What is a Firewall? What does it do?

A firewall is a security technology (hardware, software or both) to protect networks through specific functionalities and security rules. For instance, monitoring incoming and outgoing traffic, filtering of traffic, blocking the access for unauthorized outsiders, suspicious traffic, and also malicious software.

Firewalls divide the private part of a network from the public part of the interconnection supplied by the Internet.

What does a firewall do?

A firewall is a sentinel for detection and reaction. It monitors the traffic to detect suspicious activity, malware or attempts to access without proper authorization. And then, it blocks unknown sources and suspicious traffic.

How does a firewall work?

A firewall, being hardware, software or both, establishes a security filter to control the traffic.

It carefully checks the traffic in every entry point of a computer (ports). The reason is, the exchange of information with external devices takes place exactly on those ports.

Firewalls must be configure to define the rules for them to operate actions like filtering, allowing and blocking. Besides, they scan data packets sent across networks looking for attack vectors, malicious code or potential risks. Once a firewall analyzed traffic, it will accept only the incoming connections you have chosen to be accepted, and the ones that are consider safe. Risky data packets and connections will be rejected. In another words, only reliable sources (IP addresses) will be welcome. Let’s remember that IP addresses are the way to identify sources, and computers.

Types of firewalls.

A hardware firewall is a physical appliance (a hardware device) put between the network and gateway to mark network’s limits. Links that cross those limits must go through the firewall for being scanned. Access or rejection will derived from the results of that checking.

A software firewall is a program set up on machines to control the traffic via different applications and port numbers.

There’s another categorization based on functionality.

Packet filtering firewall. It checks data packets, their source and destination IP addresses to verify if they comply or not the configured parameters to be welcome in the network.This type of firewall can be stateless or stateful. The first, analyzes packets individually, without considering others or context. The second is safer because it remembers and considers in its analysis, information about previous packets and the connections they belong to.

Proxy. It filters traffic at the application layer. It supplies stateful mode and technology to check data packets deeply for an efficient filtering.

Virtual. Cloud-based appliance to evaluate traffic on virtual and physical networks.

Stateful multilayer inspection (SMLI) firewall. It filters data packets at application, transport and network layers, to guarantee that communications are established only between reliable sources.

Unified threat management (UTM) firewall. It supplies stateful check-up, antivirus and intrusion prevention.

Network address translation (NAT) firewall. It provides a public IP address to a device or group of them for connecting in a private network. Incoming traffic is welcome only if a device of the private network requests it.

Next generation firewall (NGFW). It adds to the basics: deep data packets check-up, encrypted traffic check-up, intrusion prevention technology, antivirus, etc.

Threat focused NGFW. The regular NGFW features plus advance threat detection and correction ones.

Conclusion.

There are different types of firewalls, and different levels of protection to suit your network’s needs.