Mumbai Webhosting Articles

What is firewall?

by

Ranchana Banik
in

A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predefined security rules. Its primary purpose is to create a barrier between a trusted internal network (such as your computer or organization’s private network) and untrusted external networks (such as the internet), preventing unauthorized access while allowing legitimate communication.

Key Functions of a Firewall:

  1. Traffic Filtering:
    • It examine data packets (small units of data) as they travel between networks and determine whether they should be allowed through based on a set of rules. These rules can be based on factors like IP addresses, port numbers, protocols, and more.
  2. Access Control:
    • Fire walls block or permit traffic to specific ports, applications, or IP addresses. For example, they can allow access to web servers (port 80 for HTTP, port 443 for HTTPS) while blocking other non-essential services.
  3. Network Segmentation:
    • It can create isolated sections of a network to limit access between different parts of a system, improving security by minimizing the spread of potential threats.
  4. Monitoring and Logging:
    • It can log traffic, allowing administrators to monitor network activity, detect suspicious behavior, and respond to security threats.
  5. Protection Against Cyber Threats:
    • It help block malicious traffic, such as hackers trying to exploit vulnerabilities, phishing attempts, or denial-of-service (DoS) attacks. Advanced fire walls also detect and prevent malware, viruses, and other forms of malicious software.

Types of Firewalls:

  1. Packet-Filtering :
    • This is the most basic type of fire wall. It inspects data packets and allows or blocks them based on the rules regarding source/destination IP addresses, ports, and protocols.
    • Example: Blocking all traffic to port 22 (SSH) from external sources.
  2. Stateful Inspection :
    • Also known as dynamic packet-filtering, these monitor active connections and make decisions based on the state of the connection (e.g., whether it’s a new connection or part of an existing one).
    • They maintain a table of active connections and make decisions based on the context of network activity, offering more robust security.
  3. Proxy:
    • A proxy firewall acts as an intermediary between users and the resources they want to access. Instead of allowing direct connections, It makes requests on behalf of the user, hiding the user’s identity and filtering traffic based on advanced rules.
  4. Next-Generation (NGFW):
    • NGFWs are more advanced and include features like deep packet inspection, intrusion prevention systems (IPS), and the ability to detect and prevent advanced threats such as malware.
    • These fire walls can look beyond basic traffic rules and inspect the actual content of traffic, blocking attacks that traditional might miss.
  5. Application-Layer:
    • These fire walls operate at the application layer of the OSI model and monitor traffic based on specific applications or services, such as web browsers or email servers, instead of just ports and protocols.
  6. Cloud Firewall:
    • A cloud firewall is deployed in the cloud, often as part of a cloud-based infrastructure. It’s also known as (FWaaS) and provides security for cloud-based systems.

How Fire walls Work:

  1. Rules and Policies:
    • It use rules and policies defined by network administrators to allow or block traffic. These rules are based on criteria such as:
      • Source and destination IP addresses.
      • Source and destination port numbers.
      • Protocols (e.g., TCP, UDP, ICMP).
      • Type of application (e.g., web browsing, email).
  2. Blocking or Allowing Traffic:
    • If a packet matches a rule that allows traffic, it passes through. If it matches a rule that denies traffic, the fire wall blocks it. If no rule is found, it may follow a default behavior (e.g., deny by default for security).

Firewall Deployment:

  1. Network-Level:
    • Deployed at the network edge, these fire walls protect the entire internal network by controlling traffic between internal and external networks. They are typically used by businesses and organizations.
  2. Host-Based:
    • These are installed directly on individual devices (like computers or servers) and provide protection for that specific machine. Windows Firewall and macOS Firewall are examples of host-based firewalls.
  3. Cloud-Based:
    • These fire walls protect cloud-based applications, services, or infrastructure, filtering traffic going into and out of cloud environments.

Importance of Firewalls:

  • Security: Firewalls are a critical component of any cybersecurity strategy, as they block unauthorized access and prevent malicious attacks from reaching the internal network.
  • Data Protection: Firewalls help prevent data breaches by blocking external threats and controlling access to sensitive internal resources.
  • Regulatory Compliance: Many industries require firewall protections to meet data protection standards (e.g., HIPAA, GDPR, PCI DSS).
  • Monitoring and Alerts: It can detect unusual traffic patterns or behavior, triggering alerts to warn administrators of potential issues.

In summary, firewalls play a crucial role in securing networks and devices by controlling incoming and outgoing traffic, providing a first line of defense against cyber threats.