A firewall is a hardware or software device that filters network traffic with the goal of improving security. It’s considered an essential part of network security and is placed between a trusted area, such as the internal network and an untrusted area like the internet. Keep in mind a firewall doesn’t need to be a dedicated device, for example many routers have basic firewall capabilities. Firewalls have been used for more than 30 years and as a result have improved drastically over that time period. As a result we now have different types of firewalls that use different methods to filter out malicious network traffic. This article highlights the different types of firewalls used in cybersecurity.
Packet Filtering Firewall
Packet filtering firewalls filter data by comparing the header information of a data packet to a set of predefined rules. These rules can be based on IP addresses, packet type, destination port number or any other aspect found in a data packet header. If the information in the data packet satisfies a certain rule then it is allowed to pass through otherwise it is blocked and discarded.
Packet-filtering firewalls can come in two forms: stateful and stateless. A stateless firewall will look at each data packet individually and won’t look at the context, making them easier for hackers to bypass. While a stateful firewall can remember information about previous data packets that passed through and will consider that when looking at new data packets. Stateful firewalls are considered much more secure.
For example say you’re on a zoom call with someone, for that connection to last data packets related to audio and video must be continuously sent between your two computers. A stateful firewall will remember that your computer has been receiving data packets as part of this zoom call when it evaluates a new data packet. While a stateless firewall will not take that into consideration that when it evaluates a new data packet.
Circuit-Level Gateway
A circuit-level gateway doesn’t examine data packet headers to filter traffic. Instead it looks for the initiation messages of network protocol sessions to determine whether the sessions are legitimate. Based on this determination it will allow traffic to pass through that is related to that session. In simple terms this type of firewall looks to see if a session has been initiated on the network and if it has, it will allow traffic in and out related to that session.
Application-level gateway/proxy firewall
This type of firewall serves as the proxy between two devices on a network. Much like a stateful packet filtering firewall it filters traffic based on data packet header information and are stateful, so they can remember previous packets when evaluating a new data packet. In addition to these features an application-level gateway can filter traffic based on layer 7 protocols like HTTP and use deep packet inspection. Deep packet inspection simply means that instead of just looking at the packet header, it looks at the contents of the data packet as well.
Stateful Inspection Firewall
Stateful inspection firewalls not only examine the contents of each data packet but they also examine whether each data packet is part of an established TCP or other network session. This combines the security features of the packet filtering firewall and the circuit level gateway. The downside of this firewall is that it significantly lowers network performance.
A more advanced version of this firewall is the stateful multilayer inspection firewall (SMLI). While a normal stateful inspection firewall only looks at the network layer, the SMLI firewall examines packets across multiple layers of the OSI model and only allow the packet to pass through if they clear each layer individually.
Network Address Translation (NAT) Firewalls
Network address translation allows you to use one public IP address for an entire computer network, keeping the individual IP addresses hidden. This way if an attacker tries to scan the network for IP addresses, he will only find the public IP address. All traffic to the network will be sent to the firewall (public IP), which will examine the data packets and pass them to the appropriate computer on the network if the packets are deemed to be safe.
Next-Generation Firewalls (NGFW)
These are the most advanced type of firewall. They include packet header inspection, deep packet inspection, stateful inspection and other types of network security systems like an IDS/IPS or antivirus. Packet inspection means looking at the header information of a data packet while deep packet inspection means looking at the actually data within the data packet, many NGFWs can even look at data for encrypted traffic.
Firewall Delivery Options
Hardware-Based Firewalls
A hardware-based firewall is a stand alone device that acts as a gateway between different devices on the same network and devices outside the network. Hardware based firewalls are usually network-based firewalls, meaning that they protect a network or a segment of a network. Since it’s not installed on a machine it doesn’t use any computing resources but it also can’t provide detailed control because it’s not able to interact with individual machines or applications. For example, it can’t allow traffic to specific applications on a machine and block it from others. It must allow all the traffic to the machine or completely block the traffic from going to the machine, there is no middle ground.
Software-Based Firewalls
A software-based firewall AKA host based firewall runs on a device and protects only that device. A software based firewall needs to be installed on each device requiring protection. Since it is installed on the computer it consumes some of the host device’s CPU and RAM. Also, since it’s locally installed it provides a finer level of control, allowing communication to some programs on the computer but not others.
Cloud Based Firewalls
Managed security service providers (MSSPs) can provide cloud-based firewalls (firewall as a service). These allow for you to outsource the maintenance and configuration of firewalls on your network and in third-party on-demand environments such as AWS/Azure.
Final Thoughts
Firewalls are an essential part of a good security program. Fortunately, with the development of technology over the years firewalls have gotten much smarter and provide better protection than they used too. Also, companies now have the option of outsourcing the management of firewalls to a service provider if they don’t have the in house expertise.