An individual working on a computer with the words, "What Is a Firewall?" By Sunny Lowe on July 28th, 2020 in Network Security

Technology has become a vital tool for many households and businesses across the world. From bloggers, YouTubers, retail, hospitals, and even government dealings, the World Wide Web and computers are no longer seen as a luxury but a must-have resource.

Unfortunately, with the introduction of the Web, businesses and households must protect themselves from the crafty and malicious intents of hackers, individuals who want sensitive information about you and your business. They continue to use tactics such as viruses, hacks, and ill-intending data to try to find information that they can use for their gain.

Thankfully, advancements in internet security like firewalls have equalized the battle to protect your vital information. This article tackles the question: what is a firewall and how does it work?

Firewall Defined

Firewall is the name of a network security device that is in charge of monitoring incoming and outgoing traffic. They function by permitting and blocking data packets based on a set of security standards. This effectively creates a barrier, hence the name firewall, between your internal network and the incoming traffic from the internet. By doing this, your firewall protects your internal network and computer from malicious traffic that may otherwise cause damage and result in stolen information.

How Does a Firewall Work?

Firewalls were designed to analyze thoroughly the incoming traffic based on pre-established standards, or rules, to better determine how to filter the traffic coming in from unsecured or suspicious sources on the web. This prevents attacks on your computer.

Firewalls guard your network entry point, where information is exchanged from internet sources to internal devices like your PC. Depending on the capability of the firewall, it analyzes the information coming into your network and applies rules, address translations, filters, sandboxes, and other solutions to allow only information that is safe to enter the network.

Network addresses are broken down into subaddresses, called Ports. These Ports are usually dedicated to a certain kind of traffic, like web or Email, and then it analyzes the data based on what is coming through that port. It only allows the ports you open up, then blocks the other ports, keeping you safer.

Types of Firewalls

There are many different types of firewalls but all of them can be sorted into two different categories: software or hardware.

  • Software firewalls are programs that have to be installed onto your computer and then oversee and regulate the traffic through the ports and specified applications on your PC. They are in the PC but lie between the PC and the rest of the world.

  • Hardware firewalls are physical pieces of equipment that are installed between your network and the Internet.

Both are effective and work well together. For the best protection of your network and computer, it is recommended that you have both.

Packet-Filtering Firewalls

Packet-filtering firewalls are the most common firewalls seen today but are really not considered sufficient anymore. They examine data packets as they come in. If a data packet is not meeting the security standards set in place, the data packet is prohibited from entering your network or computer by checking the packet’s source and destination IP addresses. There are two main types of packet-filtering firewalls: stateless firewalls and stateful firewalls.

Stateless firewalls examine the data packets independently from one another to determine which information can pass through and which ones should be turned away. However, this makes it easier for hackers to get around the firewall because the firewall doesn’t recognize threats as a whole. This can cause the firewall from noticing a larger threat since it is only looking at the smaller pieces.

Stateful firewalls continuously learn information about the data packets coming in. This helps them remember information about potentially harmful data making it more likely to catch an intruder than the stateless firewall.

Packet-filtering firewalls are effective against basic data hacks. However, its bare-bones protection will not be able to stand up against the more crafty viruses and hackers that are becoming more and more common. For example, because packet filtering firewalls only look at the IP addresses and not the data itself, it can miss vital signs of danger. If a packet of information comes in from a trusted source but the data is malicious, the packet-filtering firewall won’t be able to tell the difference and will let it in. This can lead to your computer being attacked by viruses and hackers, putting your business at risk.

Next-Generation or Unified Threat Management (UTM) Firewalls

Sunny Lowe looking at a computer monitorUTM’s combine the functions of the packet-filtering firewall with added security measures, such as Anti-Virus protection, Geo-filtration, Intrusion Prevention (IPS),  and even the ability to filter encrypted data. Instead of just focusing on the IP addresses of data packets, next-generation firewalls also make use of deep packet inspection (DPI). DPI provides the firewall with the ability to examine not only the IP address but also the data inside the packet itself. This makes it ten times more likely to catch, identify, and stop malicious data attacks.

Proxy Firewalls

Proxy firewalls are in charge of filtering the network traffic at the application level. The proxy is in charge of acting as an intermediary between the two systems sharing data. The client sending data to you must also send a request to the firewall. The proxy firewall then evaluates this request against the preset security standards and decides whether the request should be accepted or rejected.

Proxy firewalls are also in charge of monitoring traffic for layer 7 protocols such as HTTP and FTP. Both of these use stateful packet-filtering firewalls and DPI to better detect and stop malicious data packets.

Proxy firewalls are usually used in addition to filtering servers such as Proxy server and Reverse Proxy Servers to protect internal webservers from the threats on the Internet.

Network Address Translation Firewalls

Network address translation firewalls allow multiple devices with independent network addresses to connect to the same wifi using a single IP address. This allows the individual IP addresses to remain hidden from hackers who may be scanning networks to try and capture specific information. This makes it harder for hackers to attack computers using a single IP address.

These are very simplistic devices and are usually not much protection.

Stateful Multilayer Inspection Firewalls

Stateful multilayer inspection firewalls are in charge of littering packets at the network, transport, and application layers. They compare incoming data packets against known, trusted packets. The entire incoming data packet is inspected and must pass through three layers. If it fails even one, it is turned away.

Blue Jean Networks Is Your Trusted IT Team

When it comes to internet security and ensuring your business’s data is protected, there is no better team than Blue Jean Networks! You can trust our IT experts to be available to you when you need them. We provide around-the-clock monitoring, ensuring that your business is always up and running. Contact Blue Jean Networks today for more information on our outsourced IT services and find out why more and more businesses are turning to our experts.