Skip to main content

What is a Firewall?

What is a Firewall ?


A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.


How does a firewall work?

Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices. 

Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people (source addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports).


Types of firewalls

Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway.

Packet-filtering firewalls, the most common type of firewall, examine packets and prohibit them from passing through if they don’t match an established security rule set. This type of firewall checks the packet’s source and destination IP addresses. If packets match those of an “allowed” rule on the firewall, then it is trusted to enter the network.

Packet-filtering firewalls are divided into two categories: stateful and stateless. Stateless firewalls examine packets independently of one another and lack context, making them easy targets for hackers. In contrast, stateful firewalls remember information about previously passed packets and are considered much more secure.

While packet-filtering firewalls can be effective, they ultimately provide very basic protection and can be very limited—for example, they can't determine if the contents of the request that's being sent will adversely affect the application it's reaching. If a malicious request that was allowed from a trusted source address would result in, say, the deletion of a database, the firewall would have no way of knowing that. Next-generation firewalls and proxy firewalls are more equipped to detect such threats.



Proxy firewall

An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.

Stateful inspection firewall

Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.

Unified threat management (UTM) firewall

A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.

Next-generation firewall (NGFW)

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.

A next-generation firewall must include:
  • Standard firewall capabilities like stateful inspection
  • Integrated intrusion prevention
  • Application awareness and control to see and block risky apps
  • Upgrade paths to include future information feeds
  • Techniques to address evolving security threats
While these capabilities are increasingly becoming the standard for most companies, NGFWs can do more.

Threat-focused NGFW

These firewalls include all the capabilities of a traditional NGFW and also provide advanced threat detection and remediation. With a threat-focused NGFW you can:
  • Know which assets are most at risk with complete context awareness
  • Quickly react to attacks with intelligent security automation that sets policies and hardens your defenses dynamically
  • Better detect evasive or suspicious activity with network and endpoint event correlation
  • Greatly decrease the time from detection to cleanup with retrospective security that continuously monitors for suspicious activity and behavior even after initial inspection
  • Ease administration and reduce complexity with unified policies that protect across the entire attack continuum

Comments

Post a Comment

Popular posts from this blog

Mail Flow Topology

It is important to understand the entire mail flow from sender to receiver. It helps to understand the entire mechanics and workings of all the several components that exists in the mail flow topology. The understanding of this will help you to troubleshoot why some email cannot be send or why you cannot receive certain emails. A - User compose a  email using Mail Client. The email is sent from mail client to mail server via SMTP, MAPI or ActiveSync. The Mailbox maintain constant connectivity B - Mail Server check for outgoing mail security rules/policies C - If YES, then check for Internal Mailbox D - Deliver to Mailboxes E - If uncached or new MX Domain record, then query MX from DNS Server F - Sender Mail to Receiver Mail Server via SMTP (25, 2525) or SMTPS (465) or SMTP/TLS (587) G - Received Mail Server check SPF records H - Mail Server check for incoming mail security rules/policies I - Mail Server check for valid user mailbox J - Mail Server deliver to User mailbox
Post a Comment
Read more

To Phish or To Be Phished

What is Phishing? Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. What is Spear Phishing? Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons. This is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. The main difference betwen  Phishing  and  Spear Phishing , i
2 comments
Read more

Cloud Sync let you sync your Data from NAS to Cloud Storage

Cloud Sync let you sync your Data from NAS to Cloud Storage Cloud Sync  Cloud Sync integrates the advantages of public cloud and private cloud, enabling you to effortlessly connect your Synology NAS to public cloud services, such as Amazon Drive, BackBlaze B2, Dropbox, Google Cloud Storage, Microsoft Azure, OpenStack Swift, and more. Seamless synchronization between private and public clouds Cloud Sync enables you to seamlessly connect your local Synology NAS to public cloud services or on-premise storage through Amazon S3 API, OpenStack Swift, or WebDAV protocols. With Cloud Sync, you can enhance the collaboration when accessing between your local NAS and other remote cloud services, and can efficiently and easily back up data from or to public clouds. With Cloud Sync, you can seamlessly sync and share files among your Synology NAS and multiple public cloud services, including: Alibaba Cloud Object Storage Service (OSS) Amazon Drive (end of support as of November 1, 2020) Amazon S3 co
Post a Comment
Read more