What is a firewall?

In computer networks, cybersecurity firewalls block or allow network traffic, based on a set of predefined or dynamic rules and policies. They protect networks and computers against intrusion from potentially dangerous black-hats as well as from attacks that might enable them to take over the devices and misuse them for malicious purposes.

Firewall defined

The term ‘firewall’ originally referred to a structure that is supposed to confine fire within a closed space, thus hampering its spread and mitigating its harmful effects on humans and property.

By analogy, in network security a firewall monitors incoming and outgoing traffic and simply blocks out harmful or potentially unwanted content and communication. Working as a gatekeeper between trusted and untrusted networks, a firewall ensures legitimate content is able to pass through while blocking out potential hackers threatening to misuse or corrupt your device.

What is the purpose of a firewall?

The biggest benefit for users is enhanced security. By using a cybersecurity firewall you set up a security perimeter that can help to protect your computer or network from harmful incoming traffic.

This technology can also filter harmful outgoing traffic. By doing this, firewalls lower the chance of undetected data exfiltration by a malicious insider, as well as reducing the risk that the devices behind the firewall will become a part of a botnet – a large group of internet-connected devices enslaved by the attackers for malevolent purposes.

Firewalls are especially beneficial for companies with networks consisting of several internet-connected endpoints. If the firewall is properly set up at the edge of such network, it creates a single point of entry where some of the incoming threats can be identified and mitigated.

It also separates the company’s internal systems from the public internet, and thus creates a protected environment where data can flow more freely and more securely.

What is the purpose of a firewall?

The biggest benefit for users is enhanced security. By using a firewall you set up a security perimeter that can help to protect your computer or network from harmful incoming traffic.

It also separates the company’s internal systems from the public internet, and thus creates a protected environment where data can flow more freely and more securely.

Why is a firewall important?

With many changes in both the work and home environment, how much people exist online, and what data they’re storing and accessing regularly through the internet, a firewall is more important than ever. Alongside this steady increase in cyberthreats, there are a number of reasons why a firewall is so important.

Remote working

With so many users and companies making the switch to remote or hybrid working, there’s also an increase in threat level. Whether people are performing remote logins, accessing sensitive files at home or simply just being online more often on a less secure network, remote working can put them at a greater risk. A cybersecurity firewall is essential for both work and personal devices.

Personal data

The sheer amount of personal and sensitive data that is now being stored online makes a firewall incredibly important. Protecting your login details is just the beginning. If you’re not careful, you could expose everything from your name and address through to banking details, your national insurance number or even details on your mortgage. Identity theft is as big a risk as simple theft.

Business data

It’s not just individuals’ data that needs protecting. Many businesses are seeing an increase in employees accessing sensitive information from increasingly less secure locations. When everything was centralised, it was easier to invest in security features for your network. Now, there’s no guarantee where employees are accessing the work system from, and also a number of more inventive ways for cybercriminals to try and steal it.

How does a firewall work?

There are multiple types of firewalls, each using a different approach to traffic filtering. First generation firewalls worked as packet filters, comparing basic information such as original source and destination of the packet, the port being used, or the protocol against a predefined list of rules.

Second generation comprised the so-called ‘stateful’ firewalls, which added another parameter to the filter setup, namely connection state. Based on this information, the technology could determine if the packet was starting the connection, was a part of an existing connection, or wasn’t involved at all.

Third generation firewalls were built to filter information across all layers of the OSI model – including the application layer – allowing them to recognise and understand applications as well as some of the widely-used protocols such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP). Based on this information, the firewall can detect attacks trying to circumvent it via an allowed port or misuse of a protocol.

The latest firewalls still belong to the third generation, however they are often described as ‘next-generation’ (or NGFW). They combine all the previously used approaches with deeper inspection of the filtered content, e.g. matching it against a detection database to identify potentially harmful traffic.

These modern firewalls often come with additional security systems built into them such as virtual private networks (VPN), intrusion prevention and detection systems (IPS/IDS), identity management, application control and web-filtering.

The different types of firewall

The first commercial firewalls designed for computer networks were developed in the late 1980s by Digital Equipment Corporation (DEC). The technology gained prominence and became widespread over the following decade due to the rapid growth of the internet worldwide.

Since then, there have been a number of new types cybersecurity of firewalls introduced, all designed to protect you in different ways. There are two different ways to categorise a firewall. The first is based on what they protect; these firewalls are either ‘network’ or ‘host-based’. One of these protects entire networks, whereas the other usually protects individual devices or computers.

Network firewalls

These consist of several devices or sub-networks to filter out any unwanted networks and content. This type of firewall runs on network hardware and can be easily scaled to fit businesses of any size.

A network firewall is often hardware-based.

Host-based firewalls

These firewalls run directly on the user machines (or endpoints) and therefore can offer far more personalised filtering rules.

Most operating systems provide their own built-in host-based firewall. However, these tend to feature only basic functionality and, as widespread as they are, have probably been investigated thoroughly by the potential attackers.

These firewalls are usually software.

Virtual firewalls & cloud-based firewalls

A virtual or cloud-based firewall is another way firewalls can be applied to a network. They are used when a hardware firewall is difficult to implement. Software firewalls and virtual firewalls can do the same things as other firewalls, but they aren’t limited to hardware. They can be used to protect cloud based networks and software defined networks (SDN).

Packet filtering firewalls

These are designed to test each packet that comes through your firewall. It then tests these packets against the rules you have created, checking their source IP, destination IP address and both the source and destination port. If it doesn’t meet the rules you have set up, it will simply be dropped or blocked.

They can be vulnerable to IP-spoofing and, because of this, have largely been replaced in recent years.

Stateful multilayer inspection (SMLI) firewalls

A basic stateful inspection firewall performs dynamic filtering. While a standard packet filtering firewall doesn’t log the packets that come in, a stateful inspection firewall both logs them and tracks them over time.

It will have a defined list of connections it sees as valid and, when a new packet comes in, it will check it against this list. Anything that matches can go straight through and anything that doesn’t will need to have the rules applied, as in a packet filtering firewall.

A stateful multilayer inspection firewall consists of multiple layers, with checks performed at every single one. This is to make sure that it only approves packets from a trusted source.

Proxy firewalls and application layer firewalls

These have been designed to spot attacks at the application layer, which is something neither packet filtering or stateful inspection firewalls can do. They analyse a packet’s content, rather than just the source or destination, which means they can check for malicious code disguised as friendly code.

They can be used to target specific types of requests, rather than just blocking the source.

A proxy firewall is an application layer firewall used on a proxy server. This proxy acts as a third party in the connection. Essentially, when an external user tries to connect to a server, they will connect to the proxy server first. This server then applies a set of rules to the request before it’s allowed to pass on to the main server.

As these firewalls don’t just block particular sources, they are great for blocking known threats, like malware. They can recognise content, sources and applications for what they are.

Network address translation (NAT) firewalls

In terms of computer networks, a NAT gives multiple devices on one network a shared singular gateway to access the internet. This gateway means that all devices share a public IP address, but maintain a completely unique private IP address. The private IP addresses are just that: private. No device, on the network or outside it, can see the devices' private IPs.

A NAT firewall adds an extra layer of security to these networks. They will only allow traffic to pass through these gateways if one of the devices on the network has requested it. Any other traffic request is ignored. Anything that tries to come into the network through the gateway must have a private IP address listed as its destination. As the private IP addresses can’t be seen, this means it’s hard for unsolicited or malicious traffic to access the network.

Unified threat management (UTM) firewalls

A UTM firewall takes a wide array of protection features and unifies them into one piece of hardware. This means it offers an ‘all-in-one’ approach to protection, with NAT, VPN, packet filtering, stateful multilayer filtering and other internet security features all under one hood. This allows for a more universal approach to web security.

Having one point of protection that does everything can be incredibly useful. The main drawback, however, is that it also means there’s only one point of failure.

Next-generation firewalls (NGFW)

The next-generation firewall was designed to take the positives of the UTM firewall and make it more robust. A NGFW is designed to offer a UTM where each component communicates with the others. It adds in machine learning and artificial intelligence to allow for adaptive protection.

These NGFWs can be completely cloud-based too, rather than hardware based. They offer quarantining of threats, the discovery of new unknown threats, deep packet scanning and much more.

Understanding firewalls for home and small office use

A firewall is essential for any private network connecting to the internet. In a small office environment, this could be as simple as a handful of computers, a server, your printer and a few other connected devices like phones and tablets.

Protecting your data at device level can be a very good idea, but when you’re setting up a network it’s also important to have network-level security. This is essential for a small office and should be implemented immediately.

Do you need a firewall at home?

The same can be said for home networks. On a home network, you may have a multitude of devices connecting to the internet at any one time. This includes your laptops, smart TVs, smartphones, tablets, consoles, printers, your home security system and potentially even your fridge. Your network is only as secure as its weakest link, so having a firewall that protects your whole network is incredibly important.

For home protection, it’s always advisable to employ antivirus software and other security software in additional to your firewall. It’s also strongly recommended that you keep all your devices updated to their most recent software version. If you’re worried, ESET offers a free online scanner you can use. You should also secure your wireless router.

What threats do firewalls protect against?

Firewalls protect against a variety of different security threats by controlling the network traffic coming into and going out of a network. The key threats firewalls can prevent include; malware, viruses, phishing or spoofing attacks, hackers and unauthorised data exporting.

ESET offers you an award-winning antivirus

ESET HOME Security Premium

Powerful, multilayered protection to encrypt sensitive data, manage passwords easily, secure online transactions and more. A user-friendly solution for enhanced privacy online. Secures Windows, macOS, Android, and iOS devices.

Buy now

Try For Free