The loose use of the term “firewall” and the many forms this technology takes has made this topic seem more convoluted than it is. Let’s start from the ground up.
A firewall is a system that prevents unauthorized access from entering a private network. Filtering the information that comes in externally, it prevents unwanted traffic and permits wanted traffic. Simply,firewalls are safety barriers between a private network and the public internet. They’re the main component preventing malicious traffic from penetrating the network they’re on.
A computer network firewall’s function is very similar to that of building structure firewalls (hence the name). The latter acts as a physical barrier, so in the event of a fire the fire is contained from spreading to the other side of the firewall and kept from destroying the entire building.
To properly filter the data passing through it, firewalls use configured standards to determine what’s allowed to enter and leave the network being protected. A set of permit and deny conditions – called rules – are specified in a collection known as an Access Control List (ACL). Firewall rules can be customized and based on specified domain names, protocols, programs, ports, keywords, etc. In an organization setting, these specifications are typically determined by the network administrator.
According to their structure, there are two types of firewalls – Software and Hardware.
Software Firewall (AKA Host Firewall)
A software firewall is installed individually on the host devices of a network with the specific configurations that make it compatible. It protects that computer and that computer only. A common edge is the ability to distinguish traffic between programs. Most modern operating systems include a software firewall as part of their operating system. These can also come as part of an antivirus program or from some other 3rd party (e.g., ZoneAlarm).
Hardware Firewall (AKA Appliance Firewall, Network Firewall)
A Hardware Firewall is a physically separate hardware devices placed between an internal and external network. It has its own resources, not consuming any RAM or CPU power from the host devices of the network (unlike a software firewall). These can be stand-alone products which are typically used by medium or large organizations with numerous computers under one network.This way, the security needed to be applied to a large group of devices doesn’t have to be individually installed. These can also be a built-in component of a router which is what a lot of smaller organizations rely on. Another form is the Cloud Service Provider’s infrastructure (which we’ll get to).
Organizations will typically use both host and network firewalls in their networks for an effective layered protection. This way if harmful data happens to get past the network-based firewall, there’s still a host-based firewall to stop it from reaching the computer.
Firewalls are also categorized by their method to secure a network(set up as software or hardware).
Packet-Filtering Firewall – This monitors traffic by filtering packets according to the incoming header information being carried. It inspects the protocol, source and destination IP addresses, and source and destination ports and compares it to its ACL. Packet-Filtering Firewalls are a basic security checkpoint attached to a router/switch. While this method is fast and important, it’s not the strongest on its own since it only inspects the header information and not the data itself.
Circuit-Level Gateway – This ensures the safety of established connections. These are often built into other software or already-existing firewalls. They inspect the information about the transaction, but not the actual data.
Cloud Firewall (AKA FaaS) – This is a cloud solution for network protection maintained and run externally by a third-party vendor. These are often used as proxy firewalls but can be configured according to the client’s needs. A big advantage is this firewall’s capacity for traffic load is independent of physical resources giving it easy scalability.
Stateful Inspection Firewall – This monitors active connections. Once outbound traffic has been allowed, the returning traffic is accepted. This mitigates needing to setup incoming rules separate from outgoing rules.
Proxy Firewall – This protects a network by forwarding requests from the original client and masking it as its own request (proxy meaning to act as a substitute). This hides the client’s identity and location protecting it from restrictions and attackers.
Unified Threat Management (UTM) Firewall – The idea behind a UTM firewall is to have a single appliance executing a broad range of security features. Firewalls that includes URL Filtering,Email Scanning, and Data Loss Prevention are often considered UTMs.
Next-Generation Firewall (NGFW) – The term NGFW is a bit fuzzy. Companies will use it to describe their new products while each differing between what makes their firewall “next-generation” and what their NGFWs feature. In essence, an NGFW is a traditional firewall (what we’ve been talking about up to now) with features for a significant security enhancement. These features might include Application-Level Inspection, Intrusion Prevention System (IPS), and External Threat Intelligence
Choosing a firewall – even better a combination of them – it’s important to consider certain factors of the context your using them in:
Organization size – The internal network’s size determines the practicality of managing a firewall on each device and if it’s necessary to have one that monitors the network as a whole. What setup is the IT team capable of managing? What traffic load is the internal network experiencing and what do the firewalls need to handle?
Available Resources – Do you have the resources to have a firewall from the internal network on a separate hardware? Can you afford a cloud service (and does that make sense to the organization’s size)?
Required Protection Level – What security measures are required and what firewalls fulfill these? How sensitive is the data that the organization is dealing with?
Now you have an insight into firewalls, their types, and what to consider between them! For more information like this, check out our other posts below!