What Is a Firewall? Network Firewalls Explained

With cyberattackers, hackers, and other bad actors seeking to infiltrate computer networks, network security is of the utmost importance. Firewalls, which serve as a way to defend your network against external threats, are one of the best ways to keep your information and your devices safe. In this article, learn what a firewall is, how they work, and how you could benefit from installing one on your network.

What is a firewall?

A firewall is a network security device that acts as an intrusion prevention system, serving as a barrier between your internal network and external sources. It does so by scanning network traffic for threats coming from unknown or suspicious sources, as these sources could be sending viruses or other malicious software.

Firewalls are often considered to be the first layer of defense against network threats. They operate based on a set of predetermined rules that dictates what traffic can and cannot be allowed to enter the internal network. A successful firewall allows the approved traffic and data to enter but blocks unknown data in order to protect the health of the network.

Firewalls exist in multiple forms. They can be hardware, software, or cloud-based. Certain ones may work better on certain networks, so make sure that you do research before installing a firewall to determine what you need for your network protection.

How does a firewall work?

Network firewalls are the first line of defense for your network. They work by blocking or allowing data packets based on preset security rules set by an administrator.

Internet traffic reaches a computer's entry point, which is called a port. Next, the port scans it and assesses the data packets based on the predetermined security rules. If the port deems it a trusted source, it allows the Internet traffic through.

Think of the system as a security guard at a house party. The house is the main destination IP address, and rooms within the house are ports. The security guard only allows trusted people - or trusted source IP addresses - into the house at all.

Once inside, partygoers are only allowed into certain rooms based on their access levels (owner or guest). The owner has permission to go into any room, or any port. On the other hand, guests only have access into certain rooms, or certain ports. Firewalls keep a network organized and protected against external threats.

Why are firewalls important?

Firewalls are crucial to network security because of the protection they provide against outside threats and cyberattacks. Without them, networks sit vulnerable, potentially leading to loss of information or destruction of the network or network devices.

Furthermore, firewalls can control traffic within the network, allowing your network to function smoothly. Administrators can establish their own policies and guidelines for who can and can't access the network. They allow admins to control access based on a number of factors, including IP addresses and port numbers.

They minimize the threat of external attacks, blocking malware and viruses that could potentially take down an entire computer network. Example, if your public IP is determined a threat by a firewall, you won't be able to gain access to any parts of the network thanks to the firewall.

Types of firewalls

Firewalls can be hardware, software, or both. Software firewalls are installed onto individual computers on a network and regulate traffic through port numbers.  On the other hand, hardware firewalls are physical devices installed between the network and a gateway.

Packet-filtering

The most basic and common type of firewall is a packet-filtering firewall. They work by scanning packets and blocking them if they don't match a set of predetermined rules.

The issue is that packet filtering alone cannot determine the contents of a request. Therefore, a trusted source gets through even with a malicious request.

Proxy

Proxy firewalls are another early type of firewall. Unlike packet-filtering, proxies serve as a gateway between networks, preventing direct connections from outside the internal network.

Additionally, proxy firewalls use deep packet inspection (DPI). DPI examines the data within the request itself rather than just examining the source. The proxy evaluates requests and allows the ones deemed trustworthy to pass through.

Network Address Translation (NAT)

Similar to proxies, network address translators act as an intermediary between computers on a network and external traffic. They work by allowing multiple devices on a network to use a single IP address. Thus, this keeps each individual device's IP address hidden. Malicious actors can't scan a network's IP addresses to steal information.

Stateful inspection

Stateful inspection firewalls, also known as the dynamic packet-filtering type, are what many think of when they think of traditional firewalls. They block or allow traffic based on state, port, and protocol. Furthermore, decisions are made based on rules set by the administrator and the context of the request.

Though these are effective, they can be vulnerable to Denial of Service (DoS) attacks, which manipulate established connections to enter a network under the guise of safety.

Next-Generation firewall (NGFW)

NGFWs go beyond simple packet-filtering and stateful inspection. They provide protection against complex malware and application-layer level attacks. These are essentially unified threat management (UTM) devices, as they combine the functionality of stateful inspection with antivirus software.

Some additional functionalities of NGFWs include:

• Intrusion prevention
• Ability to block risky applications
• Use of data analysis and AI to address changing security threats

As security threats continue to evolve, NGFWs will play a larger role as fundamental pieces of every organization's security framework.

Why use a firewall?

For the average Internet user, a dedicated third-party firewall may not be necessary. Most routers provide a firewall function, and that in addition to a strong antivirus program offers users a suitable level of protection.

However, for those who want greater protection, or for businesses and organizations that deal with high amounts of diverse Internet traffic, using a firewall provides several benefits. Consider the following reasons to use a firewall.

• They offer enhanced security. Firewalls are an excellent security measure in general. Unauthorized users won't be able to access your network if it's behind a firewall, which helps vulnerable networks stay secured.
• Firewalls prevent remote access. They keep unauthorized third parties from taking over your private network from a device not on the network.
• They block malicious traffic. Even if you use caution when visiting websites online, there's a chance you may accidentally download a virus without knowing it. A firewall blocks the malicious traffic when it attempts to alter or damage your network.
• They assist in handling large traffic loads. Businesses can use firewalls to quickly filter through traffic, resulting in a smoother online experience and faster response times.
• Firewalls allow you to customize your security protocol. You can choose what traffic you do and do not want to allow onto your network.

Firewalls are an excellent security investment for any network, particularly for those that are exposed to large amounts of variable traffic. They protect ports, block malicious traffic, and overall improves network safety.

Limitations and vulnerabilities of firewalls

Though firewalls are essential to network security, they do present a few potential issues and limitations for users. In some cases, firewalls mistakenly label traffic as safe or as a risk, resulting in malicious traffic passing through or secure traffic remaining blocked from the network. This can be difficult for businesses or individuals who struggle to regulate high traffic volumes.

Firewalls are particularly vulnerable to the following threats:

• DDoS (Distributed Denial-of-Service) attacks. DDoS attacks disrupt a network by overwhelming it with generated traffic. Though most firewalls include DDoS protection, they may struggle to stop traffic that comes from legitimate sources.
• Malware attacks. As networks grow in size, it becomes more difficult for these tools to protect them in their entirety. Malware, which is continually becoming more covert, has an easier time slipping through.
• Poor configuration. If an IT tech fails to set up the firewall properly, it can harm the network's security and overall health. Make sure that the firewall is properly set up and consistently updated with necessary security patches.

Additionally, firewalls can be difficult to set up; you may need a network administrator to help you fully optimize your network security. They also don't protect against internal network threats. Therefore, users shouldn't limit their network firewall security to just this one tool. Over-reliance on the tool can also cause other areas of a network's security to lack, which opens the window for threats elsewhere to present themselves.

Frequently asked questions

Is a firewall on a computer or router?

They can be on either. Some computers come with a built-in firewall; the same applies to routers. However, these devices could still benefit from additional network protection.

Do you need a firewall if you have a router?

If you have a router, you may not need a firewall. Many routers have one built in, while others offer features that essentially serve the same purpose. Make sure to research your router to see if it offers sufficient protection on its own.

Does a firewall go between a modem and a router?

Yes, some do go between a modem and a router. Hardware firewalls are physically placed between a modem and a router to protect network traffic.

What are the three types of firewall?

The three types of firewalls are hardware, software, and cloud-based. Within those categories, there are many different firewall structures.