How Does a Firewall Work?
How does a firewall work to protect your network? What type of firewall is the best choice for your cybersecurity needs?
In This Article:
Firewalls are the first line of defense in network security.
There are five main types of firewall architectures: packet-filtering, stateful inspection, circuit-level, application-level and next-generation.
It's important to choose a level of protection that meets all your needs.
The Importance of Firewalls
In the physical world, a firewall is a partition designed to inhibit or prevent the spread of fire. This physical barrier can greatly minimize the damage caused by the flames. But in the world of computing, how does a firewall work to protect your network?
In computer networking, a firewall is a software program or hardware appliance that is designed to prevent unauthorized access to or from a private network. This network security device monitors incoming and outgoing network traffic and decides whether this traffic needs to stop or go (be allowed or blocked) based on a set of security rules. Think of a firewall as a bouncer at a nightclub — the firewall is located at the entrance to corporate networks, applications, databases and other resources. The firewall (like a bouncer) scrutinizes the incoming (and outgoing) traffic to decide which packets of data get to pass through and which get rejected.
Firewalls are the first line of defense in network security as they establish a barrier between your secured and controlled internal network and untrusted outside networks, such as the internet. A firewall blocks unauthorized access while permitting outward communication. A firewall needs to be able to defend resources, validate access, manage and control network traffic, record and report on events and act as an intermediary.
Five Types of Firewalls
There are five main types of firewall architectures: packet-filtering, stateful inspection, circuit-level, application-level and next-generation. But which one is right for your business's cybersecurity needs?
Packet-filtering firewalls are the original and most basic type of firewall structure. They create a checkpoint at a traffic router or switch, performing a simple check of the data packets coming through the router, inspecting information such as the destination and origination IP address, packet type, port number and other surface-level information without opening the packet to inspect the contents further.
Packets that don't meet a set of established criteria are not forwarded and cease to exist. Packet-filtering firewalls are relatively simple and don't have a large impact on system perform because they aren't very resource-intensive. However, this means that they are easier to bypass compared to firewalls with more in-depth inspection capabilities.
Circuit-level gateways are another type of firewall that quickly approve or deny traffic without consuming significant computing resources. These firewalls monitor the transmission control protocol (TCP) handshakes across the network to determine if the session being initiated is legitimate and whether the remote system can be trusted.
While circuit-level gateways are not resource-intensive, just like packet-filtering firewalls, they are also easy to bypass. This firewall does not check the packet itself, so a packet containing malware can pass through if it had the right TCP handshake.
Stateful Inspection Firewalls
Stateful inspection firewalls combine the previous two architecture offerings into a greater level of protection than a packet-filtering firewall and circuit-level gateway could provide alone. This firewall examines each packet and verifies the TCP handshake — offering more security than the other firewalls but putting a greater strain on your computing resources.
Stateful inspection firewalls do exact a greater toll on network performance and could slow down the transfer of legitimate packets compared to other solutions.
Application-Level Gateways/Proxy Firewalls
Application-level gateways, also known as proxy firewalls, also combine elements of packet-filtering and TCP handshake verification. Proxy firewalls operate at the application layer, hence the name, to filter incoming traffic between your network and the traffic source. Packets are filtered not only according to the service for which they are intended but also by certain other characteristics.
This firewall looks at the packet and the TCP handshake protocol, but it goes a step further by performing deep-layer packet inspections that check the actual contents to verify that no malware is housed inside. Once everything checks out, the packet is sent on to its destination. This offers an extra layer of separation between the origination location of the packet and the individual devices on your network.
While providing considerable data security, proxy firewalls do dramatically affect network performance and create slowdown because of the extra steps in the process.
Next-generation firewalls are the hardest to define because they are still being configured. Most next-gen firewalls combine surface-level packet inspection, stateful inspection and deep packet inspection (checking the actual contents of the data packet). Some next-gen firewalls may include other technologies as well, such as intrusion prevention systems or artificial intelligence. Because there is no set definition of a next-gen firewall, it is important to verify the firewall's specific capabilities before investing in one.
Which Firewall is Right for Your Company?
With technology being an integral part of business, it is important to place security at the top of your list. Do you choose a firewall that provides simple protection but doesn't impact your network performance? Do you choose a firewall that provides deeper inspection and verification of data but costs more and has a high impact on performance?
The answer is that you choose what is right for your business, and that means creating multiple layers of protection and firewalls, both at the network and asset level. Additional firewalls make your network tougher to crack and add additional protection layers as you delve into the most important company assets and locations.
You should start the process with a security policy audit and assessment to identify what assets on your network need protection. You should also consider the capabilities of your network, the compliance requirements for your industry and the current resources you have in place to manage these firewalls.
Looking for a new firewall?
You May Also Like
A major regulation went into effect this year to govern how organizations that do business in the European Union handle data. Here's what you need to know.
A holistic assessment of threats and vulnerabilities helps an organization appropriately prioritize and mitigate its risks.