What Is A Firewall And It’s Benefit To Your Organization’s Security
September 18, 2023A firewall is a security system that checks and manages incoming and outgoing traffic based on predefined rules. Typically, a firewall is placed between a trusted network, such as our office network, and an untrusted network, like the Internet:
The History Of Firewalls
In the late 1980s, as the internet became widely used and organizations sought a way to control access to their networks, the first firewall functionality was invented. Initially, it was the router that served as the barrier since it was already handling all the network traffic. This functionality, known as “packet filtering,” involved examining transferred packets between endpoints.
However, as network traffic increased, routers struggled to handle both forwarding packets and filtering them. Subsequently, the dedicated machine known as the firewall was invented to take on the filtering role.
Today, there are still routers that perform packet filtering, but it is predominantly the firewall’s responsibility.
Next-Generation Firewall
Firewall capabilities have evolved significantly over the years. Today, firewalls do much more than packet filtering and play a significant role in an organization’s security infrastructure.
A Next-Generation Firewall (NGFW) is a type of firewall that performs traditional capabilities along with additional features such as stateful inspection, application awareness, and IPS/IDS.
By leveraging these advanced features, the NGFW gains a better understanding of the network and enhances its overall security posture.
Some well-known companies that offer NGFW devices include Check Point, Palo Alto Networks, Cisco Firepower, and Fortinet.”
NGFW Firewall Capabilities
Packet Filtering
as mentioned before – one of the firewalls roles is to inspect packets transferred between devices in the network. The firewall does that by using access control list which specifies what packets will be forward to the next hop and what packets will be dropped. Packets can be filtered by source and destination IP address, by protocol, by source and destination ports and more.
Detect And React To Attacks (IDS/IPS)
IDS/IPS is the ability to detect or prevent network security attacks. For example brute force attacks, Denial of Service (DoS) attacks and vulnerability exploits.
Proxy Firewall
also known as an application firewall or a gateway firewall. It used as intermediary system between private network assets and the rest of the network. It recieves all the traffic to the network assets and filter the packets in the application layer. The traffic to the network resources will go through specific interface with it’s own IP address and not directly to the servers IP’s. The firewall caches, filters, logs, and controls the traffic. That way it keeps the network secure and identify and prevent unauthorized access and cyberattacks.
Stateful Inspection
A stateful firewall follows the whole connection made instead of check each packet individually. The system takes actions according to the connection attributes. If the connection is safe the packets are forwarded. If not the packets are discarded.
Deep packet Inspection
Deep packet inspection (DPI) is a method of examining the content of data packets and not only the the packet’s header (destination and source IP address for example). It helps us learn more information about the traffic goes through the firewall and configure relevant rules.
SSL/TLS Inspection
FWs can inspect encrypted traffic to detect threats within encrypted communications (SSL/TLS). They achieve this by intercepting the traffic, similar to a “man-in-the-middle” attack, allowing them to inspect the decrypted packets.
User Identity Awareness
FWs can direct traffic within the network based on user identities rather than solely relying on IP addresses or applications. This additional layer of security is significant, as different user roles typically have varying privileges and access levels to organizational resources.
Performing NAT And VPN
sometimes, when our network contain private IP addresses we will use our firewall to perform Network address Translation (NAT) and Virtual Private Network (VPN). Using those protocols help us hide the private addresses behind one public IP address of the firewall.
For Conclusion
As I see it firewalls features and capabilities keep developing daily and by that giving us the ability to protect our network from cyber threats. An advice to you – keep updated, learn and implement more and more firewall capabilities as the threat space is evolving in huge strides.
