Firewall

A firewall is defined as a type of hardware & software program that monitors and filters incoming and outgoing network traffic based on a defined set of security rules. It can be said that it acts as a barrier between internal networks and external sources. Purpose of a firewall is to prevent malicious or unwanted data traffic from entering the computer and protect computer from viruses and attacks. A firewall can be a network security device or a software program on a computer. This means that the firewall comes at both levels, i.e., hardware and software. A hardware firewall is a physical device that attaches between a computer network and a gateway. For e.g. broadband router, etc. On the other hand, a software firewall is a program installed on a computer that works through port numbers and other installed software. Apart from this, there are cloud-based firewalls. These are commonly referred to as FaaS (firewall as a service). A primary advantage of using cloudbased firewalls is that they can be managed centrally. These are best
known for providing perimeter security. Some Operating Systems like Windows 10 comes with built-in firewalls.

How does a Firewall Work & it’s functions:

A firewall system analyses network traffic based on pre-defined rules. It filters the traffic and prevents traffic coming from unreliable or suspicious sources. It only allows incoming traffic that is configured to accept. Usually, firewalls intercept network traffic at a computer’s entry point, known as a port. Firewalls perform this task by allowing or blocking specific data based on pre-defined security rules. Incoming traffic is allowed only through trusted IP addresses or sources. Firewalls have a variety of functions and capabilities with built-in features:

  • Network Threat Prevention
  • Application and Identity-Based Control
  • Hybrid Cloud Support
  • Scalable Performance
  • Network Traffic Management and Control
  • Access Validation
  • Record and Report on Events

Limitations of Firewall:

There are some limitations to firewall which makes use of antivirus necessary. These limitations are:

  • Firewalls cannot stop users from accessing malicious websites, making it vulnerable to internal threats or attacks.
  • Firewalls cannot protect against the transfer of virus-infected files or software.
  • Firewalls cannot prevent misuse of passwords.
  • Firewalls cannot protect if security rules are misconfigured.
  • Firewalls cannot protect against non-technical security risks, such as social engineering.
  • Firewalls cannot stop or prevent attackers with modems from dialling in to or out of the internal network.
  • Firewalls cannot secure the system which is already infected.

Types of Firewall:

There are mainly three types of firewalls, such as software firewalls, hardware firewalls, or both, depending on their structure. Each type of firewall has different functionality but the same purpose. A hardware firewall is a physical device that attaches between a computer network and a gateway. For example- a broadband router. A hardware firewall is sometimes referred to as an Appliance Firewall. Whereas, a software firewall is a simple program installed on a computer that works through port numbers and other installed software. This type of firewall is also called a Host Firewall. The following are types of firewall techniques that can be implemented as software or hardware:

  • Network Layer Firewall – filtering is done based on source and destination IP addresses.
  • Context Aware Application Firewall – filtering is done based on the user, device, role, application type, and threat profile.
  • Proxy Server – filtering of web content requests like URL, domain, media, etc.
  • Reverse Proxy Server – placed in front of web servers, reverse proxy servers protect, hide, offload, and distribute access to web servers.
  • Network Address Translation (NAT) Firewall – hides or masquerades the private addresses of network hosts.
  • Transport Layer Firewall – filtering is done based on source and destination data ports, and filtering based on connection states.
  • Application Layer Firewall – filtering is done based on application, program or service.
  • Host-based Firewall – filtering of ports and system service calls on a single computer operating system.
  • Next Generation Firewall – It has higher levels of security than packet-filtering and stateful inspection firewalls. Unlike other firewalls, this monitors the entire transaction of data, including packet headers, packet contents, and sources. They are designed in such a way that they can prevent more sophisticated and evolving security threats such as malware attacks, external threats, and advance intrusion.
  • Cloud Firewalls – This type of firewall is considered similar to a proxy firewall. The reason for this is the use of cloud firewalls as proxy servers. However, they are configured based on requirements. There most significant advantage is scalability.
  • Stateful Inspection Firewall – Stateful multi-layer inspection firewalls include both packet inspection technology and TCP handshake verification. These types of firewalls keep track of the status of established connections. In simple words, when a user establishes a connection and requests data, the SMLI firewall creates a database (state table). The database is used to store session information such as source IP address, port number, destination IP address, destination port number, etc. Connection information is stored for each session in the state table.