personal information, and other sensitive resources. They can also encrypt your traffic to protect it from interception or tampering.
• A preventative measure against cyber attacks. Firewalls block most common types of attacks, such as port scanning, password guessing, remote code execution, denial of service, and others. They can also detect and isolate infected systems to prevent malware from spreading across the network.

Examples of using firewalls​

Firewalls can be used in a variety of scenarios to protect different types of networks and devices. Here are some examples:

• In a corporate network. Corporate networks typically have multiple subnets for different departments, functions, or services. To protect such networks from external and internal threats, it is necessary to use firewalls of different types and levels. For example, you can use a hardware NGFW at the edge of the Internet, a software firewall with a state on each server, and a personal firewall at each workstation.
• In home networks. Home networks also need protection from hacking, spying, and malware. This can be done using a hardware firewall built into the router or modem that connects your home network to the Internet. You can also use a software firewall on each computer, tablet, or smartphone that connects to your home network.
• In cloud services. Cloud services provide users and organizations with access to various resources and applications via the Internet. To protect such services from unauthorized access and attacks, it is necessary to use firewalls specifically designed for the cloud environment. For example, you can use a web application firewall (WAF), which protects web applications from application-level attacks such as SQL injections or XSS (Cross-Site Scripting). You can also use a firewall as a service (FWaaS), which provides a firewall as a cloud service that can be easily configured and scaled.

Recommendations for the selection and use of firewalls​

When selecting and using firewalls, the following factors must be considered:

• Tailored to specific needs and circumstances. There is no one-size-fits-all solution. Depending on the type, size, and purpose of your network or device, you may need a different type or combination of firewalls. For example, to protect a corporate network, you might use a hardware NGFW at the edge of the Internet and a software firewall on each server and workstation. To protect a home computer, you might use a software firewall with antivirus and VPN.
• Update and configure firewalls. To ensure maximum security for your firewall, you should regularly update its software or firmware, and configure its rules and policies to meet changing conditions and threats. You should also check firewall logs and reports to monitor network activity and identify anomalies or violations.
• Comply with security standards and best practices. Depending on your industry or region, you may be required to comply with certain data security standards or regulations, such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), or GDPR (General Data Protection Regulation). To do this, you must select and use firewalls that meet these requirements. In addition, you must follow security best practices, such as:
• Strengthening and properly configuring the firewall
• Planning a Firewall Deployment
• Firewall protection
• Protecting user accounts
• Restricting access to zones based on approved traffic
• Ensuring Firewall Policy Compliance and Usage
• Testing to verify policies and identify risks
• Audit of software or firmware and logs

Conclusion​

In this article, we explained what a firewall is, how it works, what types of firewalls exist, and why it is important for our privacy and security online. We also looked at some examples of firewall use cases and provided recommendations on choosing and using firewalls.

A firewall is an essential network security tool that protects our data, devices, and applications from unauthorized access, malware, and other threats. However, a firewall is not a panacea for all security issues and should be combined with other security measures such as antivirus, VPN, IPS, WAF, and others.

When choosing and using a firewall, we must consider our specific needs and circumstances, and adhere to security standards and best practices. Only then can we ensure reliable protection of our network and our business.