What is a Firewall?
Being able to protect yourself from cyber threats is essential as society is moving towards a more digitized lifestyle. Having protective measures in place that can help secure your network and system, then you will have a much safer time on the internet.
A firewall is a defense system that protects your computer and data from hackers and other threats. It inspects incoming and outgoing traffic using a set of rules to identify and then allow safe traffic or block threats. These rules are based on an organization's previously established security policies. Firewalls are used in both personal devices and company network settings.
In this article, we will see what a firewall is and what types of firewalls exist. We will then discuss how a firewall works, what kind of viruses and threats it protects us from, and what are the risks of not having firewalls. We will also briefly go over the history of firewalls and some of the best firewall solutions currently available in the market.
What are the Types of Firewalls?
There are different types of firewalls that might be better used depending on the scenario. Here are some types of firewalls:
1. Proxy Firewall
A proxy firewall is said to be the safest and foolproof form of a firewall that filters messages at the application layer in an attempt to protect network resources. A proxy firewall puts a cap on the apps that a network can support, which helps to increase security but in doing so can potentially impact speed and system functionality.
A proxy firewall works differently from other firewalls meaning that it provides a singular point that equips organizations with the tools to estimate the threat level of application protocols and put in place solid attack detection, checking for validity, and error detection.
2. Unified Threat Management (UTM) Firewall
Unified Threat Management firewalls are part of a complete solution that may include antivirus, anti-malware, content filtering, etc. The main advantage of choosing this form of a firewall is that companies and organizations can save on costs and maintenance since they only need to take care of a single solution to manage their threats.
3. Stateful Inspection Firewall
A stateful firewall is a type of firewall that proceeds to monitor the state of active network connections while at the same time analyzing the incoming traffic and looking for potential risks and threats. Stateful firewalls are situated at Layers 3 and 4 of the OSI model.
Stateful packet inspection is used by stateful firewalls to analyze which packets can pass through the firewall. Stateful inspection firewalls work by going through the contents of a data packet over the network and then comparing them against data packets that had already been passed through the firewall.
4. Next-generation Firewall (NGFW)
Next-generation firewalls are a type of firewall that is created by combining the functions of traditional firewalls with different network devices. NGFWs is the third generation of firewalls that have capabilities like intrusion prevention systems and deep packet inspection.
Figure 1. What is Next Generation Firewall?
NGFWs, when compared to other types of firewalls, tend to use a more detailed inspection mechanism, assessing packet payloads and matching signatures for harmful things like malware. NGFWs give administrators better awareness and control over individual apps and with deeper inspection capabilities.
5. Threat-focused NGFW
Threat-focused NGFWs are a special category of NGFWs that have a primary purpose to cater to threats like malware, application-layer attacks, or other targeted attacks.
Threat-focused NGFWs are designed to identify, prohibit, track, analyze and counter all manner of threats that might be known of or not known.
6. Virtual Firewall
A virtual firewall is also known as a cloud firewall is a type of firewall that is designed only for scenarios where the deployment of hardware firewalls is challenging or not an option like public and private cloud environments or SDNs (software-defined networks). Virtual firewalls also have the option to be installed as virtualized instances of NGFWs.
How does a Firewall Work?
Firewalls scan different data packets for harmful contents like malicious code that might have been identified as known or even established threats. If a data packet were to be flagged and deemed to be a risk to the system, the firewall stops the packet from entering the network and ultimately getting access to your computer and causing damage.
What does a Firewall Protect Against?
Firewalls give protection from a number of threats that include:
- Denial of Service: If you have ever come across an instance where you would not have accessed a website, it might have potentially been under a denial of service attack. As part of a DDoS attack, the server won't have the ability to locate the system that first put in the request. Firewalls provide a baseline of security but they can potentially be worked around and be ineffective. This is why it's necessary to have multiple security measures to protect the network from different attack vectors.
- Macros: Macros are sorts of scripts that apps can run to execute a series of steps or procedures into a single executable rule. If a hacker gains access to any system then they will be in a position to run their macros within the apps. Firewalls will help to prevent access to these sorts of malicious actors who have ill intentions for a computer system.
- Remote Logins: Remote logins vary by their severity but they always define someone connecting to and controlling your device. Remote logins can help IT professionals, to update something without being physically present. If however, a hacker were to remotely log in to a system, they can cause major harm and can access sensitive files or go on to execute unwanted scripts or software.
- Spam: Spam, albeit annoying, is harmless in most cases but in some instances, even a spam email can be the start of a full-blown cyber attack. Spam will often include external links which may cause users to accept cookies that give hackers backdoor access.
- Viruses: Viruses are often small programs that do incredible damage like deleting files, corrupting systems, etc. Some firewalls and security solutions include virus protection, but using a firewall with antivirus software is generally a smarter choice that gives more security.
Do Firewalls Prevent Viruses?
Yes, firewalls can help prevent viruses but not in a direct way. Firewalls help to prevent unauthorized access to your network and it filters the network traffic before allowing any entry to the system.
This means that firewalls prevent access to hackers and other malicious actors that will be the ones planting viruses on your system. Viruses come in all shapes and forms and having a high level of protection will prevent security lapses.
What is the History of Firewalls?
The first generation of firewalls came about in 1988 from the engineers at Digital Equipment Corporation. A simple packet filtering firewall was developed simply filtered through the data packets on a network. This soon led to the development of firewalls into highly technical and necessary online security features.
The first working model of a packet filtering firewall was based on the original first-gen architecture and developed by Steve Bellovin and Bill Cheswick. Packet filters work by analyzing the data packets transferred between computer systems on the Internet. If an information packet matches the packet filter's set of predefined rules, the packet will be dropped or rejected.
The period between 1989 and 1990 paved the way for second-generation firewalls that became known as circuit-level firewalls. The concept is said to have been developed at AT&T bell laboratories by Dave Presetto, Kshitij Nigam, and Janardan Sharma. These circuit-level firewalls are a simple upgrade to the previous packet filtering generation of firewalls. Circuit-level firewalls were required to advance with improving technology and linking computers to the internet.
The current and third generation of firewalls is super user-friendly that allows even the technologically minimalists to set basic rules for their firewalls.
Are Firewalls Needed at Home?
Yes, having a firewall today is not a luxury but is a necessity. The internet at large is dangerous and having any or some form of security is vital.
Having a router as a home firewall is the most accessible way that you will get a firewall since you might already have one at home. Routers are a common device and a necessity for anyone that has multiple devices that share an internet connection.
If you have a pretty recent version of Windows installed, the firewall might already be on. It's completely acceptable to have it on. The impact of having the Windows firewall is minimal and just saves a lot of time.
What are the Risks of Not Having a Firewall?
Not having a firewall can jeopardize the network and all of the devices and computer systems that are associated with it. By not having a firewall, you've lowered your security measures and given an open playing field to any hacker that wants to take advantage of an unsecured system.
Several damaging things can happen as a result of not having a firewall ranging from information theft to putting personnel at risk. Here are some of the things that can happen as a result of not having a firewall:
1. Lost or Compromised Data
Data or even valuable information can be lost and compromised if a computer system or network is not protected. Not having a firewall means that anyone with ill intentions and the capability will take advantage of the security shortcomings and can cause as much harm as possible.
Compromised data not only puts individual privacy at risk, but it can also put the reputation of a company at the stake. Not having the right security measures in place like a firewall is going to allow for such embarrassing and completely avoidable situations.
2. Network Crashes
Networks facilitate communication inside the organization and with the outside world. Lacking network security is not a good sign and companies need to take something like this seriously.
A bad actor might gain access to the network and have a stroll since there is no firewall to prevent free entry, and cause harm to the network by running scripts that could overload the server capacity and cause them to stall essentially. Network crashes can lead to a loss in productivity and can prove to be the center of further data leakage and organizational loss.
3. Open Access
While in any other context open access might sound like a good thing, when we are talking about a network that has open access, it is incredibly risky and concerning. Since there are no rules on who to give access to a network and who to prevent entering, any hacker can walk up and not be stopped in any way from wreaking havoc over the network.
Without firewalls, the situation becomes incredibly challenging since there is no check and balance on the packets passing in and out of the network.
Can a Firewall be Hacked?
As with any other form of security tool, firewalls can be hacked although it doesn't happen as often as you might think that it might. There are a number of ways that a firewall can be hacked or bypassed or put at risk of malicious attacks.
Phishing emails are often used to deliver encrypted injection attacks. The email will often look legitimate and trick unsuspecting users by clicking links that inject encrypted code onto the machine. The phishing link can ask the user to take certain actions and ask for login credentials (or other sensitive information) as well as deliver malicious code to the system.
A firewall's job isn't only to analyze incoming traffic but also to make sure that no vital info is carried out when it leaves the network. Although a hacker might find it hard to bypass a firewall, as they gain access they can leak data out of the network however they like.
Smaller organizations tend to focus on firewalls solutions that are fairly limited due to budget constraints, but these firewalls often lack backdoor security. Even with the most strict network security measures like a comprehensive firewall in place, hackers can still find ways to access networks. Skilled hackers can use alternative means to bypass your firewall with something like social engineering.
Social engineering in the context of cyber security often comes in the form of phishing emails, etc. A cybercriminal can insert infected USB sticks to directly attack a system which is why having a hardware firewall is crucial.
What are the Best Firewall Solutions?
A well-balanced firewall solution can help organizations improve their credibility while at the same time making sure that at least there is a baseline level of defense against cyber attacks.
We can categorize the firewall solutions as open-source and commercial firewalls. Here are some of the best firewall solutions available on the market today:
- Zenarmor: Zenarmor is an NGFW plugin for OPNsense and for many Linux distributions which is an open-source firewall. Its advantages include being scalable and able to be used in an agile manner.
- Comodo Firewall: Comodo Firewall is a good option because it is user-friendly and also offers pretty decent security against threats that may either be inbound or outbound.
- Panda Dome Essential: Although Panda Dome Essential is primarily an antivirus, it does have a configurable firewall that can complement your existing firewall.
Are Firewalls Easy to Install?
The short answer is that it depends. If you are planning to install the built-in firewall in say Windows, then it will only take a couple of minutes to make sure that the firewall is working. But depending on the firewall and system being installed, firewall installation can be challenging.
Here are some of the steps that are required to configure a firewall:
- Update your firewall to the latest version: Updating your firewalls is the first step in making sure that the firewall is a security measure and not a liability. Older versions generally need security patches to provide the assurance that the organization would need.
- Design your networks based on functionality and sensitivity level: Plan out the structure of your network to group assets and place them into networks that are also called zones. These divisions are made depending on functionality and sensitivity levels. Once these zones are designed according to the corresponding IP scheme, you will be in a position to make firewall zones and hand them over to your firewall interfaces.
- Configure ACL: Network traffic is permitted depending on a set of firewall rules called the access control lists or ACL for short. ACLs are used on every interface or subinterface on the firewall. Making ACLs specific and to the pinpoint source or destination, IP addresses should be your priority. At the bottom of every access control list, ensure that there is a "deny all" rule to sift through all unapproved traffic.
- Test your current firewall configuration: Testing your firewall is important to make sure that your security measures are not vulnerable. You need to test for different attack vectors through methods including penetration testing and scanning for vulnerabilities. Once this testing is completed, your firewall is ready for production in most cases. Always make sure to have a backup of each firewall configuration saved in a secure place so, in a worst-case scenario, you won't have to start from scratch.
On Which Devices and OS can Firewall be Installed?
You can install firewalls on a number of devices including computer systems and personal smart devices. The installation process will be similar to hardware firewall installation and is the same more or less.
Firewall Installation on Windows
Installing a firewall is easiest on Windows. Here is how you can enable Windows Defender Firewall that comes pre-installed with modern Windows versions:
- Click on Start.
- Open the Control Panel.
- Select the System and Security and choose the Windows Defender Firewall.
- Turn Windows Firewall on if it is turned off.
- Select Turn on Windows Firewall for the public, private, and domain settings.
Firewall Installation on Mac
Enabling the firewall on a Mac is also relatively straightforward. Here are the steps that you need to take to enable the firewall on a Mac:
- Choose the Apple menu.
- Select System Preferences.
- Click on Security & Privacy.
- Select Firewall and move forward to turn it on if it is turned on.
- If you would like to play around with additional settings then you can do so by clicking on Firewall Options.
Firewall Installation on Linux
Installing a firewall on Linux is going to be the most challenging. But most Linux users are technically sound and will have a much easier time installing the firewall themselves. Here is a quick summary of how to configure
iptables firewall on Linux:
- List the current rules of iptables.
sudo iptables -L
- To change the default policy:
sudo iptables -P FORWARD DROP
- To clear/flush all the rules
sudo iptables -F
- To append a single rule at the bottom of the chain:
sudo iptables -A
- To append a rule at the beginning of the chain:
sudo iptables -I
- To implement an ACCEPT rule
iptables -A INPUT -s 192.168.1.3 -j ACCEPT
- To implement a DROP rule
iptables -A INPUT -s 192.168.1.3 -j DROP
- Implementing rules on specific ports/protocols:-
sudo iptables -I INPUT -s 192.168.1.3 -p tcp --dport 22 -j ACCEPT
- To delete a rule
sudo iptables -D INPUT 1
- To save the configuration
sudo invoke-rc.d iptables-persistent save
What is the Difference between Hardware Firewalls and Software Firewalls?
A hardware firewall can be defined as a physical device that is similar to a server that channels and monitors the traffic going to a computer system. The hardware firewall sits right in the middle of the external network and the server, giving a level of protection from viruses and acts as a wall between unwanted intrusions.
Software firewalls are installed independently on different physical devices. These kinds of firewalls offer more singular control, permitting access to a feature or app, while also allowing you to block suspected intruders.
The primary difference between a hardware firewall and a software firewall is that the hardware firewall runs on its physical device, while the software firewall is installed on another system.