What is a Firewall

A firewall is a security device, either computer hardware or software, which is designed to help to protect your network by filtering traffic and stopping unauthorised users from outside your organisation gaining access to your systems and private data held on your computers. 

As well as blocking unwanted or unauthorised traffic, a firewall also helps guard against malicious attacks that can infect your IT systems or individual computers. It monitors incoming and outgoing network traffic and permits or blocks data packets according to a specific set of security rules. 

They are vital because, even if a network service is set up to not allow malicious invasions from the internet, it is possible that the service itself has a security flaw and a specifically designed request might allow an attacker to infect your computers or systems. A firewall can stop this by getting in the way, preventing incoming connections from even reaching these potentially vulnerable services. 

How Does a Firewall Work? 

To provide IT system security, a firewall examines incoming data at a computer’s entry point, called a port, which is where information is exchanged with external devices. All ports have a number that is used to identify a specific process to which an internet or other network message is to be forwarded when it arrives at a server.  

Network firewalls secure traffic functions in two directions across networks. Although these firewalls mainly come in the form of hardware appliances, businesses are increasingly using virtual appliance firewalls, cloud-native firewalls from infrastructure as a service (IaaS) providers, and firewall as a service (FWaaS) offerings hosted directly by specialised vendors. Capabilities of network firewalls include: application awareness and control, intrusion detection and prevention, advanced malware detection and logging and reporting. 

All network-connected devices come equipped with standardised ports that have an assigned number reserved for certain protocols and their associated function. Port numbers are part of the addressing information that helps to identify senders and receivers of information and a particular application on the devices. 

An IP address, meanwhile, is used to identify a device on the network. Any device connected to the internet is assigned a unique IP address for identification. This lets devices communicate across the internet. 

IP addresses can be thought of as houses, and port numbers as rooms within the house. Only trusted people, in other words source addresses, are allowed to enter the house, ie the destination address, at all. They are further filtered so that people within the house are only allowed to enter certain rooms, the technical term is destination ports, depending on if they are the owner or a guest. The owner is allowed to enter any room, in other words any port, while guests are only allowed into certain rooms, or specific ports. 

What Does a Firewall do? 

It is a straightforward question but the answer is very complex and usually depends on where it is situated, be that geographically or within a system, and what it is supposed to protect. While all firewalls are designed to keep your computer or network safe, there are several different types. 

Firewalls can provide a range of levels of protection and the key is to work out how much protection you need and, while they can either be software or hardware, it is probably advisable to have both. 

Software vs hardware Firewall  

A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway. 

Packet Filtering Firewall 

Packet-filtering firewalls, either hardware or software, are the most common type of firewalls. These examine packets and prohibit them from passing through if they don’t match an established set of security rules. This type of firewall checks the packet’s source and destination IP addresses. If packets match those of an “allowed” rule on the firewall, then it is trusted to enter the network. 

Packet-filtering firewalls come in two categories: stateful and stateless. Stateless firewalls look at packets independently of each other but without context, making them easier targets for hackers. In contrast, a stateful firewall remembers information about previously passed packets. These are considered more secure. 

While packet-filtering firewalls can be effective, they ultimately provide only basic protection and can be very limited.  

For example, they cannot tell if the contents of the request being sent will adversely affect the application it is going to reach. If a malicious request that was allowed from a trusted source address would result in, say, the deletion of a database, this type of firewall has no way of knowing that.  

However, next-generation firewalls and proxy firewalls are more equipped to detect such threats. 

Proxy Firewall 

A proxy firewall is a network security system designed to protect networks by filtering messages at the application layer level. A proxy firewall is also called an application firewall or gateway firewall. 

The technology is similar to traditional packet filtering firewalls, but proxy firewalls add an extra level of protection. A proxy firewall has its own Internet Protocol, or IP, address. This means an outside network connection cannot receive packets directly from the sending network. 

 A proxy firewall can also be referred to as a proxy server but, perhaps confusingly, not all proxy servers are proxy firewalls. A proxy server acts as an intermediary between clients and servers. It can cache webpages to reduce bandwidth demands, compress data, filter traffic and detect viruses. A proxy server can also be used to hide user information or to connect to services that would otherwise be blocked.  

On the other hand, a proxy firewall inspects all network traffic to detect potential threats and protect against them. It can also identify network intrusions and enforce security policies. 

A proxy firewall, is arguably the most effective solution and acts as a gateway between internal users and the internet. It can be installed on an organisation's network or on a remote server that is accessible by the internal network. It makes sure that only safe and valid data exists at the application level before allowing it to pass through. This is done via a set of application-specific policies that enable or block communications being sent to the application or those the application sends out.  

In contrast, a traditional firewall acts as a gateway between two networks. By blocking unwanted external traffic, a traditional firewall protects the computers and networks behind it from unauthorised access and attacks.  

Circuit Level Firewall 

A circuit level firewall, meanwhile, is positioned between the transport layer and the application layer of the TCP/Internet Protocol (TCP/IP) stack. TCP/IP is the world's most widely used non-proprietary protocol suite because it enables computers using diverse hardware and software platforms, on different types of networks, to communicate. 

In using a circuit level firewall, before information can be passed from one cyber entity to another, there needs to be what is referred to as a TCP handshake. A circuit level firewall examines the data that passes during this handshake looking for any p harmful data, which can then be discarded before it infects another computer or system.  

It does this without consuming a lot of time and resources, which makes circuit level gateways one of the more efficient firewall types by minimising the performance impact on your network.  
However, because these firewalls do not check the information packet or its contents, a packet that has the right TCP handshake, but also contained malware, could conceivably get through a circuit-level gateway. 

What is the Right Firewall For Me? 

It can be extremely difficult to choose what firewall is best for your business. Adding to that difficulty is the fact that many organisations have to use multiple firewalls to enable what is called a “defence in depth” strategy. The problem is, unless properly configured, using firewalls with conflicting rules can cause legitimate traffic to be dropped, resulting in the loss of potential business, poor network performance and inefficiency. 
 
We understand that protecting your network is essential to your business and your customers. We offer a wide range of network security to help you create a secure system that your company can rely on.