What is a Firewall?

Firewalls are security perimeter devices that monitor all traffic entering and exiting the network. Based on security rules assigned to the firewall, these devices determine if traffic is safe, allowing it to pass through, or dangerous, and must be blocked. A firewall acts like a physical barrier or wall preventing malicious network packets, such as malware and external cyber-hacking attempts, from breaching internal networks.

Intrusion detection systems, routers, proxy servers, VPNs and antivirus solutions do not constitute firewalls, but firewall architectures are often incorporated into other security solutions.

firewall diagram

Illustration of a State Exhaustion Attack

What is stateful packet filtering?

Stateful packet filtering, also known as stateful packet inspection, monitors all active network connections, checking to ensure they are valid. This form of filtering analyzes the application layer of network packets to determine if they should be allowed through the firewall. Network administrators can set specific parameters for what packets are authorized to pass through to the network.

By recording session information, such as port numbers or IP addresses, this form of dynamic, stateful filtering offers a more robust form of network security.

What are firewall port/protocol rules?

Firewall port/protocol rules are used to block or allow network packets to pass through the firewall. This process starts by examining control information contained within each individual packet. The rules then determine if the packet can be safely allowed through to the network.

Firewall rules are assigned specifically to computers, or can be applied in the form of policies that are assigned to a collection of computers. A firewall can use an IP address, MAC address, or a port to establish the source of traffic and its destination.

What are the most common types of firewall?

Firewalls can be physical hardware situated between the gateway and network. Firewalls can also take the form of software that is placed at an endpoint, such as a computer or mobile device. Cloud-based firewalls, also known as firewall-as-a-service (FaaS), function much like other internet-based SaaS solutions, monitoring packets in the cloud.

The most common firewall functionality includes:

  • Next-generation firewalls – In response to an everchanging threat landscape, next-generation firewalls extend traditional firewall features, adding security functions, such as intrusion prevention, anti-malware, VPN, and encrypted traffic inspection. These firewalls offer significant application control and visibility.
  • Packet-filtering firewalls – These firewalls execute a basic examination of all data packets arriving from the network router and look at the source and destination IP address, port number, protocol, and other surface-level data.
  • Proxy firewalls – Also known as an application-level firewall, this type of firewall filters network traffic at the application layer. Such firewalls are most often used in the cloud or with another proxy device.
  • Web application firewalls – These firewalls filter, monitor, and block data packets traversing websites or web applications. They are often used in the form of a server plugin, cloud service, or network appliance.
  • Network address translation firewalls – These firewalls assign a public address to a group of devices inside a private network. Because individual IP addresses are not visible, attackers searching for IP addresses on a network are unable to capture this sensitive information.

Can a firewall stop a DDoS attack?

With the shift to work-from-home, distributed denial of service (DDoS) attacks are increasingly focused on preventing remote worker access to corporate networks and resources. Because firewalls are in fact part of the DDoS attack surface, they are not able to stop all attacks.

Firewalls can provide some DDoS protection. VPN end-points can be defended by routing traffic through existing defenses, or by leveraging new capabilities. Solutions, such as a stateless, inline security appliance deployed in front of the VPN gateway/firewall, can automatically detect and mitigate DDoS attacks designed to take down VPN gateways/firewalls.