What is a firewall? 

A firewall is a network security system designed to monitor network traffic and prevent unauthorized access. Based on defined security rules particularly assigned to it, the firewall decides to allow safe traffic or denies traffic it considers threatening. 

A firewall’s main goal is to establish a barrier that separates an internal network from incoming external traffic, such as the internet, and block malicious network packets. 

How does the firewall technology work? 

From what we learned earlier, a firewall examines incoming traffic (data packets) based on pre-defined rules and filters unsecured or suspicious traffic to prevent attacks. It protects the network and its devices at entry points called ports, which determines how devices on a network communicate with each other and exchange information. A firewall rule will generally include a source address, a protocol, a port number, and a destination address.  

Think of IP addresses as houses and port numbers as the rooms within the house. Only trusted people (source address) are allowed to enter the house(destination address), then further filters so that people in the house are only allowed to access certain rooms (destination address). 

Types of firewall 

  • Packet-filtering firewalls 
  • Proxy firewalls 
  • NAT firewalls 
  • Web application firewalls 
  • Next-gen firewalls (NGFW) 

 

Packet-filtering firewalls 

Packet-filtering firewalls are the most basic type. The firewall examines packets and prevents them from moving on if the specific security rules aren't met. Packet filtering firewalls do not open data packets to inspect their contents. The function of this firewall is to perform a simple check of all data packets arriving from the network router and inspect specifics like source and destination IP address, port number, protocol, and other surface-level data. Data packets that fail the simple inspection just get dropped.  

These firewalls are not resource-intensive and have a low impact on system performance. Their main drawback is that they only provide the basic protection and are therefore more vulnerable to being bypassed. 

Packet-filtering firewalls can either be stateful or stateless. Stateless firewalls only examine each packet individually, whereas stateful firewalls — the more secure option — take previously inspected packets into consideration. 

Proxy firewalls 

Proxy firewalls, also known as application-level firewalls, filter network traffic at the application layer of the OSI network model. As a middleman between two systems, proxy firewalls monitor traffic at the application layer (protocols at this layer include HTTP and FTP). For the firewall to detect bad traffic, both stateful and deep packet inspections are leveraged. 

Proxy firewalls typically operate in the cloud or through another proxy device. Instead of allowing traffic to connect directly, a connection to the traffic source is established, and the data packet inspected. 

Speed can be a weakness of proxy firewalls, as the transfer process creates extra steps that may slow things down. 

NAT firewalls 

Network address translation (NAT) firewalls work by assigning a public address to a group of devices inside a private network. With NAT firewalls, the device IP addresses are hidden or masked. Therefore, attackers scanning for IP addresses on a network are prevented from discovering specific details. 

Both NAT and proxy firewalls act as a go-between (middleman), connecting devices to the public network.

Web application firewalls 

Web application firewalls (WAF) are responsible for filtering, monitoring, and blocking data packets as they travel in and out of websites or web applications. A web application firewall is set up either on the network or in the cloud. Therefore available as server plugins, cloud services, or network appliances. 

A WAF is most similar to the proxy firewall but has a more specific focus on defending against application layer web-based attacks. 

NGFW firewalls 

As the threat landscape intensifies, the Next-generation firewall (NGFW) is the most popular firewall type available today. 

Thanks to improvements in storage, memory, and processing power, NGFWs build on features of traditional firewalls and other critical security functions like intrusion prevention, VPN, anti-malware, and even encrypted traffic inspection. The ability of NGFWs to handle deep packet inspection means that the firewall can unpack the data packets to prevent any malicious data from moving forward. 

NGFWs can integrate with Software-defined wide area networks (SDWAN).

Compared to traditional firewalls, these firewalls provide extensive application control and visibility, distinguish between safe and dangerous applications, and block malware from entering a network. 

While most recent firewall solutions on the market are branded as NGFWs, the security industry lacks consensus on what classifies a next-gen firewall. Without a clear definition, companies must do their due diligence to understand what specific security features are available before investing.