Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway.
Packet-filtering firewalls, the most common type of firewall, examine packets and prohibit them from passing through if they don’t match an established security rule set. This type of firewall checks the packet’s source and destination IP addresses. If packets match those of an “allowed” rule on the firewall, then it is trusted to enter the network.
Packet-filtering firewalls are divided into two categories: stateful and stateless. Stateless firewalls examine packets independently of one another and lack context, making them easy targets for hackers. In contrast, stateful firewalls remember information about previously passed packets and are considered much more secure.
While packet-filtering firewalls can be effective, they ultimately provide very basic protection and can be very limited—for example, they can't determine if the contents of the request that's being sent will adversely affect the application it's reaching. If a malicious request that was allowed from a trusted source address would result in, say, the deletion of a database, the firewall would have no way of knowing that. Next-generation firewalls and proxy firewalls are more equipped to detect such threats.
Next-generation firewalls (NGFW) combine traditional firewall technology with additional functionality, such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Most notably, it includes deep packet inspection (DPI). While basic firewalls only look at packet headers, deep packet inspection examines the data within the packet itself, enabling users to more effectively identify, categorize, or stop packets with malicious data. Learn about Forcepoint NGFW here.
Proxy firewalls filter network traffic at the application level. Unlike basic firewalls, the proxy acts an intermediary between two end systems. The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and FTP, and use both stateful and deep packet inspection to detect malicious traffic.
Network address translation (NAT) firewalls allow multiple devices with independent network addresses to connect to the internet using a single IP address, keeping individual IP addresses hidden. As a result, attackers scanning a network for IP addresses can't capture specific details, providing greater security against attacks. NAT firewalls are similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.
Stateful multilayer inspection (SMLI) firewalls filter packets at the network, transport, and application layers, comparing them against known trusted packets. Like NGFW firewalls, SMLI also examine the entire packet and only allow them to pass if they pass each layer individually. These firewalls examine packets to determine the state of the communication (thus the name) to ensure all initiated communication is only taking place with trusted sources.
A firewall is a security device — computer hardware or software — that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.
Not only does a firewall block unwanted traffic, it can also help block malicious software from infecting your computer.
Firewalls can provide different levels of protection. The key is determining how much protection you need.
The topics below can help you learn what firewalls do and determine the level of protection that will help keep your computer and the data on it safe and secure.
What does a firewall do?
A firewall acts as a gatekeeper. It monitors attempts to gain access to your operating system and blocks unwanted traffic or unrecognized sources.
How does it do this? A firewall acts as a barrier or filter between your computer and another network such as the internet. You could think of a firewall as a traffic controller. It helps to protect your network and information by managing your network traffic. This includes blocking unsolicited incoming network traffic and validating access by assessing network traffic for anything malicious like hackers and malware.
Your operating system and your security software usually come with a pre-installed firewall. It’s a good idea to make sure those features are turned on. Also, check your security settings to be sure they are configured to run updates automatically.
How does a firewall work?
To start, a firewalled system analyzes network traffic based on rules. A firewall only welcomes those incoming connections that it has been configured to accept. It does this by allowing or blocking specific data packets — units of communication you send over digital networks — based on pre-established security rules.
A firewall works like a traffic guard at your computer’s entry point, or port. Only trusted sources, or IP addresses, are allowed in. IP addresses are important because they identify a computer or source, just like your postal address identifies where you live.
Types of firewalls
There are software and hardware firewalls. Each format serves a different but important purpose. A hardware firewall is physical, like a broadband router — stored between your network and gateway. A software firewall is internal — a program on your computer that works through port numbers and applications.
There also are cloud-based firewalls, known as Firewall as a Service (FaaS). One benefit of cloud-based firewalls is that they can grow with your organization and, similar to hardware firewalls, do well with perimeter security.
There are several different types of firewalls based on their structure and functionality. Here are the various firewalls you can implement, depending on the size of your network and the level of security you need.
A packet-filtering firewall is a management program that can block network traffic IP protocol, an IP address, and a port number. This type of firewall is the most basic form of protection and is meant for smaller networks.
But beware. While packet-filtering firewalls can be helpful, they also have limitations. Because all web traffic is allowed, a packet-filtering firewall doesn’t block web-based attacks. So, you need additional protection to distinguish between friendly and malicious web traffic.
Proxy service firewalls
The proxy service firewall is a system that can help protect your network security by filtering messages at the application layer. It essentially serves as a gateway or middle man between your internal network and outside servers on the web. Also known as a gateway firewall, it is more secure in its use of stateful and deep packet inspection technology to analyze incoming traffic.
Stateful multi-layer inspection (SMLI) firewalls
The stateful multi-layer inspection firewall has standard firewall capabilities and keeps track of established connections. It filters traffic based on state, port, and protocol, along with administrator-defined rules and context. This involves using data from prior connections and packets from the same connection.
Most firewalls rely on stateful packet inspection to keep track of all internal traffic. This firewall is a step above packet-filtering in its use of multi-layer monitoring.
However, it is still unable to distinguish between good and bad web traffic, so you may need additional software.
Unified threat management (UTM) firewalls
A unified threat management firewall is a program that combines the functions of the SMLI firewall with intrusion prevention and antivirus. Additional services like cloud management may be included under the UTM umbrella of services.
Next-generation firewalls (NGFW)
Next-generation firewalls are more sophisticated than packet-filtering and stateful inspection firewalls. Why? They have more levels of security, going beyond standard packet-filtering to inspect a packet in its entirety. That means inspecting not just the packet header, but also a packet’s contents and source. NGFW are able to block more sophisticated and evolving security threats like advanced malware.
Network address translation (NAT) firewalls
A NAT firewall is able to assess internet traffic and block unsolicited communications. In other words, it only accepts inbound web traffic if a device on your private network solicited it.
A virtual firewall is an appliance used in a cloud-based system, both private and public. This type of firewall is used to assess and manage internet traffic over both physical and virtual networks.
Host-based firewalls versus network-based firewalls
There are differences between host-based and network-based firewalls, along with benefits of having both in place.
Network firewalls filter traffic going to and from the internet to secured local area networks (LAN). They typically are used by businesses that need to protect a large network of computers, servers, and employees. A network-based firewall is able to monitor communications between a company’s computers and outside sources, as well as restrict certain websites, IP addresses, or other services.
Host-based firewalls work similarly but are stored locally on a single computer or device. A host-based firewall is a software application or a suite of applications that allows for more customization. They are installed on each server, control incoming and outgoing traffic, decide whether to allow traffic to individual devices, and protect the host.
Firewalls have certainly evolved over the years and become more advanced since the technology first entered the scene. Getting their start as a basic packet-filtering system in the late 1980’s, firewalls monitored packets sent between computers. They now offer more advanced protection and technology, as highlighted in this timeline.
Do you need a firewall at home?
Firewalls represent a first line of defense in home network security. Your home network is only as secure as its least protected device. That’s where a network security system comes in.
A firewall shouldn’t be your only consideration for securing your home network. It’s important to make sure all of your internet-enabled devices — including mobile devices — have the latest operating system, web browsers, and security software.
Another consideration? Securing your wireless router. This might include changing the name of your router from the default ID and password it came with from the manufacturer, reviewing your security options, and setting up a guest network for visitors to your home.
Why do we need firewalls?
You might already engage in certain safe computer and internet use practices, including these:
Does all of this make you safe enough? The answer may be “no.” If you use the internet, it’s smart to have a firewall in place. Cyberthreats are widespread and evolving. It’s important to use available defenses to help protect your network, and the personal information stored on your computer, against cybercrimes.
Here are the three main risks of not having a firewall:
Without a firewall, you’re accepting every connection into your network from anyone. You wouldn’t have any way to detect incoming threats. That could leave your devices vulnerable to malicious users.
Lost or compromised data
Not having a firewall could leave your devices exposed, which could allow someone to gain control over your computer or network. Cybercriminals could delete your data. Or they could use it to commit identity theft or financial fraud.
Without a firewall, attackers could shut down your network. Getting it running again, and attempting to recover your stored data, could involve your time and money.
Firewalls are a key part of security technology, especially when the different types of firewalls work together to provide an umbrella of protection. Firewalls can help keep your network, computer, and data safe and secure.
Frequently Asked Questions About Firewalls
What is a firewall?
A firewall is a security device in the form of computer hardware or software. It can help protect your network by acting as an intermediary between your internal network and outside traffic. It monitors attempts to gain access to your operating system and blocks unwanted incoming traffic and unrecognized sources.
How do firewalls work?
A firewall acts as a barrier or gatekeeper between your computer and another network like the internet. It works like a traffic controller, monitoring and filtering traffic that wants to gain access to your operating system.
What does a firewall protect against?
A firewall can help protect your computer and data by managing your network traffic. It does this by blocking unsolicited and unwanted incoming network traffic. A firewall validates access by assessing this incoming traffic for anything malicious like hackers and malware that could infect your computer.
What are the types of firewalls?
As listed in detail above, there are software and hardware firewalls – several different types based on their structure and functionality. A hardware firewall is physical, stored between your network and gateway. A software firewall is an internal program on your computer that works through port numbers and applications.
Do you need a firewall?
If you use the internet, it’s smart to have a firewall in place. They provide a first line of defense to help protect your computer and your personal information from cyberthreats, which are widespread and evolving.
Can a firewall be hacked?
A firewall shouldn’t be your only consideration for securing your home network. It’s important to make sure all of your internet-enabled devices have the latest operating system, web browsers, and security software. You also should secure your wireless router. This might include changing the name of your router from the default ID and password it came with from the manufacturer, reviewing your security options, and setting up a guest network for visitors to your home.
Do firewalls prevent viruses?
Firewalls manage access to your network, whereas antivirus software serves as cyber protection from malicious viruses.
What is the difference between hardware firewalls and software firewalls?
A hardware firewall is physical, like a broadband router — stored between your network and gateway. A software firewall is internal — a program on your computer that works through port numbers and applications.
Do you need a firewall at home?
Yes. Without a firewall, you could leave yourself open to accepting every connection into your home network. You wouldn’t have any way to detect incoming threats. This open access could leave your devices and personal information exposed and vulnerable to being accessed and used for malicious purposes. Those intruders could engage in malicious activities like gaining control over your computer or network, deleting your data, or using your personal information to commit identity theft and other online frauds.