0

Firewall Definition

KZero Staff
Jul 27, 2023

What is a Firewall?

A firewall is a network security solution designed to limit the traffic entering or leaving a network or computer. A firewall inspects network traffic and determines whether it should be permitted to enter or leave the protected area based on predefined rules.

Firewalls are the foundation of a network security architecture. By limiting what traffic can enter or leave a network, a firewall reduces an attacker’s ability to identify and exploit vulnerable systems.

Types of Firewalls

Firewalls come in a few different varieties. Some of the most common types of firewalls include:

  • Packet Filtering: Packet filtering firewalls determine whether a packet should be let through based on the individual packet’s header. This type of firewall stores no state information and doesn’t look at the content of the packet.
  • Stateful Inspection Firewall: Stateful firewalls track a network connection through its lifetime. Packets are evaluated based on their header information and based on contextual information about the overall session.
  • Proxy Firewall: Proxy firewalls are used as an intermediary between a client and a server. Traffic is sent to the proxy, which forwards it to the other party.
  • Application-Layer Firewall: Application-level firewalls have the ability to inspect the content of a network packet and use that information in making decisions. These firewalls can understand various types of application traffic and make more precise access control decisions.
  • Next-Generation Firewall (NGFW): NGFWs integrate additional network security capabilities — such as an intrusion detection/prevention system (IDPS), antivirus, etc. — with traditional firewall functions. These firewalls can identify and block more sophisticated and subtle attacks that other firewalls would miss.

How Firewalls Work

Firewalls use a multi-stage process to manage network traffic, including the following steps:

  • Rule-Based Management: Firewalls work based on predefined rules. Network security administrators define firewall rulesets specifying the types of traffic that should be permitted or blocked.
  • Traffic Inspection: Firewalls are deployed on the network boundary that they are intended to protect. They inspect network traffic passing through the boundary and search for a matching firewall rule.
  • Action: Firewall rules will have associated actions, such as allowing, denying, and logging the traffic. This action determines what the firewall should do with traffic matching the rule and whether it should be permitted to continue through.

Benefits of Firewalls

Firewalls are a vital component of a network security strategy. Some benefits of firewalls include the following:

  • Access Management: Firewalls manage access to an organization’s network. By blocking unapproved types of traffic, the firewall reduces an organization’s attack surface.
  • Traffic Management: Managing network traffic can also have other benefits for an organization. For example, blocking unnecessary network traffic reduces the consumption of network bandwidth.
  • Data Protection: Firewalls also can block outbound network traffic. This helps to prevent attempted data exfiltration.

Conclusion

Firewalls manage access to a network or a computer. The administrator predefines rules that define the types of network traffic that are permitted or blocked from entering or leaving the network, and firewalls apply these rules. More advanced firewalls, such as NGFWs, can also inspect packet payloads for malicious content.

KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Share the page: