Whether it is a small home network or a large-scale IT infrastructure, one of the key components in network keeping sensitive data safe is the firewall. A firewall is the first line of defense against cyber threats which oversees the traffic to keep the network safe. From blocking malicious attacks to preventing unauthorized access, firewalls play a vital role in maintaining and upholding the CIA(Confidentiality, Integrity, accessibility) triad. In this blog, we’ll explore what firewalls are, the need for them, types, and more.

Understanding Firewalls

A firewall is a system that monitors and controls the flow of network traffic based on the protocols. In simple, the firewall acts as a guard by monitoring the flow of information throughout the network. Firewalls can be either hardware or software or a combination of both, and they work by analyzing the packet header, which contains the sender’s IP address, destination IP address, port number, and protocol. Based on the rules set by the network administrator, firewalls can allow or deny the passage of these packets.

Need for Firewalls

Firewall acts as the first line of defense against various network attacks, such as malware,denial-of-service (DoS) attacks, data exfiltration, etc. Without a firewall, organization’s network is vulnerable to a wide range of cyber threats that can comprise sensitive data, disrupt businesses, and cause massive havoc.

Here are some key reasons why firewalls are a key component of network security:

Traffic filtering: One of the primary reasons for using firewalls is to filter and analyze traffic based on the rules and security policies. Firewalls ensure that only authorized traffic is allowed and the rest(harmful or unauthorized) to be blocked.

Protection against cyber threats: Firewalls can be configured to block certain malicious IPs or sources to protect the network from malware, viruses, worms, etc.

Regulatory Compliance: Many sectors have specific regulatory requirements around data security. Firewalls are part of the strategy to achieve compliance.

Types of Firewall

Firewalls can be classified into different types based on their methods of filtering, deployment, and level of security.

1. Packet-Filtering Firewall

Packet-filtering firewalls, also known as stateless inspection firewalls, are the oldest form of firewall technology. These firewalls operate at the network layer and offer basic filtering by checking all the data packet headers for information such as Source IP, destination IP, and port number. The firewall then compares this to the predefined protocol to determine whether the data packet should be allowed or blocked. The protocols are designed manually based on the access control list.

In simple, packet filtering firewalls try to get details on where the data packets are from and where it intended to go.

Pros

  • Simple and efficient as they only inspect packet headers.
  • Easy to configure and implement.

Cons

  • Previously accepted connections are not saved, so each connection must be approved each time a data packet is sent.
  • Difficult to design protocol for larger networks.
  • Limited protection as it can’t read application protocol. 
  • Can be bypassed by attackers using IP spoofing.

2.Stateful Inspection firewall

Stateful inspection firewalls are updated and advanced versions of packet-filtering firewalls. These operate on the transport layer normally but the latest version can monitor up to the application layer. A stateful inspection firewall examines packet headers along can track and maintain the table of active connections. With the help of a table, firewalls can determine if an incoming data packet is an established or unauthorized request.

Pros

  • Can handle complex protocols like FTP(File Transfer Protocol) and VoIP(Voice Over Internet Protocol).
  • Provides more security compared to packet-filtering firewalls.

Cons

  • Doesn’t inspect packets, so sometimes malware or unauthorized requests bypass the firewall.

3.Proxy Firewalls

A proxy firewall is an intermediate between clients and servers. Whenever a client makes a connection, the proxy firewall intercepts that request and packets then fetches the data from the internet and sends it back to the client. This will prevent the direct connection between the client and the server. In simple, Proxy Firewalls look and inspect the incoming data. If the threat is detected, the data is not allowed to pass, and vice versa.

Pros

  • Filtering is based on application-level data.
  • Internal network details are not exposed to third-party vendors or clients.
  • Can filter data based on specific protocols.

Cons

  • Sometimes, proxy firewalls can cause functional delays.
  • May introduce latency as it inspects every data and reroutes it.
  • Need more resources to handle high traffic.

4.Next-Generation Firewalls(NGFW)

Next-generation firewalls are the modern firewalls built to prevent sophisticated cyberattacks and eavesdropping in the network. It works similarly to traditional firewalls but it has advanced features such as application awareness, deep packet inspection, sandboxing, etc. These firewalls can enforce rules based on computer use, user details, etc.

Pros

  • Offer granular level control over applications and users.
  • Can be integrated with real-time threat intelligence feeds.
  • Offers VPN support, malware filtering, sandboxing, etc
Cons
  • Costlier compared to traditional firewalls.
  • More complex and harder to configure.

Best Practices for Configuring a Firewall

Firewalls are very powerful and a key component in network security. To achieve their full potential, it must be well-configured and maintained. Here are some best practices for getting the full potential from a firewall:

  • Update firewall rules up to date based on threat intelligence and assessments specific to the organization’s sector. Outdated protocols like telenet can be an entry point for threat actors.
  • Design firewall rules based on the least-privilege model i.e. allowing access only to the minimum set of resources and services needed. For example, if a company is using a database server to store sensitive data, a firewall rule should permit access to that database only from specific IPs or ranges.
  • Many firewalls come with default credentials and usernames and can be easily exploited by hackers, so always change these to unique credentials after installation. Disable unnecessary features to reduce the attack surface.
  • Enable deep packet inspection(DPI) in the firewall to detect the threats that might not be visible through header inspection. A firewall with DPI can alert the administrator when an attacker sends malicious code through an HTTP request.
  • Use firewalls to segment different areas of a network like separating networks from public-facing services like web servers.
  • Whenever a new application is introduced, firewall rules should be reviewed and updated to avoid creating false alerts.

Conclusion

Firewalls play an important role in a multi-layered defense strategy. By acting as gatekeepers to networks, firewalls can prevent unauthorized access and protect sensitive data from falling into the cybercriminals. Whether you’re a home user looking to secure your home network or an enterprise network administrator tasked with protecting critical infrastructure, understanding how firewalls and configuring them based on the best practices can safeguard the network from cyberthreats.

Related Reading: How to Perform a Comprehensive Network Security Audit