A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main purpose is to allow non-threatening traffic in and keep dangerous traffic out.
Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set up to examine packets, or bytes, transferred between computers. Though packet filtering firewalls are still in use today, firewalls have come a long way since then as technology has developed and threat actors have become more sophisticated. But the basic principle of a firewall remains the same: you’re setting up your network with specific policies to allow or block incoming and outgoing traffic.
Firewalls, especially Next Generation Firewalls, focus on blocking malware and application-layer attacks. Along with an integrated intrusion prevention system (IPS), these Next Generation Firewalls are able to react quickly and seamlessly to detect and combat attacks across the whole network. Firewalls can act on previously set policies to better protect your network and can carry out quick assessments to detect invasive or suspicious activity, such as malware, and shut it down.
Network layer or packet filters inspect packets at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set where the source and destination of the rule set is based upon Internet Protocol (IP) addresses and ports. Firewalls that do network layer inspection perform better than similar devices that do application layer inspection. The downside is that unwanted applications or malware can pass over allowed ports, e.g. outbound Internet traffic over web protocols HTTP and HTTPS, port 80 and 443 respectively.
Firewalls also perform basic network level functions such as Network Address Translation (NAT) and Virtual Private Network (VPN). Network Address Translation hides or translates internal client or server IP addresses that may be in a “private address range”, as defined in RFC 1918 to a public IP address. Hiding the addresses of protected devices preserves the limited number of IPv4 addresses and is a defense against network reconnaissance since the IP address is hidden from the Internet.
Similarly, a virtual private network (VPN) extends a private network across a public network within a tunnel that is often encrypted where the contents of the packets are protected while traversing the Internet. This enables users to safely send and receive data across shared or public networks.
Next Generation Firewalls inspect packets at the application level of the TCP/IP stack and are able to identify applications such as Skype, or Facebook and enforce security policy based upon the type of application.
Today, UTM (Unified Threat Management) devices and Next Generation Firewalls also include threat prevention technologies such as IPS (Intrusion Prevention System) or Antivirus to detect and prevent malware and threats. These devices may also include sandboxing technologies to detect threats in files.
As the cyber security landscape continues to evolve and attacks more sophisticated, Next Generation Firewalls will continue to be an essential component of any organization’s security solution, whether you’re in the data center, network, or cloud. To learn more about the essential capabilities your Next Generation Firewall needs to have, download the Next Generation Firewall (NGFW) Buyer’s Guide today.