A firewall is a security system that allows only certain data to enter or leave the private network. A firewall blocks undesired traffic. Firewalls work on the filtering rules set up by the administrator of the network.
Rules, also known as access control list, can be based on parameters ranging form IP addresses to domain names, protocols, programs, or ports. For example, a network administrator may block data originating from a specific IP address or may block a data originating from a defined protocol.
Firewalls are of two types: network-based and host-based. A network-based firewall is a hardware device installed on the border of the network. It provides overall security to the network setup. On the other hand, a host-based firewall is software-based and is installed on the end-host computers. It provides a second layer of security to the network and works on the host level. For example, the Microsoft Firewall is inbuilt host-based firewall software.
Why do you need a Firewall?
A firewall is needed because there are many ways to gain access to the network and can be used by hackers. Firewalls protect the network from the following, among others.
- Remote Login
- SMTP Highjacking
- Viruses
- Immoral/Wrong Content
- Spam
Apart from the above, a firewall also makes online gaming safer and blocks messages from unauthorised sites. If you wish to know about Windows Firewall, check out our article here.
Also read: What is IoT Botnet? How does it affect the Internet of Things?
4 Methods used by Firewalls to control traffic
A firewall uses a variety of ways to control the traffic inflow as well as the outflow. Some of the methods are.
Packet Filtering
A set of rules are used to test packet data. The data which pass the test are forwarded while the rest are discarded. This type of filtering is difficult to configure and lacks features such as user authentication and logging.
Stateful Inspection
Also called dynamic packet filtering, it is the most common firewall used today. This firewall examines the state of the connection. Furthermore, they add an extra layer of security to the packet filtering and application filtering.
In stateful inspection, the data packets are compared to the state table to determine whether it is secure. A state table holds all the communication sessions known by the device and can include information such as source and destination IP addresses. By comparing the packet data with the state table, the context of the data is established, which acts as additional filtering after the filtering rules set up by the administrator.
Application-level filtering
Packet filtering and dynamic filtering cannot distinguish between valid traffic and malicious traffic disguised as valid. For this, the application layer filtering is needed. Application firewall controls the execution of applications, blocks malicious code from executing as well as handles data. This firewall can examine the payload of the data packet and takes the decision, based on the data payload.
Proxy firewall
In this type of firewall, the application firewall is applied to the proxy server. They are the most secure type of firewall. It makes meddling with the internal system more complicated. The attacker finds it difficult to locate the network. Each time the request from an external client is launched, the client opens the proxy connection, thus protecting the network. If the connection falls within the criteria set by the administrator, the firewall opens the connection to the requested server.
Also read: What is a 51 percent attack? Should you be concerned?