What Is a Firewall and How Does it Work?

This post mainly introduces what is a firewall, what types of firewalls are there, how it works, and how to use a firewall. Read it to learn everything you want to know about firewall.

Ellie

By Ellie / Updated on July 13, 2022

Share this: instagram reddit

What is a firewall?

A firewall is a security system that analyzes both internal and external network traffic. Based on certain security rules, it decides whether certain types of traffic to your computer should be permitted or prohibited.

Literally, it refers to a fire barrier used to control fire outside the building. To put it simply, by building a barrier between a trusted network and an untrusted network, a firewall protects your computer from malicious traffic like viruses and hackers. 

Firewall Protection

What are the types of firewalls?

To give you a full understanding of firewalls, here we’ll introduce the following five different types of firewalls.

  • Packet-filtering firewall
  • Proxy Firewall
  • Stateful inspection firewall
  • Next-generation firewall (NGFW)
  • Network address translation (NAT) firewall

Packet-filtering firewall

Packet-filtering firewall operates at the network layer (Layer 3) of the OSI (Open Systems Interconnection) model and makes processing decisions based on network addresses, ports, or protocols. It is very fast because there is not much logic going behind the decisions it makes. It does not do any internal inspection of the traffic, nor does not store any state information. Users have to manually open ports for all traffic that will flow through the firewall.

Because it will forward any traffic that is flowing on an approved port, it is considered not to be very secure. Malicious traffic may be sent as long as it’s on an acceptable port.

Packet Filtering Firewall

Proxy Firewall

Proxy-based firewalls are proxies that sit in between clients and servers. Clients connect to the firewall, and the firewall inspects the outgoing packets, after which it will create a connection to the server. Similarly, when the server attempts to send a response to the client, the firewall will intercept that request, inspect the packets, and then deliver that response in a separate connection between the firewall and the client. A proxy-based firewall effectively prevents a direct connection between the client and server.

As mentioned before, a proxy firewall inspects all outgoing packets and incoming requests. Therefore, it can cause latency, particularly during heavy traffics.

Proxy Firewall

Stateful inspection firewall

Rather than scanning each packet, a stateful inspection firewall maintains information about open connections and utilizes it to analyze incoming and outgoing traffic. It filters connections based on administrator-defined criteria as well as context, which refers to utilizing data from prior connections and packets for the same connection. 

Because they do not inspect every packet, stateful firewalls are normally faster than proxy-based firewalls. However, a stateful firewall can be manipulated by tricking a client into requesting a certain kind of information, letting the attacker has the chance to send malicious packets that match that criterion through the firewall.

Next-generation firewall (NGFW)

As threats evolve, more powerful solutions are required, then comes the Next-Generation Firewall (NGFW). It combines standard firewall capabilities with extra features like encrypted traffic inspection, intrusion prevention systems, anti-virus, etc. It features deep packet inspection (DPI). DPI examines the data within the packet itself, allowing users to more effectively identify, categorize, and stop packets with malicious data, while traditional firewalls simply look at packet headers.

Network address translation (NAT) firewall

By allowing numerous devices with different network addresses to connect to the internet using a single IP address, the NAT firewall hides individual IP addresses. Thus, attackers scanning a network for IP addresses can’t capture specific details, providing greater security against attacks. It is similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.

Network Address Translation

How does a firewall work?

A firewall is controlled by a set of rules that decide whether or not traffic is allowed to enter or depart a network. These guidelines differ depending on what an application is told to accomplish and how risky conduct is defined. Firewalls guard traffic at a computer’s entry point called ports, which is where information is exchanged with external devices. For example, “Source address 172.18.1.1 is allowed to reach destination 172.18.2.1 over port 22.”

Consider IP addresses to be houses, and port numbers to be rooms of the houses. For the first step, only trustworthy people (source addresses) are allowed to enter the houses (destination address). Then, it is further filtered that particular people (destination ports) only access particular rooms (destination ports) depending on their identities. The owner of the house has access to any room (any port), but other people, for example, visitors, are restricted to a specified set of rooms (specific ports).

How to use firewall protection?

With the firewall set up properly, the safety of your computer can be guaranteed. Here are some tips for you to improve your firewall security:

  • Always keep firewalls updated. Firmware patches keep your firewall up to date and protect you from newly identified security flaws. Users need to upgrade their software frequently. For personal and home firewall users, they can update directly, while larger businesses firewalls users, may need to double-check network configuration and compatibility beforehand.
  • Use a whitelist to limit accessible ports and hosts. Inbound traffic should be denied by default. Set a rigorous whitelist of trustworthy IP addresses for incoming and outbound connections. User access privileges should be limited to those that are absolutely necessary. It's easier to maintain security by allowing access just when it's needed rather than rescinding permission and repairing damage after an occurrence.
  • Segmented network. Malicious actors’ lateral mobility is an obvious threat that may be delayed by reducing internal cross-communication.
  • Use additional antivirus protection. A firewall alone sometimes may not stop some viruses and infections. These may still get past firewall protections. At this point, you may need additional antivirus software to further protect the security of your computer.

Conclusion

What is a firewall? Here in this post, we have explored the definition of the firewall, different categories of the firewall, the working principles of the firewall, and tips for improving firewall security. Hope you’ll have a better understanding of firewalls after reading this.