Firewalls have been around since the 1980s – some even believe the 37-year-old film WarGames coined the term's usage in a computing context – and they're a vital bit of kit if you want to keep a network of devices safe and secure.
This guide looks to expand a little more on what a firewall really is and why they're so important.
What is a firewall?
The phrase originally referred to walls built into terraced houses designed to stop fires from spreading from one home to another.
The first ever firewall to be built is generally considered as NASA's 1988 effort – designed following a systems attack by a virus. Their firewall allowed them to demarcate the NASA computer network and stop viruses from spreading.
Firewalls are a direct security-based response to the vulnerabilities that exist in a client-server model – when a device (a client) requests resources, services, or information from another (a server). This simple networking architecture has become the basis of modern-day computer networks, and the request process is happening every time you head onto the internet.
Why firewalls are important
A firewall is a piece of hardware or software that prevents attacks from hackers from gaining access to your network via the internet in order to steal, delete or corrupt your personal data and information.
A firewall will help you protect the devices and information on a network from external threats, as well as any sensitive data being transferred internally between devices on the same network.
Other functions of firewalls
Another important function firewalls perform is setting rules for all users on a given network and uniformly block incoming traffic from certain sites, for whatever reason that may be. In a school, that might be to block content that's only legal to view if you're an adult – in a place of work, say a bank, it might be to protect from hacking attacks.
firewalls also compile records of the traffic they receive, and network administrators can then look at them and create new rules for the network, or perform an audit of the network with the information.
Of course, firewalls also feedback to users when dodgy data is trying to make their way into the network and in turn, can make them more aware of the sort of things they should avoid clicking on.
Additional functions firewalls perform include providing a secure way to let individual users remotely access a given network; the users that are permitted to access the network are given authentication certificates.
Different types of firewall
Although there are various different sub-categories of firewall, the ones you're most likely to run into are:
- Packet-filtering firewalls
- Circuit-level gateways
- Stateful inspection firewalls
- Application-level gateways (proxies)
- Cloud firewalls
- Next-Generation Firewalls
This is the most basic type of firewall. Packet-filtering firewalls operate at the third layer (the network layer) of the OSI (Open Systems Interconnection) conceptual model used to map the functions of a networking system.
Packet-filtering firewalls essentially choose a point before the traffic comes through a router and inspect surface-level information in the data packets such as the port number and network address and rejecting anything suspicious.
It doesn't take a huge amount of processing power to get up and running, but unfortunately, it's a pretty basic check and can be worked through pretty easily by hackers – the entire data packet is never inspected so you can never truly know what's hiding in there with this type of firewall.
Circuit-level gateways operate at the session or transport layer of the OSI model. This type of firewall monitors TCP handshaking – essentially the process by which a client and server negotiate the transfer of data in a TCP/IP network.
Circuit-level gateways check the connections at the transport layer against a list of permissible connections and then decide whether the data-exchange session can commence. Circuit-level gateways are less resource-intensive when compared to some other firewalls, however, once a session has been green-lighted, no further checks are carried out, including on individual packets.
These are also known as proxy firewalls and operate at – you guessed it – the application layer of the OSI model. They essentially establish a proxy connection with the server your network is receiving data from and inspect the traffic before sending it on through to you.
The additional separation from the network makes this sort of firewall very useful, as does the fact application-level gateways/proxy firewalls can perform Deep Packet Inspection (DPI) of the sort packet-filtering gateways can't.
If a cloud server is used to create this proxy connection, application-level gateways may be referred to as a cloud firewall.
This type of dynamic, packet-filtering firewall takes the information you request from a server and can dynamically open and close ports to receive/block it.
Stateful-inspection firewalls process data at the application layer, which allows for a much more detailed inspection of data packets and the transactions taking place.
It's also more secure as the firewall is tracking and inspecting not just singular packet data out of context, but the connection itself and various other connections across the network (that's the key difference between stateful-inspection and packet filtering).
Next-gen firewalls are hard to define – it's not always clear what defines a firewall 'next-generation'. Most firewalls considered 'next-generation' can usually perform DPI, verify TCP handshakes, and can use intelligence and information gathered from outside the system to improve security.
The 'next-generation' of firewalls implement an intrusion detection and prevention system that investigates suspicious activity on the network. They deal with brute force attacks, DDoS attacks, and also monitor exploitable vulnerabilities. If malware gets into the network, they can root it out and blacklist traffic from its original source.
Nowadays, different 'types' of firewalls, that inspect data at different levels of an operating system, can be deployed as hardware or software.
- Hardware firewalls -physical, self-contained appliances that intercept and access traffic before it reaches the boundary of the network you're trying to protect.
- Software firewalls – firewalls instantiated on individual devices, or groups of devices, as they can demarcate network endpoints and protect them from the rest of the system.
Hardware firewalls are sometimes called appliance firewalls, whereas software firewalls are sometimes called client firewalls.
Does my computer already have a firewall?
Quite possibly! If you own a Mac or Windows PC, then great – they come with built-in packet filtering firewalls to root out bad traffic. This is turned on automatically, but allows you to configure these settings manually.
A lot of routers also come with a basic firewall of sorts, utilizing Network Address Translation. It only allows data through if a device on the network requests it, and the internal IP addresses of devices on the network are kept hidden.
However, as we discussed above, these are a basic kind of firewall and there are plenty of other reasons why you might want another one – ensuring all devices on a network have individual firewalls does not necessarily ensure the entire is protected as a whole.