What Is a Firewall?

A firewall is a type of network security system that analyses incoming and outgoing network traffic, effectively serving as a barrier that blocks viruses and attackers based on predetermined security rules. A firewall’s filters flag incoming information or activity that is not authorised and then block it. Firewalls can also flag suspicious traffic leaving a network, alerting IT staff of a possible compromise.

You can find firewalls in hardware, software, software-as-a-service (SaaS), public cloud, or private cloud (virtual). Their underlying function is to manage data flow between connected networks, identifying and mitigating potential threats. As such, a firewall is the gatekeeper to a digital network and your first line of security defence.

Generally, firewalls work by filtering and blocking out malicious traffic and permitting only authorised traffic to pass through. Here are some of the specific functions that enable firewalls to work:

• Packet filtering: Firewalls examine each data packet and check to see where it is coming from and its location. The data collected about each packet is compared to a permissions list to evaluate if it aligns with a data profile that should be discarded.
• Proxy service: Firewalls act as an intermediary between the client and the server, filtering traffic based on application-specific rules.
• Stateful inspection: Firewalls monitor the state of active connections and filter traffic based on the context of the connection.
• Application awareness and control: Firewalls can identify and control applications authorised to access the network, providing granular control over network traffic.
• Intrusion prevention system (IPS): Firewalls can detect and prevent network attacks by analysing network traffic and blocking malicious traffic.
• Deep packet inspection (DPI): Firewalls can inspect network packet content to identify and block malicious traffic.
• Cloud-delivered threat intelligence: Firewalls can receive updates from external threat intelligence networks to protect against a broad and ever-changing array of advanced threats.

Each employee device at your company has an interface—wired or wireless—that connects them to the network. Your company also has one or more connections to the internet. Without a firewall in place, all of those networked devices are vulnerable to a range of attacks via the internet and may be communicating with attackers sitting outside the network. To defend against attackers aiming to exploit security vulnerabilities, a company places a firewall at every internet connection. The firewall can implement security rules that dictate specific rules for the network and/or the internet.

The concept of a firewall was first introduced in the 1980s when the internet was in its early stages. Historically, the term “firewall” was used to describe a physical barrier built within a structure or between adjacent structures to prevent the spread of fire. Just as an architectural firewall aims to halt the progression of fire, a digital firewall is designed to stop unauthorised access and data flow, acting as a barrier between trusted and untrusted networks.

The first firewalls were simple packet filters that examined the information packets passing through the network and blocked those not meeting certain criteria. Routers were the firewall predecessors for network security in the late 1980s, which filtered packets crossing them.

The first paper on firewall technology was published in 1987 when engineers from Digital Equipment Corporation (DEC) developed filter systems known as “packet filter firewalls”. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture. In 1993, Check Point CEO Gil Shwed introduced the first stateful inspection firewall, FireWall-1.

Today’s Next Generation Firewalls support a wide range of functions and built-in cybersecurity capabilities. In addition to serving as the first line of defence against cyber-attacks, firewalls protect internal networks and private data by monitoring and controlling incoming and outgoing network traffic based on policies determined by a network administrator or user. Firewalls also log information about network traffic, which can help an administrator understand and prevent attacks.

There are many types of firewalls, including secure email gateways, sometimes called “email firewalls”.

Below, we highlight and define five key hardware firewall technologies worth knowing:

1. Packet Filtering: Small chunks of data called “packets” (analogous to an envelope in the mail) are analysed and compared to a set of criteria. Packets that check out across established filters are sent to the requesting system, and all others are discarded.
2. Proxy Firewall: Also known as the application or gateway firewall, a proxy firewall monitors information going in and out of the network. It serves as the middleman to protect network resources, filtering messages at the application level where users interact directly (think Google Chrome and Safari).
3. Stateful Multilayer Inspection (SMLI) Firewall: As the name implies, this firewall has set parameters for examining packets or chunks of data at individual layers of filtering. Each packet is analyzed and compared against known or familiar packets.
4. Circuit-level Gateway: Rather than inspecting individual packets, circuit-level gateways assess network protocol sessions, including TCP handshakes across the network between devices inside and outside the firewall, to determine whether the session is legitimate.
5. Next-Generation Firewall (NGFW): While traditional firewalls check the to and from addresses on an envelope and even how it was sent, NGFWs go a bit farther. This firewall opens the envelope and reads the contents, allowing for a deeper inspection of potential policy violations and malicious content. It also incorporates threat intelligence to provide more robust filtering and scanning.

Firewalls are now vital security tools that protect private networks and data by monitoring and controlling incoming and outgoing network traffic. They’re essential for several reasons and uses.

• Guarding Against Cyber Threats: Firewalls are a robust barrier against external cyber threats, preventing malicious entities and harmful traffic from infiltrating your devices or network. They are especially adept at barring malicious software that seeks access via the internet.
• Monitoring Network Activity: A fundamental aspect of firewall security lies in its ability to diligently oversee network traffic. With predefined criteria and filters, firewalls can discern and mitigate threats, ensuring the security of your systems.
• Stopping Virus Attacks: By regulating the access points of your systems, firewalls effectively counter and halt potential virus attacks. The ramifications of a virus breach can be severe, with consequences varying based on the virus’s nature and intent.
• Preventing Unauthorised Access: Firewalls are a vigilant safeguard for your data, communications, and other confidential information from hackers. Their presence either deters hackers altogether or redirects them to seek softer targets.
• Promoting Trust and Privacy: A firewall fosters a secure data environment, fortifying the walls of user privacy. Systems without this shield remain exposed, making it easier for malicious entities to compromise privacy.
• Regulating Access: Beyond defence, firewalls can regulate and restrict access to specific web domains and online services, ensuring usage remains within authorised limits.
• Improving Network Defence: Firewalls amplify the security layers of susceptible networks. With a competent firewall in position, unauthorised access to private networks becomes significantly challenging. This heightened defence is especially crucial in warding off deceptive phishing attempts.
• Identifying Malicious Activity: With an innate ability to recognise the digital fingerprints of hazardous users or software, firewalls can promptly raise the alarm upon detecting any potential intrusion. Such timely alerts empower cybersecurity teams to proactively address and neutralise threats, safeguarding both networks and devices.

Using a firewall in conjunction with other protective measures (e.g., antivirus software and safe computing practices) will strengthen your security posture against attacks.

NAT and VPN are two concepts that work with firewalls to provide enhanced security to networks and private data. While different, both NAT and VPN can work together to provide an added layer of security.

NAT (Network Address Translation) Firewall

NAT firewalls operate on a router to protect private networks. It only allows internet traffic to pass through if a device on the private network requests it. NAT rewrites the headers of data packets so they can be routed between networks correctly. NAT firewalls protect a network’s identity and do not expose internal network IP addresses to the internet. While they offer many advantages, they can also cause delays in switching, require more processing power, and affect online gaming and P2P file sharing

VPN (Virtual Private Network)

A VPN encrypts your traffic before it reaches the internet, making it indecipherable. It provides a means for conducting address translation on a network, otherwise known as VPN NAT. VPN NAT differs from traditional NAT because it translates addresses before the traffic is encrypted. Virtual Private Networks that leverage NAT firewalls grant users unique private IP addresses, which provides all the benefits of NAT firewalls to your VPN connection. NAT Firewall is an additional layer of security for your VPN connection, as it blocks unrequested inbound traffic when you’re connected to the VPN.

Next-generation firewalls (NGFWs) combine traditional firewall technology with other network device filtering functions to provide enhanced security to networks and private data. NGFWs address advanced security threats at the application level and provide much better and more robust security than traditional firewalls. They can filter packets based on application and behaviour, making fine-grained distinctions that are far more effective than generic methods used by traditional firewalls.

NGFWs can detect and block sophisticated attacks by enforcing security policies at the application, port, and protocol levels. They are typically implemented in hardware or software and can be used in bridged and routed modes. NGFWs are widely used in organisations of all sizes to protect their networks and private data from cyber threats.

Proofpoint is a leading cybersecurity company offering a range of solutions to protect against advanced network threats and compliance risks across all digital channels. The company helps protect against advanced email threats, including zero-day threats, ransomware, polymorphic malware, weaponized documents, and credential phishing attacks. Proofpoint does this through a range of cutting-edge solutions, including:

• Email Protection: Proofpoint Email Protection is an industry-leading email gateway that can be deployed as a cloud service or on-premises. It catches both known and unknown email threats, including malware, phishing, and business email compromise (BEC).
• Threat Intelligence Services: Proofpoint Threat Intelligence Services provides deep situational understanding of the threat landscape and your organisation’s position within it. These services enable your team to make better security decisions and avoid business disruption from advanced threats.
• Compliance and Cybersecurity Solutions: Proofpoint offers compliance and cybersecurity solutions for email, web, cloud, and more. The company’s solutions stop more than 99% of advanced threats and provide comprehensive visibility into your greatest risk—your people.

Proofpoint also supports organisations with highly skilled experts to co-manage your information protection products. For more information about firewalls and other critical business decisions regarding your company’s security strategy, contact Proofpoint.