Firewall security remains one of the most recognizable and understood forms of network security used in computing today. Every home computer and office system has firewalls in place to help stop the spread of problems such as viruses and more.
The term ‘firewall’ originated in construction for large, multi-unit buildings. A sturdy, fire-resistant wall stood between different sections of each floor. That way, if a fire started on one side of the building, it would not spread to the other side. In essence, it separated safe spaces from dangerous ones.
A computer or network firewall does essentially the same job. It keeps anything dangerous away from other unaffected parts of the system. Now more than ever before, this type of protection represents an essential tool in the fight against cybercrime. As all types increase globally, both businesses and individuals who rely on their networks and computers need additional assurances that everything will keep functioning as intended.
Before exploring how firewalls function, it makes sense to dive into what they really are. After all, networks do not have physical walls just like apartment buildings or office parks.
What Is a Firewall?
The most basic definition of a firewall describes it as a type of network security that keeps track of all of the traffic coming in and going out. Each different one operates based on shared or unique rules that tell the system whether the traffic is acceptable or harmful. These rules continuously check everything in real-time to help prevent any of the harmful things from getting through.
The traffic described in the basic definition comes from a variety of sources. Of course, whenever an individual uses a computer attached to a network, their activities represent one part of this traffic. At home or in the workplace, people who are allowed on the system represent safe and acceptable access.
The rules that govern the safety system are designed to weed out potentially dangerous threats. These frequently come from the Internet or other outside sources trying to gain access to the network. Some are passive threats like viruses while others can be active like hacking attempts. No matter what they are, preventing them from getting in is of the utmost importance.
After its use in the construction industry was well-established, computer experts began to use the firewall term as early as the 1980s. At this time, the Internet barely existed and cybercrime was nowhere near the threat it is today. As time, technology, and threat levels increased, so too did the complexity of the firewalls themselves.
The historical growth of firewalls in computing and network security that included:
- Simple routers that separated one network from another
- Packet filters that used basic rules to allow or discard types of traffic
- Stateful filters that filter traffic and remembered historical transfer relationships
- Application layers that added in support for things like FTP, DNS, and HTTP
The capabilities of particular firewall types and versions grew in response to emerging technologies on the Internet for the most part. Whenever connectivity increases, so too does the opportunity for cybercriminals to attempt their nefarious activities.
How Does a Firewall Work?
Firewalls do not necessarily exist as physical components in a computer or a network. Instead, they are bundles of rules designed to stop different packets of information or actions from accessing the system. They are monitors or gatekeepers that check all communication and transfers between computers in a network or from the outside world. They are especially important for transfers over the Internet, although they do work with intranet and other connected networks as well.
Physical firewalls still use rules to filter out packets but do exist as actual devices. One of the examples of this is a router. Software-based firewalls are more common for individual computer users and smaller business networks. These applications could exist as commercial antivirus programs or something more specific to the system itself.
For maximum protection, the program has to run continuously to check absolutely everything that goes in and comes out of the computer or network. Their job is to allow appropriate contact and stop anything that could cause a problem. As anyone who has used a computer with an antivirus or similar program on it, they need to be updated to match the dynamic nature of the cybercrime world.
Types of Firewalls
In order to help ensure network security as much as possible, five different types of firewalls exist. These exist, however, in two different categories. Some firewalls are network-based while others are host-based. Before delving into the specific types, it is important to understand what these two things mean.
Network-based firewalls exist inside an existing network. In this way, they are most like the physical walls within a building designed to actually stop fire. Any computer on a LAN or WAN system, or internal intranets used by companies, organizations, or even schools would have this type of security built in. This helps to protect an entire system from external threats.
Host-based firewalls run on the individual computers themselves. When these connect to a network, they may spread a virus or similar problem to others. This type of firewall helps to ensure that if something does invade from the outside, it does not spread to other computers. These allow for custom configuration for each individual machine.
Besides these basic designations, the five firewall types include various levels of security and functionality that suit particular applications in the real world.
1 – Packet Filtering
This most basic type of network security monitors incoming and outgoing web traffic and allows appropriate contact based on IP addresses, ports, or specific identifying protocol. This generally allows all Internet traffic from entering the system, which can leave it open to vulnerabilities. Additional protection is necessary to make sure that no viruses or hacking attempts get through.
This version of protection also has trouble figuring out whether a file or connection is what it says it is or not. Some dangerous attacks masquerade as legitimate packets, and this firewall type cannot tell the difference.
2 – Stateful
Adding on to the basic protection of packet filtering firewalls, this one also blocks new connections that have not already been allowed into the network. In other words, it remembers what the computer connected with previously and only allows those to happen again. This does offer additional protection is the communication is limited to certain methods or ports. However, this type still finds it impossible to determine if something coming in from those allowed connections is good or bad.
3 – Deep Packet Inspection
Now the security features get more sophisticated. At this level, a firewall exists as something that can also be called intrusion prevention. Instead of simply letting things in and out based on where they come from, this version actually inspects certain layers of every packet that is transferred. How deep it goes depends on the power of the system, the firewall itself, available bandwidth, and the rules governing its actions. Therefore, it does block more potentially dangerous things but can still fall short of complete protection.
4 – Application Aware
The additional flexibility of this type of firewall system allows for extra security based on certain protocols and rules that are used to examine every packet transferred. The actual power of the protection depends on the particular protocols in place. Most will weed out the obvious or expected hacking attempts and dangerous transfers but may still miss some issues. However, application aware setups do not have the shortcomings that the other three versions have that art explained above.
5 – Application Proxy
Every single bit of traffic that comes from the Internet, through HTTP, and other sources gets filtered through an application proxy firewall. This is frequently considered another form of intrusion prevention, and is generally thought to be quite strong and effective. Unlike more comprehensive versions that look at all parts of the computer and sources of packet transfers, this type exists only in one particular application. For example, email service and web traffic would require different setups. One drawback of this type stems from its strength. It is more likely to return false positives than the other types of firewall security.
The technology behind this type of security evolves all the time. Next-generation firewalls used today combine multiple methods for protecting a computer or network. They have the power to inspect deep into packets, examine problems disguised as safe information, and efficiently block dangerous data and connections.
In the end, firewalls provide a very real and important service to both individual and networked computers. They exist as both physical and software-based things that use detailed rules and protocols to stop potentially dangerous incoming packets. Just like builders construct physical walls for safety in large buildings, network security specialists prevent the same type of spread of danger through computer networks.