What is a Firewall?

If you’ve ever owned a computer, then you’ve come across the term firewall more than once. Whether it’s from your OS or an anti-malware program, every PC owner has come in contact with some form of firewall or the other. But what exactly is this “firewall”? Well, you might have some vaguely correct ideas about it, and I’m here to point you in the right direction. This article covers the basics of a firewall for anyone to understand

What is a firewall?

A firewall is a defensive system on computers designed to prevent unauthorized access to or from a private network. This basically means that a firewall is a protective layer of security that monitors the information going through a network. Firewalls can be implemented in either hardware or software form or a combination of both. Firewalls stop any unauthorized internet users from accessing private internet connections like intranets. All messages and requests that are transferred to the network must go through the firewall. The firewall then checks each message and blocks those that do not meet the specified security criteria. A firewall is the first line of defense in protecting private information, but it is not the only security line. They are designed to safeguard network traffic and connections, and therefore do not attempt to authenticate individual users when determining who can access a particular computer or network.

History of firewalls

The word “firewall” was used in the past to refer to walls intended to confine a fire in buildings. This use of the word was extended to refer to other fire retardant structures like the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. It was first used as a computing term in the late 1980s in network technology. It was used when the internet was only becoming a thing in its global use and connectivity. Before this, the existing security protocols were secure routers used in the late 1980s. Routers could segregate networks so they could easily apply filtering to packets crossing them. Before firewalls were properly cemented in computer networks, it was used in the 1983 computer-hacking movie WarGames and possibly inspired its later use.

How does a firewall work?

A firewall meticulously analyzes incoming traffic based on pre-established rules and filters traffic from unsecured or suspicious sources to prevent attacks. They guard the entry points of computers, called ports, where information is exchanged with external devices. 

Just imagine your computer as a house, and the ports are the rooms. You would only let trusted people (source addresses) into the house (destination address). Then even among the ones allowed in, only a handful are allowed into certain rooms(destination ports). The owner is allowed into any room, while guests are only allowed into certain rooms depending on their intent. A firewall manages all these and prevents third parties from accessing certain ports by acting as security guards to prevent entry.

Types of firewalls

There are different kinds of firewalls, and they can either be software or hardware, though it’s best to have both. Software firewalls are installed programs on computers that regulate traffic through port numbers, and applications hardware firewalls are physical pieces of equipment plugged between your network and gateway.

Packet filter firewalls

These types of firewalls are easily the most common because they are all the average user would need. Packet-filtering firewalls examine packets and prevent them from passing through if they don’t match an established security ruleset. This type of firewall constantly checks the packet’s source and destination IP addresses and compares them to existing protocols. If the packets are authenticated properly, then it is given access to the network stream. 

There are basically two forms of Packet-filtering firewalls: stateful and stateless. Stateless firewalls filter the packets independently of each other and lack context, making them easy targets for hackers who can gradually piece together their illegals with tiny legal packets. On the other hand, stateful firewalls remember passed packets and used that information to check new packets making stateful firewalls much more secure. Packet filter firewalls are truly effective; however, they only give fundamental protection and can be very limited. For one, they cant read the contents of the packets. They only check the source of the packets. So if malicious code managed to be sent from a trusted source, the firewall would have absolutely no way of knowing that. Luckily, next-generation firewalls and proxy firewalls are more equipped to detect such threats.

Next-generation firewalls (NGFW) 

These are newer firewall systems that find a way to merge traditional firewall technology with additional functionality. These firewall systems have features like encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. They also have DPI(deep packet inspection). Simple packet filter firewalls only check the headers of packets and the source. Still, NGFW has DPI that thoroughly examines the data within the packet itself, enabling users to more effectively identify, categorize, or stop packets with malicious data. 

Proxy firewalls

These are firewalls that filter network traffic at the application level. Quite unlike packet filters, proxy firewalls are some middle ground between two end systems. The client sends all requests to the firewall first, where it is then inspected against set security protocols. It is allowed if it conforms with the proper protocol or blocked if it does not. The same applies to the replies sent back from the remote servers. Proxy firewalls are noted for their ability to monitor traffic for layer 7 protocols such as HTTP and FTP and use both stateful and deep packet inspection to detect malicious traffic.

Network address translation (NAT) firewalls

This kind of firewall allows multiple devices with independent network addresses to connect to the internet using a single IP address, keeping individual IP addresses hidden. With this method, hackers scanning a network for IP addresses can’t capture specific details, providing greater security against attacks. They are similar to proxy firewalls as they also act as a middle ground between a group of computers and outside traffic.