Most of us know what it takes to gain access to an office building as a guest. Typically, you approach the front desk to prove your identity and get authorisation to enter.
Just as a desk attendant is the gatekeeper to an office, a firewall is the gatekeeper to a digital network. A firewall is a program or hardware device that analyses incoming and outgoing network traffic and, based on predetermined rules, creates a barrier to block viruses and attackers. If any incoming information is flagged by filters, it’s blocked. Often, firewalls can also flag suspicious traffic leaving a network, alerting IT staff to a possible compromise.
Firewalls are your first line of security defence. Here’s an introduction to how they work.
How Firewalls Work
Each employee device at your company has an interface—wired or wireless—that connects them to the network. Your company will also have one or more connections to the Internet. Without a firewall in place, all of those networked devices are vulnerable to a range of attacks via the Internet and may be communicating with attackers sitting outside the network. To defend against attackers aiming to exploit security vulnerabilities, a company places a firewall at every connection to the Internet. The firewall can implement security rules that dictate specific rules for the network and/or the Internet.
5 Key Types of Hardware Firewalls
There are many types of firewalls, including secure email gateways which are sometimes referred to as “email firewalls”.
Below, we highlight and define five key hardware firewall technologies worth knowing:
- Packet Filtering: Small chunks of data called packets (analogous to an envelope in the mail) are analysed and compared to a set of criteria. Packets that check out across established filters are sent to the requesting system and all others are discarded.
- Proxy Firewall: Also known as the application or gateway firewall, a proxy firewall monitors information going in and out of the network. It serves as the middleman to protect network resources, filtering messages at the application level where users interact directly (think Google Chrome and Safari).
- Stateful Multilayer Inspection (SMLI) Firewall: As the name implies, this firewall has parameters set for examining packets, or chunks of data at individual layers of filtering. Each packet is analysed and compared against known or familiar packets.
- Circuit-level Gateway: Rather than inspecting individual packets, circuit-level gateways assess network protocol sessions including TCP handshakes across the network between devices inside and outside the firewall to determine whether the session is legitimate.
- Next-Generation Firewall (NGFW): While traditional firewalls would check the to and from addresses on an envelope and even how it was sent, NGFWs goes a bit farther. This firewall opens the envelope and reads the contents, allowing for a much deeper inspection of potential policy violations and malicious content. This firewall also incorporates threat intelligence to provide more robust filtering and scanning.
Ultimately, the type of firewall(s) you choose is dependent on your unique use case. There are a variety of configurations and network hardware and software that serve a company’s needs. But one thing that is constant: your firewall (in whatever form it takes) is an essential element to a layered defence strategy and is worthy of both careful planning and reasonable investments to protect your network, the devices it supports, and the data it holds.