Categories
IT Security

Firewalls

What is a Firewall?

A firewall is a computer network security system that restricts internet traffic coming in, going out, or within a private network. This software functions by selectively blocking or permitting data packets. A firewall can be thought of as a gateway to your private network, with gatekeepers permitting or forbidding the travel of web activity. The term comes from the concept of physical walls presenting barriers that slow the spread of fire. In the case of network security, firewalls present barriers that slow the spread of web-based threats.

Firewalls function as the first line of defense in protecting networks from web-based threats by providing control over entry points, monitoring attempts to gain system access, blocking unwanted traffic, and preventing external threats from entering your environment. Firewalls are intended to secure the private networks and endpoint devices known as network hosts. Network hosts are devices that “talk” with other hosts on the network, sending and receiving between internal networks, and outbound and inbound between external networks. Firewalls may be configured to filter:

  • Sources. Where an attempted connection originates.
  • Destinations. Where an attempted connection intends to go.
  • Contents. What an attempted connection is attempting to send.
  • Packet protocols. What “language” an attempted connection is using to carry its message, such as TCP/IP, IMCP, or UDP.
  • Application protocols. Common application protocols include HTTP, Telnet, FTP, DNS, or SSH.

Popular traffic configuration use cases include:

  • Infiltration from malicious actors. Connections from sources that are behaving oddly can be blocked to prevent eavesdropping and advanced persistent threats (APTs).
  • Parental controls. Parents restricting access to explicit web content for children.
  • Workplace browsing restrictions. Employers preventing employees from using company networks to access unapproved services and content.
  • Nationally controlled content. National governments can block residents from accessing unapproved web content and services.

Firewalls are critical first-line defenses for your network, so it is important to ensure that they are maintained to limit vulnerabilities. Firewall vulnerabilities include:

Insufficient password strength. For the sake of convenience, some users select simple passwords or even leave the default factory set passwords intact. This leaves your account vulnerable to compromise. In the case of SQL servers, disruption to a single server could jeopardize the functionality of all connected devices.

Outdated firewall software. If software and firmware updates are not installed in a timely manner, your network may be vulnerable to newly discovered firewall vulnerabilities.

Activation of controls. Control tools such as anti-spoofing tools keep malware, spam, and other malicious traffic out of the network. If controls such as these are not turned on, your network is vulnerable to cyberattacks.

Insufficient documentation. Diligently maintaining written logs, application documentation, and rule decryptions help to prevent security lapses by ensuring that other employees can manage protocols in the event of staffing changes.

Insider threats. Zero trust architecture protects your network from insider threats by ensuring that access privileges are only granted to select employees.

Traditional firewall limitations. Evolving threats have led to the creation of next-generation firewalls (NGFW) that offer more threat-specific protection than traditional firewalls by combing traditional firewall features with network intrusion prevention systems.