A firewall is a device that monitors incoming and outgoing requests and permits or blocks them based on the security rules.
Let’s learn in detail…
Welcome to another article by techitcs, today I will explain what is a firewall. I hope you read my article about networks, how they communicate with each other, if not then just go check it out.
A firewall is another network security device, yes it comes into play when your device is connected to the network. There are a lot of devices that we use in a network and firewall is one of them. A firewall is placed to secure ourselves from hackers or any malicious code that is coming from outside of our network. The firewall also helps us to secure our data so that it can’t be sent to some unknown person who has no permission for accessing the data. A firewall acts as a filter and filters out the data packets that are being sent or received in a network.
A firewall acts as a barrier between your organization traffic and incoming traffic from external sources like the internet.
How does a firewall work?
Assume Firewall as a security guard sitting outside your office and you tell him who is allowed and who is not allowed to enter the office. So here security guard is a firewall, the office is your network, and the person who is setting rules is the user. So the security guard or firewall analyzing the traffic that is coming from outside of the firewall and based on the rules that are set by the admin it allows and blocks different requests.
All the communication between computers happens over different ports. Ports are the entry point of exchanging information with the external device. These entry points are guarded by a firewall from unsecured sources to prevent different types of attacks that can cause serious damage to an organization’s data. For example. Source address 192.168.0.1 is allowed to reach destination 192.168.0.4 over port 22.
Now let’s take the bank example again.
Now assume different banks as IP address and different rooms in those banks as port numbers.
For different types of services, there are different ports. Only trusted people are allowed to enter the bank. And further, those people are filtered out who can access which room based on their role like service department, account department and other.
Which IP address ( source ) is allowed to access another IP address ( Destination ) and over which port. For different services, there are different ports that are needed to be opened for successful communication between networks.
Types Of Firewalls
We have two types of firewall it may be a software or hardware. A software firewall is a program that is there in a computer written in some programming language. This program is by default there in your computer.
This program filters out all the communication with the different IP’s and over different ports. While the physical firewall or a hardware firewall is an equipment that is installed between your network and gateway.
The most common firewall is a packet filtering firewall. It examines the data packet and prohibits them if they don’t have the permission that is mentioned in the security rules set. A packet-filtering firewall checks the source and destination IP addresses of the packets. If packet matches with the allowed rules then it is passed otherwise it is prohibited.
Packet filtering firewalls are the most basic one they provide very basic protection. For example. A packet-filtering firewall can only determine whether the request is allowed to go or not. It can’t determine the result that can be caused by that request. What if a malicious request is sent through a trusted source address and the request is about the deletion of the database. A packet-filtering firewall easily passes these types of requests but newly developed firewalls like Next-generation firewall and proxy firewall are equipped with more feature and can detect such types of request that can cause serious harm to an organization.
Next-Generation Firewalls (NGFW)
These types of firewalls include more features as compared to a packet filtering firewalls. They equipped with all the features of a packet filtering firewall and some extra features that make it a superset of packet filtering firewalls. It has the functionalities such as encrypted traffic inspection, intrusion prevention system, anti-virus and much more. The best part about these types of firewall is that it includes deep packet inspection (DPI). Basic firewalls like packet filtering firewall only look at the packet headers while the next-generation firewall DPI feature examines the data that is there within the packet. It enables the user to identify and stop malicious data.
These types of firewalls filter network traffic at the application layer. A proxy acts as a middle man between two end systems. The client sends a request to the firewall where it is evaluated based on the set of rules and then permitted or blocked. Proxy firewalls monitor the layer 7 protocols traffic like HTTP and FTP. Proxy firewalls also use deep packet inspection(DPI).
Network Address Translation ( NAT ) Firewalls
Using NAT firewalls we can hide the independents IPs of the users who are connected to the internet and show the only single IP address. Through this method, companies provide more security to individuals. And it makes it difficult for a person or a hacker to capture independent addresses. NAT firewalls and proxy firewalls are similar to each other. Proxy firewalls also act as an intermediary between a computer and outside network.
Stateful Multilayer Inspection (SMLI) Firewalls
These firewalls work at the network transport and application layers. SMLI firewalls also examins the entire packet and not only headers like packet filtering firewalls. Like NGFW stateful multilayer inspection firewalls also allow a packet after examining the entire packet and additionally it checks if it is allowed to pass from each layer individually.
These firewalls have the feature of determining the state of communication by examining the packets to ensure that all communication is taking place with the trusted sources.