A firewall is a network security system—either hardware, software, or a combination of both—that is designed to monitor, filter, and control incoming and outgoing network traffic based on predefined security rules.
- It acts as a barrier between a trusted internal network and an untrusted external network, such as the Internet.
- The primary purpose of a firewall is to enforce an organization’s security policy by deciding whether to allow or block specific traffic.
- Firewalls help protect networks and systems from unauthorized access, malware, and cyberattacks.
- They are a fundamental component of defense-in-depth strategies and are typically placed at the network perimeter.
Types of Firewalls:
1.) Packet-Filtering Firewall:
It is a type of firewall that operates at the network layer (Layer 3) of the OSI model and filters traffic based on basic information such as IP addresses, port numbers, and protocol types in the packet headers.
- It is stateless, it does not keep track of active sessions, making it fast but less secure than more advanced firewalls.
2.) Stateful Inspection Firewall:
A stateful inspection firewall, also known as a dynamic packet filter, monitors the state of active connections and makes decisions based on the context and status of traffic flows.
- It tracks the state of active connections and makes decisions based on the context of the traffic.
- It maintains a state table to monitor ongoing sessions.
3.) Proxy Firewall (Application-Level Gateway):
A proxy firewall, or application-level gateway, is a firewall that functions at the application layer (Layer 7) and acts as an intermediary between end-user devices and destination servers.
- It inspects application-specific protocols like HTTP, FTP, etc.
- It offers strong security but may affect performance due to deep inspection.
4.) Next-Generation Firewall (NGFW):
It is an advanced firewall that combines the capabilities of traditional firewalls with deep packet inspection, intrusion detection and prevention systems (IDS/IPS), and application-level traffic analysis.
- It not only filter packets based on headers but also analyze payloads to detect malware, intrusion attempts, and unauthorized applications.
- NGFWs are ideal for protecting networks from modern cyber threats.
5.) Web Application Firewall (WAF):
It is a specialized firewall that protects web applications by filtering, monitoring, and blocking HTTP and HTTPS traffic to and from a web service.
- It works at Layer 7 and filters HTTP/HTTPS traffic.
- It is often used in combination with NGFWs for comprehensive security.
Applications of Firewalls:
1.) Blocking Malicious Traffic:
- It prevents unauthorized or harmful traffic such as worms, viruses, or attackers trying to scan or exploit vulnerabilities.
2.) Preventing Unauthorized Access:
- It ensures only authorized users and systems can access internal resources, protecting sensitive data and services.
3.) Enforcing Security Policies:
- It implements organizational rules for which devices or users can access specific parts of the network.
4.) Monitoring and Logging:
- It logs all traffic passing through the network, which helps in audit trails, forensic investigations, and real-time monitoring.
5.) Protecting Against External Threats:
- It acts as the first line of defense against threats from the Internet or other external networks.
6.) Segmentation of Networks:
- Firewalls can divide a network into security zones, controlling traffic flow between departments or services (e.g., guest network vs. internal network).
