This is where a firewall, being the sole point of defence between the external and internal network, comes into the picture. Even though firewalls have been around for nearly three decades, it is just recently that they’ve dramatically evolved to cater to the demands of the internet.
Diminishing boundaries between the physical and virtual worlds in the past decade, expedited by the latest technological advancements, has transformed the way we humans function in unprecedented ways. In 2020, India’s internet population has reached around 700 million users and is projected to reach a billion within the next 10 years.
With such a massive market yet to be tapped into, many large thriving businesses are trying to penetrate into the Indian markets and gain a monopoly while the barrier to entry is still low. While some are trying to make the internet more accessible or phones much cheaper, others are trying to build software or take their businesses online to leverage the opportunity provided by the internet.
However, these technological advancements, when provided to the ones who do not understand how easily this boon can turn into a bane, can have some serious ramifications. When someone connects their private network to the internet, not only do they provide the users in the network access to the Internet services, but also the outsiders the means to access the network’s private information.
What is a Firewall?
According to Cisco, ‘A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.’ It can either be implemented as a software, as hardware or as a combination of both or can even be hosted on the cloud.
Contrary to what its name might suggest, a firewall is not a wall that is on fire, but one that stands strong to protect the integrity, confidentiality and availability of the information in the network segment. Thus, a firewall analysis all the traffic that passes through it and filters out the ones which seem dangerous based on a certain set of predefined rules. Analogically, a firewall can be compared to a security guard of a society who analyses all the people who want to enter the society and bars those who seem like a potential threat.
Based on the nature off the incoming traffic, a firewall either accepts the traffic, rejects it or drops it. By default, firewalls follow an “implicit deny” rule, wherein they deny all the requests against which the predefined rule doesn’t exist. Hence, configuring a firewall is a complicated task since a traffic stringency balance has to be maintained. If a firewall is very stringent with what it allows, it might lead to inaccessibility of useful resources. On the other hand, if the firewall is not very stringent, it might allow potentially dangerous traffic to flow.
Thus, a firewall extends many functionalities to the underlying network. It limits the points of entry into a network, controls the traffic flowing through it and maintains the privacy of the internal network. Due to the complexity and variety of use cases, a plethora of firewalls exist. One should assess their requirements before finalising upon which firewall would best suit their needs. But before diving deeper into the different types, let’s first understand what the components of a firewall are and how does it work.
Components of a Firewall
Although a complex firewall can have more than 10 different components, the four primary components of each firewall are:
- Network Policy: This component influences the design, installation and use of a firewall. It has two levels: while a higher-level policy defines what services would be accepted or rejected, how they would be used and if there would be any exception, the lower level policy defines how the policy would actually restrict the access and filter the services as defined in the higher-level policy.
- Advanced Authentication Mechanism: This component includes advanced mechanisms like biometrics or smart cards, which are used to monitor a connection instead of passwords which are weaker and easier to identify.
- Packet Filtering: This component is perhaps the most important since it is here that the rules for filtering packets in the network traffic are defined. Common fields which the filtering protocol assesses to decide whether to accept, reject or drop the traffic are source IP address, destination IP address, TCP/UDP source port and TCP/UDC destination port.
- Application Gateways: This component strengthens the firewall by extending the capability of firewalls to restrict traffic to the application layer. This is essentially useful for more complex software applications like TELNET and FTP.
Some Popular Types of Firewalls
A firewall can be implemented as software, hardware or as a combination of both. Software firewalls are installed in a computer, operating system or any other networking device and provides a smaller level of control over the functions and features. On the other hand, hardware firewalls are used for more complex systems. They are either released as a standalone product or as a component of a router or any other type of networking device. There are various types of firewalls in the market but the most popular ones used in the industry are:
- Stateful / State Inspection Firewall: This type of firewall is most widely used and makes use of the packet filtering component primarily to define the protocols which decide upon the type of network to accept or reject. It only keeps a track of only the connection and not the individual data packet. Initially, the connection is inspected but after the connection is trusted, the information about the connection is stored in the memory and the firewall allows subsequent traffic to pass through the firewall without any further inspection. Thus by forgoing the individual data packet, the filtering process is expedited. To do so, it analyses certain characteristics of the traffic like its protocol, state or the port.
- Proxy Firewall: This type of firewall has a very stringent mechanism since unlike other firewalls, the proxy acts as an intermediary between the external and the internal network, thereby preventing any sort of direct contact between the two, thereby making the network very robust. The host devices connect to the proxy, which in turn makes a connection with the source of the data. In return, the source of the data creates a separate connection to the proxy, which makes a separate connection to the host device. Doing so helps protect the recipient’s device and network by exposing only limited information to the outer network. However, these stringent mechanisms make the detection process slow and difficult since it might also flag a legitimate network as a potential threat.
- Web Application Firewall: This type of firewall protects web applications and internet services from attacks primarily targeted to web applications, like cross-site scripting, SQL injection, etc. With the exponential increase in web applications, there is a dire need of such advanced firewalls. These do not follow the guidelines of the traditional firewalls and can be either hosted on the cloud or baked into applications which determine the authenticity of the clients before allowing for the movement of the traffic.
- Next-Generation Firewall: This type of firewall perhaps is the most advanced since it evolves continuously to incorporate the innovative threats. It does so by combining the features of a traditional firewall with another advanced computing concept. Since these firewalls are most up-to-date and provide a holistic solution to the ever demanding security problems, they can examine and identify threats at a more granular level. Thus, these are the preferred choice of bigger businesses and other sophisticated networks.
To encapsulate, a firewall is a security mechanism which filters unauthorised traffic from passing through itself. There are a variety of firewalls and one should research about their own requirements before finalising upon which type of firewall to go ahead with.
However, even though a firewall is a quintessential security mechanism, it is just a small part of the security solution and is not enough to safeguard a network from potential threats by itself. For instance, while a firewall ensures the network is from a legitimate source but it can’t ensure the integrity of the message, which will have to be achieved by encryption techniques.
Other shortcomings of the current firewalls are that it doesn’t provide intrusion prevention capabilities, deep packet inspection, SSL/TLS termination or Sandboxing. Hence, a firewall, while an essential part of the network security, should always be supplemented with other advanced security techniques to ensure the robustness of the networks.
We hope that this article helped you level up your knowledge of Firewalls. Check out Data Theft: An Underestimated Threat to know more about the spike of data theft.