How Does A Firewall Work?

Three pieces of software make the backbone of a decent security setup on your home PC: the antivirus, the firewall, and the password manager.

Of these, the firewall is often the least well-remembered despite its importance. The fade of the firewall from public view is because Windows, macOS, and almost all other major operating systems have a built-in firewall, so there’s less need to search for a third-party option. Curious minds may wonder how they work, however, so let’s take a look at how a firewall works.


What Is a Firewall?

A firewall is a network security system in computing that monitors and filters the incoming and outgoing network traffic. A firewall is also responsible for blocking or permitting certain data packets into your network. Like a wall, a firewall is a barrier between your network and external sources.

Just like an antivirus, a firewall increases the security of a system. However, a firewall is very different from an antivirus. An antivirus scans already existing files for viruses while a firewall prevents the virus from entering the system in the first place.

The Beginnings Of The Firewall

The term “firewall” starts with actual walls built to prevent fire. These are still common today in buildings that deal with hazardous materials. If there is a blast or a fire, the firewall prevents the blaze from exiting the hazardous area and feeding on the rest of the structure.

The term was adopted in the late 1980s as a way of describing any piece of software or hardware that protects a system or network from the internet at large. Malware like the Morris Worm, the first-ever computer worm, illustrated how software could exploit internet connectivity and seriously damage randomly targeted systems.

As a result, security-savvy individuals and organizations started to look into ways to protect themselves from such malware. And it’s not like malware like worms and trojans have gone away. Indeed, the global WannaCry ransom-worm attack is a perfect example of how modern threat actors utilize older tech.

How Does a Firewall Work?

As we have established before, a firewall monitors the traffic that enters your computer’s network. They protect your computer by acting as a wall between your network and the internet. Firewalls check the sources of data packets and filter harmful ad authorized network traffic. They also carry out deep packet inspections to detect malicious traffic that might try to evade the firewall.

What Are the Types of Firewalls?

There are five types of firewalls, depending on the mode of operation and their features. They include packet filters, circuit gateways, application-level gateways, stateful inspection firewalls, and next-generation firewalls.

1. Packet Filters

Early firewalls only read packet header data, like source address and destination address. An action could then be taken based on the information obtained. This is efficient and quick but can be vulnerable in some ways.

Spoofing attacks, for example, can be very effective against a packet filter. Advanced versions of packet filter firewalls keep data about packets in memory and can change their behavior based on network events. These are known as “stateful” and “dynamic” firewalls, respectively.

2. Circuit Gateways

Circuit Gateways don’t just deal with packet header data. They also attempt to make sure that a connection relaying packets is valid. To do this, the circuit gateway pays attention to packet data and looks for changes, such as an unusual source IP address or destination port. If a connection is determined invalid, it can be closed. These firewalls also automatically reject information not specifically requested by a user inside the firewall.

3. Application-Level Gateways (ALG)

These firewalls share the properties of circuit gateways. Still, they delve deeper into the information sent through the firewall and see how it relates to specific applications, services, and websites. For example, an application-level gateway can look into packets carrying web traffic and determine what sites the traffic is from. The firewall can then block data from certain sites if the administrator desires.

4. Stateful Inspection Firewalls

A stateful inspection firewall monitors the state of an active network connection and traffic over a specific network. It also analyzes incoming data packets, their sources, IP addresses, and ports for cyber threats and risks

5. Next-Generation firewalls (NGFW)

The latest type of firewalls, next-generation firewalls, combine all the features of the previous firewalls to create an all-encompassing firewall that monitors all network traffic and protects against internal and external attacks.

Software Firewalls vs. Hardware Firewalls vs. Cloud-Based Firewalls

Firewalls can also be categorized according to their structures. A software firewall works differently from a cloud-based firewall, for instance.

Software Firewalls

If you have a firewall installed on your computer, it is a software firewall—and most likely an application-level firewall. It will be able to control how individual applications access the internet and block specific or unknown applications the moment they try to accept or send out information.

Your personal firewall is also a software firewall. This means its functions are controlled by code installed on your computer. The advantage of this is obvious—you can easily change the firewall’s settings whenever you would like, and you can access its interface without logging into any separate piece of equipment.

However, a software firewall can be vulnerable because it can be manipulated if the system it is installed on is compromised. For example, if your computer was somehow infected with malware despite your firewall and other security measures, that malware might be programmed to circumvent the firewall or change its settings. For this reason, software firewalls are never entirely secure.

Hardware Firewalls

To address this vulnerability, large organizations usually use hardware firewalls in addition to software firewalls. These firewalls are used by organizations with their own networking department and comprise heavy equipment capable of sniffing out network instruction attempts on its own. Often, they’re sold as part of a larger security ecosystem by companies that specialize in enterprise-level security solutions, like Cisco.

Hardware firewalls typically aren’t practical for a home user. But the alternative may already sit in your home. For one, every broadband router acts as a firewall due to its nature. A router acts as a go-between for your computers on the internet. Connections sent to your computers from the internet are not sent directly to them—they’re sent to the router first. It then decides where that information needs to go, if anywhere. If the router decides the information wasn’t requested, or the information is sent to a port the router doesn’t have open at all, it’s dropped.

This is why you sometimes have to set up port forwarding in your router to get certain games to function. The router is ignoring the packets coming in from the game’s servers. This isn’t a true firewall, however, because there’s no inspection of packets. Instead, it’s simply a side effect of the way a router functions.

If you want a real hardware firewall, you can buy one at affordable prices. Cisco and Netgear produce small business routers, which are small devices with built-in firewall functionality designed to connect just a handful of computers to the internet. Such a device usually uses a packet filtering or circuit gateway method, so it can’t be easily circumvented by malware on a network PC.

In addition, a basic hardware firewall is useful if you run a server because it can monitor for denial-of-service attacks and intrusion attempts. Don’t expect your $199 firewall to hold off Anonymous, but it could come in handy if SuCkAz555 is sore after you banned him from your Minecraft server.

Cloud-based Firewalls

A recent addition to the types of firewalls available to consumers are cloud-based firewalls. Like software firewalls, cloud-based firewalls eliminate need the need for hardware equipment. They are also highly adaptive and easy to configure. Cloud firewalls run a firewall-as-a-service feature that allows you to move your firewall security fully or partially to the cloud.

Secure Your Computer With a Firewall

Software firewalls remain an important part of securing your home computer. Windows has had a built-in firewall since XP if you’d just like to use that, and all major operating systems come with some form of integrated firewall. There are many other firewall options you can use to boost your security, but most of the time, and for most users, the integrated firewall will work just fine.

If you are behind a router and have a software firewall, you’re reasonably well protected. The main way you would become compromised is if you downloaded malware that circumvents your system, including your firewall.

Read the full article here

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button