A firewall is a network security device that acts as the gatekeeper for your computer, device, or network. It monitors and screens traffic to and from your device and prevents any unauthorized access to your files. When a firewall is doing its job effectively, it prevents cyber-attackers from infiltrating your device and protects your private data from being stolen.
Most personal computers are sold pre-installed with a basic firewall in their operating system, but they usually only offer a limited level of security. For businesses, organizations, and individuals who have higher and specialized security needs, other types of firewalls might be needed to protect data from security threats. From proxy firewall and packet filtering to stateful inspection firewall, unified threat management firewall, next generation firewall, threat focused firewall, virtual firewall, and cloud native firewall, each type of firewall comes with their own set of features and advantages to serve a unique purpose.
In this blog, we will go over what each of these firewalls are, their use and benefits, as well as how to select the right product to maximize your internet and network security.
What do Firewalls do?
Digital devices and the internet have overtaken almost every aspect of our day-to-day lives. The global number of internet users has increased substantially in the last 20 years - from 413 million in 2000 to over 4.6 billion users now in 2022. While the efficiency and convenience of technology continues to improve, the threat and predominance of malicious software has also advanced at an alarming rate. Individuals and businesses are almost always exposed to security threats when they are connected to the internet or a network. As a countermeasure, firewalls act as the first line of defence that protects your data from being stolen when using a computer or digital device.
Simply put, internet firewalls provide security by preventing unauthorized access into or out of a computer network. They are like the immigrations and customs department that guards the border of a country. They utilize a specific set of pre-established security rules to decide what can come in and what can go out. They detect suspicious and unauthorized traffic (such as a cyberattack) and block them from entering your network or device.
History of Firewalls
Gen 1 – Late 1980s: Packet-Filter Firewalls
The first generation of firewalls was developed by Digital Equipment Corporation (DEC) in 1988. This generation is often known as the Packet-Filter Firewall as they perform inspection on the packets of information transferred between different computers on a network. The packet filter had a set of rules that governed what is allowed to pass and what is not. While they employed similar principles to the firewalls we have today, their functions and features were far less sophisticated as the threats they dealt with were nowhere as complex as the ones today.
Gen 2 – 1990s: Stateful Firewalls
Unlike the previous generation, these firewalls monitored the session and connection state of packets, which provided deeper packet inspection and improved security for computers and networks.
Gen 3 – 2000s: Application Layer Firewall
As the internet developed and gained global prominence in the 1990s, so too did cyber threats. Many businesses were affected by cyber-attacks and desperately demanded better security options. Application Layer Firewalls were developed during this time to deal with newer internet threats. They ran on the application layer and could inspect all data passing through the running software. They manage applications that send and receive data on the internet, such as web browsers.
Next Gen – From 2010s onward: Sandboxing, Machine Learning & More
The internet has become a daily tool for most people in the world. Cloud technology gradually replaced the need for data centers. As our technology continued to advance, large-scale and evasive attacks became more common than ever as hackers began using AI and bots to multiply the magnitude of their attacks. Next Generation Firewalls (NGFW) that combine newer technology like sandboxing, machine learning, and advanced malware detection are developed as a countermeasure to newer and more complex cyber threats.
How do firewalls work?
While the capabilities of firewalls have improved drastically throughout the years, their primary function remains to act as a gatekeeper and determine which traffic should be allowed or restricted based on a set of rules. Most firewalls do this by using protection methods such as:
- Packet-Filtering – Comparing packets of data against filters that are designed to identify malicious data. Data packets that meet the criteria of a threat will not be allowed to pass through.
- Proxy Service – This method creates an intermediary gateway that prevents direct contact between users and the internet. It also obscures the protected network’s architecture and hides private IP addresses from external users to provide extra protection.
- Stateful Inspection – Besides inspecting every incoming and outgoing data packet, this method also checks for the origin of the data, the ports they use, and applications that are involved. It also collects information about previous data packets to better prevent threats in the future.
- NAT (Network and Port Address Translation) – This method changes the IP address to improve security and decrease the number of addresses a business or organization needs.
On top of these traditional methods of protection, newer and more advanced firewalls like Sangfor NGAF utilize cutting-edge technology like intrusion detection systems (IDS), intrusion prevention systems (IPS), behavioral analysis of traffic, and threat signature or unusual network activity to provide deeper inspection and improved packet-content filtering of all network traffic. Modern firewalls like Sangfor NGAF also provide a degree of VPN support to further improve security when connected to the internet.
Web Application Firewalls & Network Firewalls
Firewalls can be further divided into two major categories – application firewalls and network firewalls. They each offer protection against a different set of threats and operate in very different ways. It’s important to understand their differences when choosing the best security solution for your organization.
- Web Application Firewalls (WAF) – This type of firewall provides application layer inspection and offer great protection against internet threats and web-based attacks targeted at applications. They detect and blocks any malicious HTTP requests and prevent them from reaching users and web applications. They are designed to protect against cyber threats like DDoS, SQL injection, and cross-site scripting, but do not protect against network layer attacks.
- Network Firewalls – This type of firewall enhances security by protecting a private network from unauthorized access. They typically offer protection against a wider range of traffic types than WAFs, and do well against network threats like unauthorized access, MITM attacks, and privilege escalation.
It’s important to understand that these firewalls complement each other and only a combination of both can give you a full range of protection. In the past, organizations would have to purchase two separate firewall products to cover all the various threats they might be exposed to. Next-generation firewalls like Sangfor NGAF, however, combine the capabilities of network firewalls and WAFs to provide a much more efficient and cost-effective solution.
The Importance of NAT and VPN
When selecting a firewall for your organization, it’s also important to look for NAT (Network Address Translation) and VPN (Virtual Private Network) features and compatibility. As businesses and organizations rely more and more on the internet for their daily operation, NAT and VPN features can help mask an organization’s private IP address and hides their activity from the public. While they cannot replace firewalls on their own, the wide range of benefits that they offer, like data encryption, location hiding, and protecting your identity from webmasters, can further heighten a business or organization’s privacy and network security.
Firewall vs Antivirus
Firewalls and antivirus software are two different types of products that perform very different functions but are often confused for one another. While both tools are essential in today’s business environment, assuming that an antivirus software can do the work of a firewall for your organization would be a fatal mistake that can lead to disastrous consequences.
Key differences between the two include:
Pros and Cons of Firewalls
According to an FBI report, US-based businesses lost approximately $6.5 billion dollars to cybercrime in the year 2021 alone. No business or individual is exempt from cyber threats in today’s world, and it is absolutely essential for any organization to be equipped with a firewall. With that said, there are no real cons to owning a firewall, but only challenges and constraints that may require special solutions.
Different organizations have varying cyber security needs and not all businesses are ready to spend on an enterprise-grade firewall for better protection. If your organization is satisfied with just a basic level of network security, open-source firewalls like IPFire and pfSense might be great solutions to help you save on costs.
For more information on how to choose a firewall for your business, check out our enterprise firewall buyer’s guide here. If you are looking to upgrade your network security with an all-round and comprehensive firewall that can protect your business from 99% of cyber security threats, be sure to visit the Sangfor NGAF product page to learn more about its features and capabilities, advantages, customer success stories, data sheets, and more.