Ruth Victor
Firewalls are a key part of keeping networked computers safe and secure. All data packets are inspected as they pass through the firewall, and the firewall uses a set of rules to determine whether a packet is allowed to pass through or not. A firewall can be hardware, software, or both.
Firewalls provide protection against outside cyber attackers by shielding your computer or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet.
There are several types of firewalls that have been developed over the years, each with its own advantages and disadvantages. Some of the most common types of firewalls include packet filtering firewalls, stateful inspection firewalls, proxy firewalls, and next-gen firewalls.
Network layer or packet filters scrutinize packets at a lower tier of the TCP/IP protocol stack, restricting passage through the firewall unless they adhere to predefined rules centered on Internet Protocol (IP) addresses and ports. Firewalls employing network layer inspection exhibit superior performance compared to counterparts employing application layer inspection. However, a drawback is that undesired applications or malware may traverse permitted ports, such as outbound Internet traffic using web protocols HTTP and HTTPS on ports 80 and 443, respectively.
A virtual firewall is commonly installed as a virtual appliance within either a private cloud environment (such as VMware ESXi, Microsoft Hyper-V, or KVM) or a public cloud infrastructure (like Amazon Web Services, Microsoft Azure, Google Cloud Platform, or Oracle Cloud Infrastructure). Its primary function is to oversee and safeguard network traffic traversing both physical and virtual networks. Furthermore, a virtual firewall frequently serves as a vital element within software-defined networks (SDN).
Firewalls also undertake fundamental network-level tasks like Network Address Translation (NAT) and Virtual Private Network (VPN) operations. Network Address Translation conceals or converts internal client or server IP addresses, typically falling within a "private address range" according to RFC 1918, into a public IP address. This concealment of protected device addresses helps conserve the limited pool of IPv4 addresses and serves as a defense mechanism against network reconnaissance by hiding the IP addresses from the Internet.
Similarly, a virtual private network (VPN) establishes a secure connection over a public network by encapsulating data within an encrypted tunnel. This safeguards the contents of packets while they traverse the Internet, allowing users to transmit and receive data securely across shared or public networks.
Next Generation Firewalls analyze packets at the application layer of the TCP/IP stack, enabling them to recognize specific applications like Skype or Facebook, and enforce security policies based on the application type. Today, Unified Threat Management (UTM) devices and Next Generation Firewalls also integrate advanced threat prevention technologies such as intrusion prevention systems (IPS) or antivirus software to identify and block malware and threats. Additionally, these devices may incorporate sandboxing technologies to identify threats within files. As the cyber security landscape evolves and attacks become increasingly sophisticated, Next Generation Firewalls will remain a crucial component of any organization's security strategy, whether deployed in the data center, network, or cloud environment.