The term ‘firewall’ was applied to the network technology in the 1980s, when the Internet was fairly new in terms of its connectivity and worldwide use.
Before firewalls, ACLs (short for access control lists) were used for network security purposes. They reside on routers and determine whether network access should be granted to denied to specific IP addresses.
But since ACLs are unable to analyze the nature of blocked packets and they are not powerful enough to keep threats out of the network, the Firewall was developed.
Below, we have explained the generation and types of firewalls, how do they work, and what are the benefits of using firewalls. Let’s start with a basic question.
What Is A Firewall?
Definition: A firewall is a network security system designed to prevent unauthorized access to or from a private network. In other words, it prevents unauthorized internet users from accessing private networks connected to the internet, especially intranets.
A firewall is not necessarily a standalone device, but servers or routers integrated with special software to provide security features. One can implant a firewall in either software or hardware form, or a combination of both.
Image credit: Apomatix
The implementation must be done in such a way that all incoming/outgoing packets to/from the local network (Intranet) pass through the firewall.
How Does A Firewall Work?
Firewalls analyze each block of data packets entering or leaving the Intranet or the host computer. Based on a defined set of security rules, a firewall can perform three actions:
- Accept: allow the transmission of data packets.
- Drop: block data packets with no reply.
- Reject: Block data packets and send “unreachable error” to the source.
Let me explain this via an example of a mid-size company with one thousand employees. Suppose this is an IT company with hundreds of computers that are all connected through network cards.
The company will need at least one connection to link these computers with the outer network (Internet). Let’s say the X1 line connects the internal network (Intranet) to the Internet.
In this case, the company must implement a firewall on X1 line (and/or on each computer on the Intranet). Without a strong firewall in place, all those computers will become vulnerable to external threats.
If any employee makes a mistake and leaves a security hole, attackers (on the internet) can exploit this hole to probe internal computers and establish a connection.
However, with a firewall in place, they can keep dangerous traffic out. The company can establish security policies; for example, if they choose not to allow FTP connections, then the firewall will block all public FTP traffic from and to the external network.
Different Types of Firewalls
Firewalls can be categorized into two groups: host-based firewalls and network firewalls. While both play a major role in data security, each has advantages and disadvantages.
- Host-Based Firewalls are placed directly on the computer to control data packets coming in and out of the machine. It could be a service or a program running in the background process as a part of agent applications or the operating system.
- Network-based Firewalls are placed on LANs, WANs, and Intranets. They filter traffic between two or more networks. They could be hardware-based computer appliances or software programs running on general-purpose hardware.
There are various types of firewalls that provide different levels of protection to networks and host computers. We have explained the most common ones:
1. Packet Filters
Packet filters are the first-generation firewalls. They analyze data packets transmitted between computers. If any packet doesn’t fulfill the filtering criteria, the firewall either rejects or drops the packet.
Since it operates at a lower level of the TCP/IP (a set of communication protocols used in the Internet), it is also called the Network layer firewall.
Packet filters are used in many versions of Unix, OpenBSD, Linux, and Mac OS X. For example, ipfirewall is used in FreeBSD, iptables in Linux, NPF in NetBSD, and PF in Mac OS X (>10.4).
2. Stateful Filters
Stateful filters are second-generation firewalls developed in the late 1980s. They track the operating state as well as the characteristics of network connections traversing it.
More specifically, the stateful filters track IP addresses and ports involved in the connection, as well as the sequence numbers of the packets traversing the connection. This allows them to examine particular conversations between two endpoints.
These firewalls are, however, vulnerable to DoS attacks, which involve flooding the targeted machine with superfluous requests in an attempt to overload the host computer and prevent legitimate requests from being fulfilled.
3. Application Firewalls
Applications firewalls are the third generation firewalls that can understand certain applications and protocols, such as HTTP, DNS, and FTP. It acts as an enhancement to the standard firewall by providing services up to the application layer (the top layer of the OSI model).
It works by analyzing the process ID of data packets against predefined rules of data transmission for the local network or host computer. The firewall hooks into socket calls to filter connections between application layers and lower layers in the OSI model.
Some services performed by application firewalls include data handling, execution of applications, blocking malicious programs from being executed, and more. Modern application firewalls are also capable of offloading encryption from servers, consolidating authentication, and blocking content that violates policies.
4. Next-generation Firewalls
A Next-generation firewall is an advanced part of the application firewall that combines a traditional firewall with other network device filtering functions. Its goal is to incorporate more layers of the OSI model and improve network traffic filtering based on packet contents.
In simple terms, next-generation firewalls include several additional features, such as integrated intrusion prevention, cloud-delivered threat intelligence, and application awareness and control.
They use a more thorough inspection style, analyzing packet payloads and matching signatures for malware, exploitable attacks, and other harmful activities.
A proxy server can also act as a firewall by hiding the user’s IP address and transmitting the data forward. It is mostly used to make requests from users and machines on the local network anonymous.
Unlike traditional firewalls, proxy firewalls filter network traffic at the application level. They monitor traffic for layer-7 protocols, such as FTP and HTTP, and use both stateful and deep packet inspection to analyze malicious traffic.
In addition to security, modern proxies also provide better performance (by caching frequency requested resources) and error correction facility (by automatically repairing errors in the proxied content).
6. Network Address Translation
As firewalls were becoming more popular, another issue was rising: the number of available IPv4 addresses was decreasing with a threat of exhaustion. Researchers developed various mechanisms to deal with this problem. One of those mechanisms was Network Address Translation (NAT).
In NAT, an IP address space is remapped into another by altering the network address information in the IP header of packets while they are in transit across a traffic routing device. It allows the same sets of IP addresses to be reused in various parts of the Internet.
NAT supports all basic protocols (such as e-mail and web browsing) that are required by billions of client systems accessing the Internet everyday. It has become popular because it minimizes the need for globally routable Internet addresses with little configuration.
Always-on broadband connections are the entry point for attackers who want to get to your network/computer. Firewall policies, along with an antivirus tool, strengthen the security of your device.
They detect viruses, Trojans, worms, and spyware, and keep hackers away from your devices. They also reduce the risk of keyloggers monitoring you.
In addition to blocking harmful traffic, firewall appliances provide several useful functionalities to the internet network. For example, they can act as a DHCP or VPN server for your network.
With advanced technology, firewalls are becoming more sophisticated. In the near future, they will focus on higher-level information to become situationally aware. Artificial intelligence will enable firewalls to take on attackers more proactively without disrupting machine communication.