How A Firewall Protects a Network

  • By Greg Brown
  • Published: Jun 26, 2023
  • Last Updated: Jul 07, 2023

what is a firewall

Network security has become increasingly significant due to the growing number and sophistication of cyber threats. Unsecured networks are particularly vulnerable to various risks. Without modern security measures in place, unauthorized individuals can gain access to network resources, compromising sensitive data and systems. Hackers, cybercriminals, and malicious actors continually develop new techniques to exploit vulnerabilities in computer networks, posing a significant risk to individuals, businesses, and even governments.

What Is a Firewall?

A firewall is a security device — computer hardware or software —designed to help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer.

Firewalls are typically substantial barriers between trusted networks or computers and an untrusted network. Firewalls can have rules that only one outside source is allowed or many. The barrier only accepts what it is programmed to accept.

For over 30 years, the firewall has remained a primary means of controlling malicious traffic before reaching the source. Firewalls trace back to the beginning of the internet when admins discovered outside influences had breached the network. A researcher at AT&T is considered the first expert to coin the phrase firewall to describe protection from the spread of unwanted network influences, mimicking how walls would stop the spread of fire. The name was likened to partitions that kept fire out of a particular structure.

What Are the Main Types of Firewalls?

Packet-filtering firewalls

A packet-filtering firewall is a management program that can block network traffic IP protocol, an IP address, and a port number. This type of firewall is the most basic form of protection and is meant for smaller networks.

Proxy service firewalls

The proxy service firewall is a system that can help protect your network security by filtering messages at the application layer. It essentially serves as a gateway or middle man between your internal network and outside servers on the web.

Stateful multi-layer inspection (SMLI) firewalls

The stateful multi-layer inspection firewall has standard firewall capabilities and keeps track of established connections. It filters traffic based on state, port, and protocol, along with administrator-defined rules and context. This involves using data from prior connections and packets from the same connection.

Unified threat management (UTM) firewalls

A unified threat management firewall is a program that combines the functions of the SMLI firewall with intrusion prevention and antivirus. Additional services like cloud management may be included under the UTM umbrella of services.

Next-generation firewalls (NGFW)

Next-generation firewalls are more sophisticated than packet-filtering and stateful inspection firewalls. Why? They have more levels of security, going beyond standard packet-filtering to inspect a packet in its entirety. 

Network address translation (NAT) firewalls

A Network address translation (NAT) firewall is able to assess internet traffic and block unsolicited communications. In other words, it only accepts inbound web traffic if a device on your private network solicited it.

Virtual firewalls

A virtual firewall is an appliance used in a cloud-based system, both private and public network. This type of firewall is used to assess and manage internet traffic over both physical and virtual networks.

How to Deploy a Firewall?

In the modern era, three delivery methods for deploying a firewall exist. Within each deployment method, there are several types specific to the circumstance. 

  • Hardware-based firewalls are physical devices like servers that filter malicious or unwanted traffic to a computer or network. Rather than a user plugging a cable directly into a computer, the cables are plugged into the firewall first. The hardware firewall sits directly behind the router analyzing and controlling traffic, looking for specific threats.
  • Cloud-hosted firewalls are a relatively new player on the block. These types of firewalls are software-based and cloud-deployed. Built specifically for mitigating direct cyber attacks on private networks, Cloud firewalls are modern solutions to online environments. Several advantages exist for cloud-hosted firewalls. Scalability and easy deployment make cloud barricades a skyrocketing option for many individuals and businesses.
  • Software firewalls have been the standard bearer since the technology was created. These types of barriers are excellent at inspecting large amounts of data quickly. Software firewalls can be highly configurable on the fly to meet any need. Software firewalls are perfect for heavy workloads with several types of incoming traffic. Software barriers provide many deployment options to match the environment. These software barriers can be deployed into any network or computer system.

Within each delivery method, there are firewall types to fit the environment. Depending on complexity and size, multiple firewall types may be needed. Firewalls are traditionally inserted inline across a network and are tasked with telling which packets are benign or part of an attack. With the rise of malicious packets, network firewalls must be configured correctly to mitigate a host of various incoming malware.

What Are Firewall Advancements?

Advancements in network technology have allowed admins to configure firewalls to spot known patterns across incoming traffic based on previous attacks. Even though there are a host of various firewall types, here are five that can be deployed within each of the delivery methods above.

  • Application-level gateways function as a single entry and exit point on the network. These gateways filter packets according to their inherited service and other characteristics, such as an HTTP request string. Application gateways are also referred to as Proxy firewalls. Application barriers dramatically affect network performance and can be challenging to manage. Application-level barriers are fine-grained security tools that are costlier than most other solutions.
  • Circuit-level gateways are a quick solution for restricting access to a network that can quickly identify malicious content. Circuit-level barriers monitor network protocols such as TCP handshakes; however, these firewalls are not designed to inspect incoming and outgoing packets. Circuit-level barriers only process specific requests; all other traffic is rejected. These firewalls must be used with other security measures, or no protection is given. 
  • Packet filtering firewalls are inline at junction points such as routers or switches. This firewall does not route a packet. Instead, the configuration compares each packet to a set of established rules. Packets are flagged if there are abnormalities in IP addresses, packet types, port numbers, or protocols. Packet filtering firewalls can handle an entire network's traffic if needed. However, this firewall can be easily spoofed by altering the packet payload.
  • Stateful inspection firewalls examine each packet and track whether the information is part of an established TCP network. Stateful inspection of firewalls' security is exemplary but takes a high toll on network performance. These firewalls manage entire network sessions to determine their viability while checking IP addresses and payloads. Stateful firewalls are resource intensive and may interfere with network performance.
  • Next-generation firewalls combine packet inspection with stateful inspections for malware filtering and antivirus. Traditional firewalls look at packer headers, while NGFW looks at the entire packet and any additional information. Next-generation firewalls track web browsing and can determine whether a packet payload constitutes a legitimate HTML formatted response. These firewalls can be updated automatically and offer more insight than other methods. Next-generation firewalls are costlier than other types.

What to Consider When Choosing a Firewall?

What to Consider When Choosing a Firewall?

When an enterprise needs additional security, it must ask essential questions, including what needs to be protected. How vital are protecting the resources of the organization and its infrastructure? A firewall for one organization may not be suitable for another.

There are a few issues that need to be considered. What are the technical objectives of the firewall, and will there be more than one? Always consider features and capabilities when deciding on a specific piece of technology. Firewalls can be intended for low-level internet applications or high-level security devices. 

There are many implementations of a firewall that incorporate features of several different barriers. Choosing the proper firewall implementation is rarely a matter of finding a single solution that works for everything. Choosing the ideal solution means fully understanding the organization's architecture and functions. 

It must be understood that a misconfigured or underpowered firewall may be worse than having no firewall at all. A properly configured barrier to incoming traffic is an asset every organization must have.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

What to Do if Your Credit Card is Lost or Stolen

What to Do if Your Credit Card is Lost or Stolen

Credit and debit cards have become the most prominent form of wealth access in the last decade. Once consumers pulled out thick wallets of cash—they now pull out thin clips of cards—if they bother using a card, not a watch or cellphone.

Credit Card CVV Number: Meaning and Security

Credit Card CVV Number: Meaning and Security

Inspect your credit card, and you'll likely find interesting—and crucial—elements of the plastic rectangle. The front might display the provider's name, a chip, some digits, or an entire card number; the back might hold much the same, along with a signature, when necessary, and a "valid thru [sic]" date.

The Meaning of Two-Factor Authentication (2FA): How to Turn On and Turn Off

The Meaning of Two-Factor Authentication (2FA): How to Turn On and Turn Off

Cyber attacks are a growing threat to all industries, nations, and people. They occur with increasing frequency, with the last year reporting 3,205 data compromises and over $12.5 billion in projected losses, according to the Federal Bureau of Investigation (FBI).

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address