A firewall is a division between a private network and an outer network, often the internet, that manages traffic passing between the two networks. It’s implemented through either hardware or software. Firewalls allow, limit, and block network traffic based on preconfigured rules in the hardware or software, analyzing data packets that request entry to the network. In addition to limiting access to computers and networks, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins.
Firewalls are both networking and security technology. They are often considered the bare minimum and standard for network security. However, they are not the only measure an enterprise takes to secure their network. This firewall analysis describes both the benefits of firewalls and their weaknesses.
The term “firewall” initially referred to a physical protective barrier from actual fire, in a city, between buildings, or even in large transportation like trains. The term first appeared in the 1983 film War Games in reference to technology, before it was used on computer networks. Some researchers believe that’s where the networking term originated.
Firewalls began as a physical, hardware entry point to networks, blocking unauthorized traffic and permitting data packets that belonged. A firewall’s policy demarcated the rules by which it allowed or denied traffic. As cybersecurity threats developed in sophistication, firewalls shifted to more careful traffic monitoring. Now, some firewalls deny or allow entry requests based on previous network traffic patterns.
Hardware can be implemented as hardware, software, or both. While both are valuable, they serve different purposes.
A hardware firewall protects your entire network from the external environment with a single physical device. While a stand-alone product can be purchased, most hardware firewall devices are installed between the computer network and the internet. This device monitors packets of data as they are transmitted and then blocks or transfers the data according to predefined rules. Hardware firewalls require advanced IT knowledge to install and dedicated management and monitoring afterwards. Because of this hardware firewalls are typically used by larger businesses where security is a big concern.
A software firewall is installed on a user’s computer and protects that single device. This provides internal protection to a network. It’s customizable, allowing users some control over its function and protection features, such as being able to block access to certain websites on the network. Because software firewalls are easier to install, they are used by many home and small business users.
A firewall can also be a component of a computer’s operating system (OS). For example, any Windows OS newer than XP includes Windows Firewall, a free software firewall. It notifies users of any suspicious activity and detects and blocks viruses, worms, and hackers.
There are many types of firewalls, and some overlap with others in the ways that they analyze, permit, or reject network traffic. They range from basic private network protection to enterprise-grade packet inspection and threat intelligence.
Packet filtering firewalls, one of the original firewalls, are more simple and less expensive than other firewalls. They perform basic data packet filtering, analyzing IP and port addresses to determine whether the packets can pass. This filtering is based on user-defined configuration. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Proxy firewalls serve as the gateway from one network to another for a specific application. They create a new network session based on the information on the initial request, almost an imitation. This makes it more difficult for attackers to understand data from the transmission. Proxy firewalls only inspect Internet traffic from specific protocols. Proxy servers can provide additional functionality by preventing direct connections from outside the network.
Network address translation (NAT) firewalls allow multiple devices with independent network addresses to connect to the internet with a single IP address, allowing individuals’ private IP addresses to remain hidden. NAT firewalls are similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.
Cloud firewalls (or cloud-based firewalls) are available through the web rather than being installed directly between two networks on hardware. They’re flexible, and users can pass through the firewall and access the network from any location with internet access. Some cloud firewalls are intended for a small private network. Enterprise-grade cloud firewalls are often implemented at the network perimeter of cloud infrastructure.
Stateful inspection firewalls permit or drop packets based on the state of an attempted network connection. Bits in the packet (or network connection) label its state, and the firewall analyzes details about the attempted connection, such as the address it comes from or its size. Stateful inspection firewalls perform more detailed packet inspection than other firewalls, which is useful for better preventing malicious traffic. But they can also be slower, because the inspection takes more time.
Unified threat management (UTM) firewalls are less a type of firewall than a larger security solution. Firewalls are just one feature of UTM. Unified threat management may also include machine learning for better threat intelligence, endpoint security, and intrusion prevention systems, which recognize attackers’ patterns.
Network segmentation firewalls limit access between areas of one private network. These can also be understood as sub-firewalls for a sub-network (subnet). They can be a good method of containing network traffic and limiting breaches, but they’re difficult to set up and expensive as well.
Next-generation firewalls (NGFW) are currently being used by enterprises to provide better network security. They are typically a comprehensive perimeter solution, providing additional security and monitoring features. These features differ by vendor, but they can include deep packet inspection, UTM, IPS, threat intelligence, and machine learning capabilities. More on next-gen firewalls will come later.
Firewalls aren’t disappearing anytime soon because they’re still a staple of network security. However, enterprises are recognizing them as inadequate for protecting an entire network. Even next-generation firewalls won’t be fully effective if one attacker slips through their unified threat management and deep-packet inspection. Put simply, firewalls no longer compete with a full arsenal of security tools, because they don’t address every threat that networks face.
This is because legacy security systems don’t allow for threats within the network. Assuming that a firewall will successfully defend the metaphorical castle doesn’t defend its inner segments once a hacker digs a tunnel under the moat. This is where zero trust and microsegmentation play a role.
Zero trust architectures simply operate on the assumption that no one within a network should be automatically trusted. This means that not only does the network have a firewall, but it also has multiple authentication protocols at the application level within the private network. Users aren’t allowed into just any network application; they have to provide legitimate credentials, often managed by two-factor authentication, before they can enter.
Microsegmentation divides the aforementioned network into sections called protect surfaces. Protect surfaces are simply places, like an application or a database or a high-level account, that need to be protected. Each protect surface has its own requirements that must be met before a user can access it. This prevents an attacker from being able to access all company resources after making it through the firewall.
Another approach to network security is extended detection and response (XDR), which centralizes and combines cybersecurity efforts within a network. Rather than deploying five different software solutions for IDPS, SIEM, EDR, firewalls, and encryption, for example, businesses use a unified system. Firewalls are less effective when they don’t have a way to communicate with other security systems. But if all security solutions are connected, enterprises will be better prepared to protect their databases, applications, and sensitive data.
As next-gen firewalls become a necessity for many enterprises, security providers have enhanced their product offerings. Many vendors offer next-gen firewalls, but these are six of the best, reviewed by technology analyst Gartner and ranked on their Magic Quadrant:
Firewalls don’t just exist for the protection of internet sessions or sensitive personal or enterprise data. In highly restrictive nations, they can also block educational or informational content, limiting internet users’ access to IP addresses that aren’t approved by the government. China’s “Great Firewall” is the prime example: a nation-wide firewall composed of multiple layers and managed by government IT personnel.
The firewall uses IP address blocking as well as DNS cache poisoning to redirect IP requests if they are for blocked websites or keywords. In China, most VPN providers are also blocked, and citizens must use a government-approved one, which doesn’t give them much flexibility to use the internet. China’s restrictive network control allows the government to closely monitor and manage the content that its citizens see.
UPDATED: This article was updated April 2, 2021 for Web Webster.