Firewall defined
The term ‘firewall’ originally referred to a structure that is supposed to confine fire within a closed space, thus hampering its spread and mitigating its harmful effects on humans and property.
By analogy, in network security a firewall monitors incoming and outgoing traffic and simply blocks out harmful or potentially unwanted content and communication. Working as a gatekeeper between trusted and untrusted networks, a firewall ensures legitimate content is able to pass through while blocking out potential hackers threatening to misuse or corrupt your device.
Why is a firewall important?
With many changes in both the work and home environment, how much people exist online and what data they’re storing and accessing regularly through the internet, a firewall is more important than ever. Alongside this steady increase in cyberthreats, there are a number of reasons why a firewall is so important.
Remote working
With so many users and companies making the switch to remote or hybrid working, there’s also an increase in threat level. Whether people are performing remote logins, accessing sensitive files at home or simply just being online more often on a less secure network, remote working can put them at a greater risk. A firewall is essential for both work and personal devices.
Personal data
The sheer amount of personal and sensitive data that is now being stored online makes a firewall incredibly important. Protecting your login details is just the beginning. If you’re not careful, you could expose everything from your name and address through to banking details, your national insurance number or even details on your mortgage. Identity theft is as big a risk as simple theft.
Business data
It’s not just individuals’ data which needs protecting. Many businesses are seeing an increase in employees accessing sensitive information from increasingly less secure locations. When everything was centralised, it was easier to invest in security features for your network; now there’s no guarantee where employees are accessing the work system from, and also a number of more inventive ways for cybercriminals to try and steal it.
How does a firewall work?
There are multiple types of firewalls, each using a different approach to traffic filtering. First generation firewalls worked as packet filters, comparing basic information such as original source and destination of the packet, the port being used, or the protocol against a predefined list of rules.
Second generation comprised the so-called stateful firewalls, which added another parameter to the filter setup, namely connection state. Based on this information, the technology could determine if the packet was starting the connection, was a part of an existing connection or wasn’t involved at all.
The different types of firewall
The first commercial firewalls designed for computer networks were developed in the late 1980s by Digital Equipment Corporation (DEC). The technology gained prominence and became widespread over the following decade due to rapid growth of the global internet.
Since then, there have been a number of new types of firewalls introduced, all designed to protect you in different ways. There are two different ways to categorise a firewall. The first is based on what they protect; these firewalls are either ‘network’ or ‘host-based’. One of these protects entire networks, whereas the other usually protects individual devices or computers.
A little more information on these types of firewalls
Network firewalls
These consist of several devices or sub-networks to filter out any unwanted networks and content. This type of firewall runs on network hardware and can be easily scaled to fit businesses of any size.
A network firewall is often hardware-based.
Host-based firewalls
These firewalls run directly on the user machines (or endpoints) and therefore can offer far more personalised filtering rules.
Most operating systems provide their own built-in host-based firewall. However, these tend to feature only basic functionality and, as widespread as they are, have probably been investigated thoroughly by the potential attackers.
These firewalls are usually software.
Virtual firewalls & cloud-based firewalls
A virtual or cloud-based firewall is another way firewalls can be applied to a network. They are used when a hardware firewall is difficult to implement. Software firewalls and virtual firewalls can do the same things as other firewalls, but they aren’t limited to hardware. They can be used to protect cloud based networks and software defined networks (SDN).
The other way you can define a firewall is the method it uses to filter. These include:
Packet filtering firewalls
These are designed to test each packet that comes through your firewall. It then tests these packets against the rules you have created, checking their source IP, destination IP address and both the source and destination port. If it doesn’t meet the rules you have set up, it will simply be dropped or blocked.
They can be vulnerable to IP-spoofing and, as such, have largely been replaced in more recent years.
Stateful multilayer inspection (SMLI) firewalls
A basic stateful inspection firewall performs dynamic filtering. While a standard packet filtering firewall doesn’t log the packets that come in, a stateful inspection firewall both logs them and tracks them over time.
It will have a defined list of connections it sees as valid and, when a new packet comes in, it will check it against this list. Anything that matches can go straight through and anything that doesn’t will need to have the rules applied, as in a packet filtering firewall.
A stateful multilayer inspection firewall consists of multiple layers, with checks performed at every single one. This is to make sure that it only approves packets from a trusted source.
Proxy firewalls and application layer firewalls
These have been designed to spot attacks at the application layer, which is something neither packet filtering or stateful inspection firewalls can do. They analyse a packet’s content, rather than just the source or destination, which means they can check for malicious code disguised as friendly code.
They can be used to target specific types of requests, rather than just blocking the source.
A proxy firewall is an application layer firewall that’s used on a proxy server. This proxy acts as a third party in the connection. Essentially, when an external user tries to connect to a server, they will connect to the proxy server first. This server then applies a set of rules to the request before it’s allowed to pass on to the main server.
As these firewalls don’t just block particular sources, they are great for blocking known threats, like malware. They can recognise content, sources and applications for what they are.
Network address translation (NAT) firewalls
In terms of computer networks, a NAT gives multiple devices on one network a shared singular gateway to access the internet. This gateway means that all of the devices share a public IP address, but maintain a completely unique private IP address. The private IP addresses are just that: private. No device, on the network or outside it, can see the devices' private IPs.
A NAT firewall adds an extra layer of security to these networks. They will only allow traffic to pass through these gateways if one of the devices on the network has requested it. Any other traffic request is ignored. Anything that tries to come into the network through the gateway must have a private IP address listed as its destination. As the private IP addresses can’t be seen, this means it’s hard for unsolicited or malicious traffic to access the network.
Unified threat management (UTM) firewalls
A UTM firewall takes a wide array of protection and unifies it into one piece of hardware. This means it offers an ‘all-in-one’ approach to protection, with NAT, VPN, packet filtering, stateful multilayer filtering and other internet security features all under one hood. This allows for a more universal approach to web security.
Having one point of protection that does everything can be incredibly useful. The main drawback, however, is that it also means there’s only one point of failure.
Next-generation firewalls (NGFW)
The next-generation firewall was designed to take the positives of the UTM firewall and make it more robust. A NGFW is designed to offer a UTM where each component communicates with the others. It adds in machine learning and artificial intelligence to allow for adaptive protection.
These NGFWs can be completely cloud-based too, rather than hardware based. They offer quarantining of threats, the discovery of new unknown threats, deep packet scanning and much more.
Understanding firewalls for home and small office use
A firewall is essential for any private network connecting to the internet. In a small office environment, this could be as simple as a handful of computers, a server, your printer and a few other connected devices like phones and tablets.
Protecting your data at device level can be a very good idea, but when you’re setting up a network it’s also important to have network-level security. This is essential for a small office and should be implemented immediately.
Do you need a firewall at home?
The same can be said for home networks. On a home network, you may have a multitude of devices connecting to the internet at any one time. This includes your laptops, smart TVs, smartphones, tablets, consoles, printers, your home security system and potentially even your fridge. Your network is only as secure as its weakest link, so having a firewall that protects your whole network is incredibly important.
For home protection, it’s always advisable to employ antivirus software and other security software in conjunction with your firewall. It’s also strongly recommended that you keep all your devices updated to their most recent software version. If you’re worried, ESET offers a free online scanner you can use. You should also secure your wireless router.
ESET offers you an award-winning antivirus
ESET HOME Security Premium
Powerful, multilayered protection to encrypt sensitive data, manage passwords easily, secure online transactions and more. A user-friendly solution for enhanced privacy online. Secures Windows, macOS, Android, and iOS devices.