What is a firewall?

Packet filtering firewalls

These are designed to test each packet that comes through your firewall. It then tests these packets against the rules you have created, checking their source IP, destination IP address and both the source and destination port. If it doesn’t meet the rules you have set up, it will simply be dropped or blocked.

They can be vulnerable to IP-spoofing and, because of this, have largely been replaced in recent years.

Stateful multilayer inspection (SMLI) firewalls

A basic stateful inspection firewall performs dynamic filtering. While a standard packet filtering firewall doesn’t log the packets that come in, a stateful inspection firewall both logs them and tracks them over time.

It will have a defined list of connections it sees as valid and, when a new packet comes in, it will check it against this list. Anything that matches can go straight through and anything that doesn’t will need to have the rules applied, as in a packet filtering firewall.

A stateful multilayer inspection firewall consists of multiple layers, with checks performed at every single one. This is to make sure that it only approves packets from a trusted source.

Proxy firewalls and application layer firewalls

These have been designed to spot attacks at the application layer, which is something neither packet filtering or stateful inspection firewalls can do. They analyse a packet’s content, rather than just the source or destination, which means they can check for malicious code disguised as friendly code.

They can be used to target specific types of requests, rather than just blocking the source.

A proxy firewall is an application layer firewall used on a proxy server. This proxy acts as a third party in the connection. Essentially, when an external user tries to connect to a server, they will connect to the proxy server first. This server then applies a set of rules to the request before it’s allowed to pass on to the main server.

As these firewalls don’t just block particular sources, they are great for blocking known threats, like malware. They can recognise content, sources and applications for what they are.

Network address translation (NAT) firewalls

In terms of computer networks, a NAT gives multiple devices on one network a shared singular gateway to access the internet. This gateway means that all devices share a public IP address, but maintain a completely unique private IP address. The private IP addresses are just that: private. No device, on the network or outside it, can see the devices' private IPs.

A NAT firewall adds an extra layer of security to these networks. They will only allow traffic to pass through these gateways if one of the devices on the network has requested it. Any other traffic request is ignored. Anything that tries to come into the network through the gateway must have a private IP address listed as its destination. As the private IP addresses can’t be seen, this means it’s hard for unsolicited or malicious traffic to access the network.

Unified threat management (UTM) firewalls

A UTM firewall takes a wide array of protection features and unifies them into one piece of hardware. This means it offers an ‘all-in-one’ approach to protection, with NAT, VPN, packet filtering, stateful multilayer filtering and other internet security features all under one hood. This allows for a more universal approach to web security.

Having one point of protection that does everything can be incredibly useful. The main drawback, however, is that it also means there’s only one point of failure.

Next-generation firewalls (NGFW)

The next-generation firewall was designed to take the positives of the UTM firewall and make it more robust. A NGFW is designed to offer a UTM where each component communicates with the others. It adds in machine learning and artificial intelligence to allow for adaptive protection.

These NGFWs can be completely cloud-based too, rather than hardware based. They offer quarantining of threats, the discovery of new unknown threats, deep packet scanning and much more.