A firewall enhances network security by blocking or allowing outgoing and incoming traffic based on rule sets. The term “firewall” conjures up images of a walled city, which is an accurate comparison. Just as city walls prevented people from coming or going unless the guards let them in through a gate, firewalls act as the guarded gates of your network. Remember how the walls of Minas Tirith helped slow down the Orc onslaught during the Siege of Gondor? A firewall does the same with unauthorized network traffic.
We’ll walk you through the basics of firewalls, including how they work, what they protect against, what types are available, and how to choose the best option for your business.
How do firewalls work?
Firewalls analyze traffic based on a set of rules. Traffic that meets those guidelines is allowed past, while traffic that doesn’t is blocked. Most firewalls have a top-down processing model, meaning traffic starts at the first rule and flows down the list until it hits an approving or denying rule that matches it. Once it hits the rule, traffic can either be blocked, marked for logging and passed into the next rule, or just allowed in.
However, how a firewall filters traffic depends on its design. We’ll highlight some key differentiators.
Network firewalls vs. host-based firewalls: A network firewall acts as the first line of defense for all the computers in your network, regulating traffic before it reaches any individual machines. In contrast, a host-based firewall is a software installed on just one computer. Many operating systems, including recent versions of Windows, macOS, and some Linux distributions, come with firewall software.
Hardware firewalls vs. software firewalls: A hardware firewall is a physical device between the computer network and the internet, making it ideal for a larger company. Most routers also include basic built-in firewalls. Meanwhile, software firewalls are installed on each device and can control application behavior. In general, hardware firewalls are often synonymous with network firewalls, whereas software firewalls are frequently host-based.
Often, the best solution is to use both hardware and software firewalls. Hardware firewalls act as perimeter security, while software firewalls provide an extra line of defense.
What do firewalls protect computers from?
Firewalls protect computers from certain security risks by filtering out potentially harmful data and malicious traffic. Here are a few of the most common threats firewalls can help shield against:
Unauthorized access
First and foremost, network firewalls protect against unauthorized access. If an external threat actor enters your network, they could steal data, install malware, or engage in other nefarious activities.
Backdoors
Hackers often use backdoors to access your systems remotely and come and go as they please. These alternate entry points can allow intruders to bypass security measures undetected.
Denial of service (DoS)
DoS attacks inundate a server with connection requests, effectively flooding them with traffic until the server becomes sluggish or crashes.
Macros
Macros are scripts that automate processes. Should a hacker install macros that work within certain applications, they could launch a multistep process with a single command. A macro can be hidden in data that appears harmless, but some firewalls detect malicious macros when examining a data packet.
What are the different types of firewalls?
Different types of firewalls take unique approaches to controlling traffic. Companies often use multiple firewalls for more robust protection. Common varieties of firewalls include the following:
Packet-filtering firewalls
A packet-filtering firewall is the most traditional firewall, filtering traffic by header information from packets. Specifically, the firewall looks at the IP address and protocol and runs them against established rules to remove packets that appear consistent with identified threats.
Next-generation firewalls (NGFW)
A next-generation firewall examines the contents of the packet and identifies which program will receive it to determine whether it may be dangerous. Next-generation firewalls are better at detecting advanced threats, such as malware.
Proxy server firewalls
A proxy server firewall, also known as an application firewall, a gateway firewall, or a proxy firewall, acts as an intermediary to filter traffic at the application layer without a direct connection and packet transfer between the internal network and the internet.
Unified threat management (UTM) firewalls
UTM firewalls provide multiple security features in one device or service to reduce the need for as broad a range of separate solutions and interfaces. A UTM firewall may include virtual private network (VPN) services, intrusion prevention, spam filtering, website filtering, remote access, antivirus protection, and more.
Network address translation (NAT) firewalls
While sometimes classified as a separate type of firewall, most firewalls offer NAT services. NAT hides internal IP addresses and protects your network’s identity. Devices connected to your router locally do not communicate directly with web servers, and internet traffic can only pass through when a device on the private network requests it.
Stateful multilayer inspection (SMLI) firewalls
An SMLI firewall uses packet filtering to examine the seven layers of the Open System Interconnection (OSI) model:
The physical layer
The data link layer
The network layer
The transport layer
The session layer
The presentation layer
The application layer
An SMLI firewall examines both the packet headers and the packet data, incorporating context from previous packet transmissions for highly advanced firewall protection.
Virtual firewalls
A virtual firewall, also known as a cloud firewall or firewall-as-a-service (FWaaS), is a software-based solution that protects public or private virtual environments. They tend to be less expensive and easy to maintain, making them popular with small businesses.
Web application firewall (WAF)
A web application firewall protects a website from known exploits by monitoring the web requests coming into an application or website for SQL injection or other abuses. For example, if a threat actor sends a malformed HTML in a textbox, a WAF can detect and block it.
How does a VPN play into using a firewall?
A VPN and a firewall are separate network security tools that can be used together for greater protection. When it comes to cybersecurity, the old adage that more is better is often accurate.
By routing your network traffic through a remote server, a VPN hides your IP address to prevent potential adversaries from knowing your location. A VPN also encrypts your data so that it’s unreadable should someone intercept it. The combination of hiding your location and encrypting data creates a secure remote connection to the corporate server or another secure network, supporting a distributed workforce.
A firewall monitors network traffic in an attempt to block unauthorized access. A VPN hides your activity and location while allowing secure data transfer.
VPNs and firewalls are both powerful network security tools, but this is not an either-or option. For the best security posture, you need a VPN, firewall, and antivirus solution. However, some UTM firewalls incorporate all of these functions into a single device or service for easier management.
How do you choose a firewall for your company?
With so many firewalls on the market, selecting the right option for your company can be challenging. Luckily, you don’t have to settle on just one. Many businesses incorporate multiple firewalls for layered protection.
Before choosing your setup, you’ll need to consider your environment and needs and weigh them against a firewall’s features. We’ll highlight some key considerations.
Assess total users
Knowing how many users are likely to be on your network is critical. The more users, the better the firewall you’ll need. To protect your business, the firewall needs enough capacity to accommodate your users and sufficient RAM to process tasks. Smaller organizations may use a small office or home office (SOHO) firewall, but teams with over 50 people typically need an enterprise-level firewall.
Weigh remote work
With more and more employees working remotely, you’ll need to consider this factor when selecting a firewall. Next-generation firewalls remain popular, but businesses with a significant remote workforce may also need a virtual firewall.
Think about your security infrastructure
A firewall is just one part of your security infrastructure. You also need antivirus scanning, spam filtering, and other protections. If you do not have these essential components in place or lack the resources to manage a robust security infrastructure, you might prefer a UTM firewall.
Consider the features
Firewalls vary in their features. This is especially true with UTM firewalls, which are often packed with additional security options. More features may benefit your business, but if the solution has a lot of unnecessary components you won’t use, it can inflate the price without adding value. Some popular features of firewalls include:
Determine the right type of firewall
The right type of firewall depends largely on your business size and security needs. A small business in an industry without strong security regulations may get by with the firewall that comes with the operating system. Larger companies and those in highly regulated industries generally need more advanced solutions, such as a next-generation firewall and/or a UTM solution.
Pay attention to manageability and support
Before investing in a firewall, you should understand the level of work involved in configuring and maintaining it. If you plan on managing the firewall in-house, ensure your employees have the skills and time to do so. Otherwise, you might consider investing in managed firewall services.
Assess the cost
Whenever it comes to selecting the right technology solutions, budget is a major consideration. Since an effective firewall can prevent costly security breaches and support efficiency, the best option for your business may be worth it even if the upfront price seems high. With the average data breach costing $4.24 million, trying to save a few dollars now by choosing a lower-priced firewall could ultimately cost your business.