Why there is a security guard at the gate? To make sure someone new or harmful not to enter in to premises. Same as the guard, we have a protective layer that doesn’t allow malicious network or viruses to enter to the system. That protective layer is termed as Firewall!!

Firewall: A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets (small units of data) based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers. Firewalls can be software, hardware, or cloud-based, with each type of firewall having its own unique pros and cons.

How does it work ?

Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices.

A very good example goes in this way….

Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people (source addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports), depending on if they’re the owner, a child, or a guest. The owner is allowed to any room (any port), while children and guests are allowed into a certain set of rooms (specific ports).

Types of firewalls

Packet Filtering Firewall: It the most “basic” and oldest type of firewall architecture, packet-filtering firewalls basically create a checkpoint at a traffic router (networking device that forwards data packets between computer networks) or switch (a device that receives incoming data packets and redirects them to their destination on a local area network (LAN) ). Packet-filtering firewalls are very fast because there is not much logic going behind the decisions they make.

Packet-filtering firewalls are divided into two categories: stateful and stateless. Stateless firewalls examine packets independently of one another and lack context, making them easy targets for hackers. In contrast, stateful firewalls remember information about previously passed packets and are considered much more secure. They do not do any internal inspection of the traffic. They also do not store any state information. This means they don’t have a huge impact on system performance and are relatively simple. However, they’re also relatively easy to bypass compared to firewalls with more robust inspection capabilities.

Next-generation firewalls (NGFW): It’s architectures include deep-packet inspection (checking the actual contents of the data packet), TCP (Transmission Control Protocol) handshake checks, and surface-level packet inspection. Next-generation firewalls may include other technologies as well, such as intrusion prevention systems (IPSs) that work to automatically stop attacks against your network. The issue is that there is no one definition of a next-generation firewall, so it’s important to verify what specific capabilities such firewalls have before investing in one.

Circuit-Level Gateways: They work by verifying the transmission control protocol (TCP) handshake. This TCP handshake check is designed to make sure that the session the packet is from is legitimate. While extremely resource-efficient, these firewalls do not check the packet itself. So, if a packet held malware, but had the right TCP handshake, it would pass right through.

Stateful multi layer inspection (SMLI) firewalls: They filter packets at the network, transport, and application layers, comparing them against known trusted packets. Also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Stateful inspection has largely replaced an older technology, static packet filtering. They track the operating state and characteristics of network connections traversing it.

Proxy Firewalls (Application-Level Gateways/Cloud Firewalls): Proxy firewalls operate at the application layer to filter incoming traffic between your network and the traffic source—hence, the name “application-level gateway.” The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP (Hyper Text Transfer Protocol) and FTP (File Transfer Protocol), and use both stateful and deep packet inspection to detect malicious traffic.

Network address translation (NAT) firewalls: These allow multiple devices with independent network addresses to connect to the internet using a single IP address, keeping individual IP addresses hidden. As a result, attackers scanning a network for IP addresses can’t capture specific details, providing greater security against attacks. NAT firewalls are similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.

These are some types of firewalls. Here are some references for use:

• Firewall defined.
• Firewall and their architectures.
• More about layers of network – OSI (Open Systems Interconnection) model.
• Transfer Protocols.

If interested more about networking, you can refer to the last two links. Those are the fundamentals. Knowledge is vast if we keep learning. More concepts are to come. Till then, keep learning. Have a happy and healthy learning.

Stay Home Stay Safe!!