What Is a Firewall, and How Does It Protect Me?
Firewalls are an essential part of cybersecurity defense, so understanding what they are and what they do to protect your network is crucial to minimizing risk for yourself or your company while online.
Table of Contents
- What a Firewall Is
- How it Protects Me
- Types of Firewalls
- Recommendations for Firewalls based on User Type
- Final Thoughts
What a Firewall Is
If you’ve ever studied technology or computers, you probably have run across the idea of a firewall in some regard, but perhaps you want to know what it actually does.
Firewalls protect against outside cyber attackers by shielding your computer or network (sometimes referred to as a LAN — Local Area Network) from malicious or unnecessary network traffic. They can also prevent malicious software, or applications, from accessing a device or a LAN via the internet (sometimes referred to as a WAN — Wide Area Network). Firewalls can be configured to block data from specific locations (e.g. IP addresses), applications, or ports while allowing relevant and necessary data through.¹
In more abstract terms, you can think of a firewall like a very strong fence around a property. Only the appropriate and authorized people (good data/traffic) are allowed into the property if they have the right key (authorization from the firewall). Another analogy could be a set of security guards posted around the perimeter of a property, which only allow verified personnel onto the property with the right credentials.
How a Firewall Protects Me
Firewalls can protect against hackers, block unapproved websites, monitor incoming and outgoing traffic, limit bandwidth use, protect against network crashes, and support VPN.³
Firewalls scan the incoming traffic and warn you about the risk associated with downloading a new application on your system or clicking on a link from an unknown source. If a hacker is targeting you via phishing, and you carelessly click the link, a firewall may give you a second chance to redeem yourself by asking if you really want to go to this site because it seems dangerous, or by simply blocking the request.³
An unsecured website can also pose a threat to a Single Office/Home Office (SOHO) or company’s network. Examples of these could be illegitimate websites that pose as legitimate websites, illegal downloading websites, and dubious shopping portals. A firewall can be configured to blacklist, or restrict, users from ever accessing a list of websites that are deemed dangerous.³
Monitoring incoming and outgoing traffic is one of the main jobs of a firewall. Each and every data packet is scanned and checked against the configured ruleset of the firewall. Every network, depending on their security needs, will configure their ruleset differently. A firewall can be configured to notify you if unusual activity occurs on your network.³
Limiting the amount of bandwidth used for certain applications or services on the internet is also something a firewall can do.³ With this, you can prioritize critical business services, control costs, prevent network congestion, and increase security (preventative against DDoS attacks).
Having a firewall installed on a VPN server will only allow VPN-specific data packets to enter and exit the network. This is especially helpful as it blocks unauthorized users from accessing the VPN network.³ This provides enhanced security, traffic filtering, access control, logging and monitoring, and in some cases regulatory compliance.
Types of Firewalls
Firewalls are often categorized by the system they protect, form factor, placement within network infrastructure, and data filtering methods. This means that different types of firewalls perform distinct functions.⁴
Firewall Types by Systems Protected
Network Firewall
A network firewall is set between a trusted internal network and an untrusted external network. Its primary role is to monitor, control, and validate incoming and outgoing traffic based on a preconfigured ruleset. This prevents unauthorized access and maintains network integrity. It compares packet attributes (source and destination IP address, protocols, port numbers, etc.) to block potential threats or undesired data flow. This ensures comprehensive traffic screening and logging for later analysis (if necessary).⁴
Host-based Firewall
A host-based firewall is software that operates on a single device within a network. It is installed on that device, offering a focused layer of protection. It examines incoming and outgoing traffic on that specific device, which filters out harmful content and ensures malware, viruses, or other malicious activity don’t find their way onto the system. Host-based firewalls complement perimeter-based solutions, which secure the network’s boundaries. That is to say if a threat goes through a network perimeter, a host-based firewall can act as an added layer of security to shield itself from the threat.⁴
Firewall Types by Form Factors
Hardware Firewall
A hardware firewall is a physical device that is placed between a network and the unsecured internet. It operates independently of the host device while examining incoming and outgoing traffic based on the preconfigured ruleset. Once the hardware firewall is in place, all traffic (inbound and outbound) must go through this device, where it inspects each data packet and makes decisions on what to allow through.⁴
Software Firewall
A software firewall is an application, or software, that can be deployed on servers or virtual machines to secure cloud environments. This type of firewall is designed to protect sensitive data, workloads, and applications in environments where it would be difficult or impossible to set up a hardware firewall. Software firewalls use the same type of technology as hardware firewalls, but they offer multiple deployment options to match the needs of a hybrid/multi-cloud environment.⁴
There are also several types of software firewalls which include container firewalls, virtual firewalls, cloud firewalls, and managed service firewalls.⁴
Container firewalls are a type of next-generation firewall that are built for Kubernetes (open source platform to automate deployment, scaling and management of containerized applications) environments.⁴
Virtual firewalls are virtual instances of next-generation firewalls as they are used in virtual and cloud environments to secure east-west and north-south traffic. North-south traffic refers to perimeter network traffic in public cloud environments, and east-west traffic refers to traffic inside physical data centers and branches.⁴
Cloud firewalls are very similar to virtual firewalls (sometimes interchangeable), as they are software-based mechanisms anchored in the cloud that are responsible primarily for finding malicious network traffic. These firewalls are situated in the cloud and offered by security providers with their capabilities directly furnished by cloud hyperscalers or appliances guarding applications within public clouds.⁴
Managed service firewalls are simply software firewalls that are managed by an external party, similar to software-as-a-service (SaaS) applications. These firewalls provide flexible ways to deploy application-level security without the need for management oversight.⁴
Firewall Types by Placement within Network Infrastructure
Internal Firewall
An internal firewall functions within a network’s boundaries and targets security threats that may have already penetrated the perimeter’s defense. Internal firewalls focus on traffic between devices within the network, as threats don’t always come from outside (the internet). This type of firewall operates under the principle of Zero Trust, which means it doesn’t trust any activity by default. By segmenting the network into distinct zones with specific security criteria, this firewall ensures potential threats don’t spread unchecked across the entire network.⁴
Distributed Firewall
A distributed firewall, unlike a traditional firewall, is a network security mechanism that safeguards an organization's entire infrastructure. This firewall uses the capabilities of multiple devices to monitor and regulate traffic, which ensures comprehensive protection. It can also monitor both internal and external traffic and is highly scalable and efficient by using decentralization, which is why its protection is more comprehensive than a traditional firewall’s.⁴
Perimeter Firewall
A perimeter firewall establishes a boundary between a private and public network and functions as the primary defense in that private network as it inspects every piece of data that passes through it. It’s most important role is to differentiate and either allow or reject traffic based on a preconfigured ruleset. How effective a perimeter firewall is, is based on its ability to recognize and discern the nature of the data/traffic flowing through it. It examines header information and the payload of each packet to determine its intent. This firewall can monitor internal and external traffic and next-generation firewalls have increased its capabilities, which include deep packet inspection and intrusion detection/prevention mechanisms.⁴
Firewalls Types by Data Filtering Method
Next-Generation Firewall
A next-generation firewall (NGFW) adds enhanced features to understand and control application traffic, integrate intrusion prevention mechanisms, and utilize cloud-sourced threat intelligence. This allows for a more precise and comprehensive inspect of data packets. NGFWs are also great at addressed malware threats and sophisticated application-layer attacks through their deep inspection processes and play a pivotal role in modern cybersecurity defenses.⁴
Packet Filtering Firewall
A packet filtering firewall operates on the network layer and is responsible for regulating the flow of data packets between networks. It uses preconfigured rule sets to inspect source IP, destination IP, ports, and protocols of traffic, which help determine which packet data to allow to pass through or to reject.⁴
Web Application Firewall
A web application firewall (WAF) provides a specialized layer of protection for web applications, web servers, and application program interfaces (APIs). It examines and filters HTTP traffic, which safeguards against threats like cross-site scripting (XSS), SQL injection, and file inclusion. WAFs operate at layer 7 and specifically target application-level threats. WAFs work as reverse proxies as they are positioned in front of web applications, which means they intercept and inspect requests bound for the web app. Their effectiveness comes from having a secure set of rules established, but also allowing for these rules to be updated to best fit any new threats.⁴
Proxy Firewall
Stateful Inspection Firewall
A stateful inspection firewall are essential in active network connection monitoring by tracking connections, analyzing context of inbound/outbound traffic, and ensuring only safe data packets can go through the network. Its primary function is to filter traffic based on its state and context. It scrutinizes the contents of each data packet to determine if it matches the attributes of previously recognized safe connections. A practical use of its ability is its interaction with TCPs three-way handshake to establish connections as it examines packet contents during the handshake process. If there are any red flags, the data will be discarded.⁴
Recommendations for Firewalls based on User Type
There are many kinds of users and each require a different amount of security based on their needs. Here are some recommendations based on user type and why they might be a good choice.
User Type: Home users
Recommend Firewall Type: Software Firewall
Why: Software firewalls are easy to install and manage on individual PCs and offer sufficient protection for the typical activities of home users, such as browsing the internet and accessing email. They also provide personalized security settings and are often included with antivirus packages.
User Type: Power users
Recommend Firewall Type: Stateful Inspection Firewall
Why: Stateful inspection firewalls monitor all aspects of firewall-protected network traffic streams and are capable of understand the state of network connections, which make them well suited for power users.
User Type: Enterprise users
Recommend Firewall Type: Next-Generation Firewall
Why: NGFWs are suitable for enterprises due to their ability to filter traffic not only by IP addresses and ports but also by application type, along with advanced capabilities like intrusion prevention and threat intelligence. They cater to complex security needs and high traffic volumes that are typical in large organizations.
User Type: IT and Network Administrators
Recommend Firewall Type: Hardware Firewall
Why: Hardware firewalls provide robust protection at the perimeter of a network and can manage the overall security of complex infrastructures, which is essential for IT and network administrators overseeing large-scale corporate networks.
User Type: Academic users
Recommend Firewall Type: Network Firewall
Why: Network firewalls are capable of handling substantial amounts of traffic and can enforce policies across a large institution. They are effective for schools and universities that need to manage network access and protect against external threats while supporting multiple users.
User Type: Creative professionals
Recommend Firewall Type: Internal Firewall
Why: Internal firewalls are useful for creative professionals who work within corporate environments or collaborate extensively online. These firewalls help protect sensitive creative content from internal threats and manage network traffic to prioritize bandwidth-intensive applications like video editing software.
Final Thoughts
While I have made recommendations for each type of firewall that a specific user can benefit from, it is always recommend to add layered security on any system. This means you should not just have a firewall protecting your system, but you should also consider including anti-virus/anti-malware software, intrusion detection systems (IDS), intrusion prevention systems (IPS), multi-factor authentication (MFA), virtual private networks (VPNs), endpoint security, physical security, and patch management to help create a robust defense-in-depth system. Even if one layer is compromised, the more layers you have to work with, the less risk you take on.
If you found this article useful or helpful in anyway, I would sincerely appreciate you sharing this information as it helps me stay motivated to make quality content as a writer, and it helps spread awareness to the cybersecurity community. Thank you for reading, and keep learning every day!
Connect with Me on LinkedIn
I am always looking to expand my network in the cybersecurity community, so add me on LinkedIn, and let’s chat!
Buy Me a Coffee
If you appreciated the article or learned something valuable, consider buying me a coffee via the button below. Supporting me helps me stay motivated to write great educational content for everyone. No pressure, but I sincerely thank everyone that helps out. If you have any topics you would like covered, write them in a note, and I will write an insightful article for you.
References
(1) Cybersecurity & Infrastructure Security Agency. (2023, February 23). Understanding Firewalls for Home and Small Office Use. https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
(2) Username: Jack. (2014, November 14). Media from What Is a Firewall?. TunnelsUP. https://www.tunnelsup.com/what-is-a-firewall/
(3) Pais, Nancy. (n.d.). How Does A Firewall Protect Data?. 31West. Retrieved on 5/23/2024 from https://31west.net/blog/how-does-a-firewall-protect-data/
(4) PaloAlto Networks. (n.d.). Types of Firewalls Defined and Explained. Retrieved on 5/23/2024 from https://www.paloaltonetworks.com/cyberpedia/types-of-firewalls
