Skip to main content

What is a Firewall?

What is a Firewall ?


A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.


How does a firewall work?

Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices. 

Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people (source addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports).


Types of firewalls

Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway.

Packet-filtering firewalls, the most common type of firewall, examine packets and prohibit them from passing through if they don’t match an established security rule set. This type of firewall checks the packet’s source and destination IP addresses. If packets match those of an “allowed” rule on the firewall, then it is trusted to enter the network.

Packet-filtering firewalls are divided into two categories: stateful and stateless. Stateless firewalls examine packets independently of one another and lack context, making them easy targets for hackers. In contrast, stateful firewalls remember information about previously passed packets and are considered much more secure.

While packet-filtering firewalls can be effective, they ultimately provide very basic protection and can be very limited—for example, they can't determine if the contents of the request that's being sent will adversely affect the application it's reaching. If a malicious request that was allowed from a trusted source address would result in, say, the deletion of a database, the firewall would have no way of knowing that. Next-generation firewalls and proxy firewalls are more equipped to detect such threats.



Proxy firewall

An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.

Stateful inspection firewall

Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.

Unified threat management (UTM) firewall

A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.

Next-generation firewall (NGFW)

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.

A next-generation firewall must include:
  • Standard firewall capabilities like stateful inspection
  • Integrated intrusion prevention
  • Application awareness and control to see and block risky apps
  • Upgrade paths to include future information feeds
  • Techniques to address evolving security threats
While these capabilities are increasingly becoming the standard for most companies, NGFWs can do more.

Threat-focused NGFW

These firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation. With a threat-focused NGFW you can:
  • Know which assets are most at risk with complete context awareness
  • Quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically
  • Better detect evasive or suspicious activity with network and endpoint event correlation
  • Greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious activity and behavior even after initial inspection
  • Ease administration and reduce complexity with unified policies that protect across the entire attack continuum

Comments

Post a Comment

Popular posts from this blog

Mail Flow Topology

It is important to understand the entire mail flow from sender to receiver. It helps to understand the entire mechanics and workings of all the several components that exists in the mail flow topology. The understanding of this will help you to troubleshoot why some email cannot be send or why you cannot receive certain emails. A - User compose a  email using Mail Client. The email is sent from mail client to mail server via SMTP, MAPI or ActiveSync. The Mailbox maintain constant connectivity B - Mail Server check for outgoing mail security rules/policies C - If YES, then check for Internal Mailbox D - Deliver to Mailboxes E - If uncached or new MX Domain record, then query MX from DNS Server F - Sender Mail to Receiver Mail Server via SMTP (25, 2525) or SMTPS (465) or SMTP/TLS (587) G - Received Mail Server check SPF records H - Mail Server check for incoming mail security rules/policies I - Mail Server check for valid user mailbox J - Mail Server deliver to User mailbox
Post a Comment
Read more

How to have the Best Video Conference Meeting Experience?

Better Video/Audio  Good WebCam -  Logitech FHD WebCam , Microsoft LifeCam, Razer Kiyo Good Microphone - Blue Yeti, Samson Go, Razer   Good Headset -  Logitech ,  Plantronics ,  Jabra Good Speakerphone - Jabra , Logitech , Poly (Plantronics) , Yealink Better Position Realign eye level to webcam Better Lighting  Avoid any light source like windows or lamp behind you Observe 3 point Lighting Enable FHD  In Zoom https://support.zoom.us/hc/en-us/articles/207347086-Group-HD Need Business, Enterprise and Education (Pro version can support HD 720p only) Run on i7 processor notebook Enable Group HD Select Full HD (1080P) Need at least  Receiving (Download) 2.5 Mbps   Sending (Upload) 3Mbps  Check here https://www.speedtest.sg In Microsoft Teams Default is FHD 1080p IT Support, IT Company, IT Services Win-Pro Singapore IT Support, IT Company, IT Services Win-Pro Malaysia
Post a Comment
Read more

Free Online Security Tools

Have I Been Pawned?   Check whether your email address that has been compromised in a data breach AbuseIPDB : Provides reputation data about the IP address or hostname BrightCloud URL/IP Lookup : Presents historical reputation data about the website Desenmascara.me : Flags websites suspected of selling counterfeit products FortiGuard lookup : Displays the URL’s history and category Google Safe Browsing : Look up the website’s current status hashdd : Provides historical data about IPs, URLs, etc. IBM X-Force Exchange : Provides historical data about IPs, URLs, etc. Joe Sandbox URL Analyzer : Examines the URL in real time Is It Hacked : Performs several checks in real time and consults some blacklists IsItPhishing : Assesses the specified URL in real-time Kaspersky Threat Intel Portal : Looks up the IP, URL, or domain in a blacklist Norton Safe Web : Presents historical reputation data about the website Palo Alto Networks URL Filtering : Looks up the URL in a blacklist Phis
Post a Comment
Read more