What is a Network Firewall and How Does it Work?
August 20, 2019
If you’re looking to increase the security of your network, a firewall is one of the first lines of defense you can utilize. Besides limiting access attempts to certain networks, modern firewalls have evolved to limit the ability of malicious attackers to steal sensitive information across a range of devices.
Despite being an older security technology, firewalls are as important as ever - especially as new smart devices come online during the Internet of Things (IoT) revolution. Below, we’ll dive into how firewalls function and how they can be deployed to protect your network and bolster security.
What is a firewall?
A firewall is a system built to protect private networks from unauthorized and unverified access through an internet connection. Firewalls can be either in the form of hardware or software - or a combination of the two.
So, what do they actually do? Firewalls protect your computer or a series of computers on a network from websites filled with malware or vulnerable open network ports. They help stop would-be attackers in their tracks before they can do any damage. Network firewalls can be found in businesses, homes, schools, and intranets which are private networks within an organization.
In addition, a network firewall can be configured to prevent the access of network users to outside websites. For example, parents can set parental controls on their children’s browsing habits or your workplace may block particular websites to keep you focused on the task at hand.
What are the different types of firewalls?
This is the oldest kind of firewall but it has the benefit of not impacting your overall system performance. You can think of a packet-filtering firewall as a checkpoint that’s employed at a traffic router or switch.
The packet filter will assess the data packets coming through your router. Usually, this filter can evaluate the source IP address, destination IP address, packet type, source port, and the destination port.
It doesn’t inspect the actual contents of the packet, just general information on the surface level. Based on your configuration of the firewall, you can filter to allow or not allow packets from specific IP addresses or particular ports.
This type of firewall is relatively simple so it’s easy to evade if you’re a dedicated attacker. It’s best to use this type of firewall in conjunction with other stronger firewall architecture.
Similar to a packet filter, a circuit-level gateway has a pass/fail system for approving or disallowing traffic. They work by assessing the transmission control protocol (TCP). This assessment determines whether the packet is from a legitimate session.
What does this actually look like? On a network with a circuit-level gateway firewall set up, all packets that are leaving the network appear to have come from that gateway which disallows direct connections with the trusted network and the untrusted network.
Hackers can still get around this type of firewall if they take advantage of an established connection on this firewall and send packets with malware or other malicious content attached.
Acting as a proxy server
This is thought to be the most secure type of firewall because it doesn’t allow direct network contact. The proxy firewall has the capability to examine the entire network packet instead of surface-level details like the IP address and port number. By checking the packet information, this firewall can better verify that the packet doesn’t have any malicious content.
What does this mean, exactly? A security manager can use a proxy firewall to better manage and deal with security issues like evaluating different threats and other attacks on the network.
Why is this type of firewall used? You can set up a proxy server to block access to different websites and filter certain port traffic to protect your internal network.
One drawback of a proxy firewall is that it makes an additional connection for every packet that comes in and out, which can cause a lag in system performance and it can be the point of failure during an outside attack.
Web application firewall
An application gateway is similar to a proxy server. Here’s an example of how it works:
Client computer A creates a connection with the application gateway. Then, the application gateway decides if the contact between the devices should be approved or not. If approved, a connection is made to outside computer B.
All information goes through two connections - client computer A to application gateway and application gateway to outside computer B.
The application gateway checks all traffic before sending it on. Much like a proxy server, the application gateway IP address is the only one seen by the outside, so the internal network stays concealed.
How does a network firewall work?
A firewall is set up to constantly regulate and monitor all incoming and outgoing traffic. It differs from a simple traffic analyzer in that a network administrator or security manager can control that traffic.
Some firewalls can be configured to block pretty much everything except for people and actions you specifically allow.
How would a network firewall security work in real life?
Let’s say you work at an organization with 100 employees. If you don’t have a firewall configured, those 100 computers used by employees are vulnerable and available to anyone with an internet connection. Hackers can easily exploit employee mistakes and disrupt the network or spread malware.
Here are just a few of the ways a malicious attack on a network could occur on a network like the hypothetical company above without a firewall:
- Remote login: Hackers can view or obtain your files running on your device.
- Denial of service (DoS): This is a common tactic that uses brute force. A hacker sends a request to open a session with a server that can’t be found. The destination server is soon overwhelmed by these unanswerable session requests - usually resulting in a system crash.
- Email bomb: A huge amount of emails are sent to you so your email system can’t handle any new emails.
- Macros: Hackers create their own macro (aka a script of computer demands so an application can run) that crashes your computer.
- Viruses: A virus is a form of malware that copies itself from one system to the next and it can be as harmless as a prank message or it can completely destroy your data.
If a company has a proper firewall setup, each device connected to the internet would have a line of defense that implements particular security rules.
Wrapping it up
Firewalls are an older security technology but they’re still incredibly important when it comes to protecting your device. Whether you use a network firewall to protect your enterprise or configure one for a smart device in your home, they’re an essential step to help prevent malicious attacks.
About the Author: Michelle Wilson is a contributing writer for HP® Tech Takes. Michelle is a content creation specialist writing for a variety of industries, including tech trends and media news.
Article reposted with permission from HP Tech Takes