The term firewall was initially used to describe the process of filtering out unwanted network traffic. The idea was to insert a type of filter between the apparently safe internal network and any traffic entering or leaving from that network’s connection to the broader internet. They can be implemented using both hardware and software, and are used to prevent unauthorized access to or from a network. They are essential as they provide a single block point, an accurate analogy for firewalls is a bouncer or a doorman, as they stand at the entrance of networks, applications and, other resources checking and validating incoming (and outgoing) data traffic, and deciding what to let through the entrance and what to reject.
Over the years, firewalls have evolved significantly to the point where no discussion of network security can take place without at least mentioning firewalls. All businesses use them as an extra layer of security to safeguard their company from cyber attacks. Any IT security enthusiast or pro must be aware of the different kinds of firewall architectures used today, such as packet filtering firewalls, circuit level gateways and, UTM firewalls.
Packet filtering firewalls
These are traditional network firewalls that provide essential network protection by shielding the internal network from the external threats. They work by applying a set of network firewall security rules, typically known as Access Control Lists (ACLs) to decide whether to allow or deny access to the network. Each packet received is taken apart and the header is compared to certain established criteria such as source and destination IP addresses, port number, packet type, etc. If the packet does not pass the inspection, it is dropped and the logs are updated about the same.
They are implemented on the Network Layer of the OSI model and their biggest advantage is that they tend to be very fast and almost transparent to the users. Packet firewalls can be built at a low cost and are best suited for smaller networks. However, they are easy to bypass if a firewall is configured with outdated rules, the packet headers can be manipulated by hackers into looking harmless.
Circuit level gateways work at the Session layer of the OSI model that provides a standard UDP and TCP security connection. They work by verifying the Transmission Control Protocol(TCP) handshake, this is a quick and easy method to accept or deny traffic without consuming significant computing resources. It works between the internal user and proxy server to swiftly recognise malicious content by monitoring these handshakes across the network. If the session initiated is deemed legitimate, only then is the remote host trusted. The disadvantage of these firewalls is they don’t check the content of the packets, thus once a connection is established, user may access an unsafe site or file which would compromise the network.
Commonly known as the proxy firewall, this firewall operates at the Application layer by combining the attributes of both packet filtering firewalls and circuit-level gateways. This firewall first establishes a connection to the source of the traffic and scans all the way through the application layer when inspecting the incoming data packet. The verification is much more thorough here as they verify the TCP handshake protocol as well as the contents of the packets. Another advantage is that they have their own IP address, hence can prevent direct contact to any other networks. Firewalls working at the application level provide additional anonymity & data security and have advanced logging & inspection abilities, but they adversely affect the network performance due to the extra steps in the data packet verification process.
Unified Threat Management Firewalls are one step ahead of the traditional firewall architectures as they provide additional security programs in their design and incorporate them in the form of a small box that plugs into the network. These products are pretty valuable to small or medium-sized enterprises that do not have dedicated security staff and lack the skills needed to configure point solutions. Other than a traditional firewall, the extra features typically included with a UTM are an intrusion detection system, anti-malware software, anti-virus, internet gateway security, VPN and, DOS/DDOS protection. Basically, a UTM device combines multiple functions that are traditionally handled by separate devices/systems thus offering centralized management through a single console. The main attraction is the ease of deployment & integration capabilities without altering the performance of the network. Although this is a platform that provides fully integrated security and networking functions, in retrospect, they may not provide the same level of protection as a combination of single-function products. Another disadvantage is that the company may be heavily dependent on the UTM alone and its failure could have a catastrophic effect on company security, essentially shutting them down.
- Firewalls must be checked and their configuration settings must be updated periodically.
- While choosing a firewall, companies are advised to have multiple layers of firewalls in order to provide better protection. This will help in making a network tougher to crack by creating an in-depth defence that isolates different assets so that the attackers need to do extra work in order to reach all the sensitive information.
- Use firewalls with deep packet inspection. Some firewalls check the contents of data packets to make sure they don’t contain any malware and are safe to let through the network
While firewalls help a lot in preventing cyber attacks, one shouldn’t rely on just firewalls. One still needs to exercise good cybersecurity practices such as using anti-virus and strong passwords in order to minimize exposure to risk.