Network Firewall Solutions: Everything You Need To Know (FAQs)
What Are Network Firewalls?
Network firewalls are security tools that are designed to prevent malicious actors and dangerous content from accessing your network. They are a means of strengthening your perimeter, allowing you to block, in bulk, any unknown or dangerous elements that try to get into your network.
Historically, firewalls were hardware devices that all network traffic would have had to pass through. While on-premises, hardware firewalls are still available, they can also be deployed as software tools too.
Today’s firewalls are dynamic and proactive pieces of kit. They use features like sandboxing and zero trust access to keep your network safe all of the time, even when encountering new and unknown threats. Malicious actors are constantly looking for new ways to breach your defenses, sandboxing gives you the chance to understand how code will behave before allowing it onto your systems, while zero-trust access embeds a cautious and skeptical approach, decreasing the chances of letting anything slip through the net.
How Do Network Firewalls Work?
Firewalls act as a secure outer perimeter, monitoring what is able to access your network and what is not, based on pre-set and customizable rules defined by you. Firewalls use a range of in-built technologies to identify threats, however nuanced and well disguised they are. The four main ways that firewalls assess the content entering your network include:
- Proxy Service – this filters messaging and traffic at the application layer
- Packet Filtering – this assesses a small amount of data (a packet), allowing it to judge if the content should be allowed access
- Stateful Inspection – this monitors active connections to make its assessment
- Next Generation Firewalls (NGFW) – this uses deep packet inspection as well as application-level assessment; many of the products listed in this article are classed as NGFW
However, firewalls don’t just filter content – the combination of traffic filtering with other threat protection capabilities is what makes them such a robust line of defense. Some other common firewall capabilities include:
- Sandboxing technology
- Secure SD-WAN
- Zero Trust Network Architecture
- Integration with other security tools for streamlined management and heightened visibility
Every organization that uses digital services should be looking to employ some type of firewall because they take a good deal of the work out of addressing network threats. They act as the first line of defense, automatically blocking a high proportion of attacks, which allows you to focus on the more complex or nuanced attacks.
What Features Should You Look For In A Network Firewall Solution?
Many of the firewalls on the market today go well beyond offering a secure perimeter. Whilst retaining the ability to filter unwanted and dangerous traffic, they deliver a range of effective security features to make your network as secure as possible. When you are looking to invest in a solution, it is worth considering some of the following features to identify the most appropriate tool for your use-case.
- Sandboxing:This feature can run files within an isolated environment isolated, allowing you to understand how a piece of code behaves, meaning that you can decide if it is safe or not
- Unified security management: This helps teams manage and enforce security policies across their network environment
- Secure SD-WAN: This allows secure and fast connection between clouds and between office locations
- Zero Trust approach: This involves looking for constant verification that a user is authentic, rather than assuming they are authorized
- Integration: You can enhance the level of your security and response through gathering data from other tools, as well as providing more effective response
- Data exfiltration: While all firewalls examine traffic coming in for harmful code, you should also examine traffic going out to make sure that sensitive data is not being shared and your accounts are not being used to distribute malware
- Scalability: It’s important that your firewall can handle the scope and scale of your network as it grows
Types Of Network Firewalls
Packet filtering firewalls
As the name would suggest, packet filtering firewalls revolve around the filtering of incoming (and outgoing) packets. It can deny access or exit based on sender and recipient IP addresses, protocols, and ports, referring to predetermined policies set by administrators. Any packets that do not fall in line with these policies are automatically blocked. Access control lists are the protocol within this firewall that dictate what needs to be looked for in packets and what action ought to be taken.
So, what’s a packet?
A network packet is, essentially, data sent over a network. Often, large messages struggle to be sent over networks due to their size, so they’re broken down into these smaller packets. Think of breaking a letter down into small notes to be sent. Each of these packets will have a header and a body; the header contains user data and control information, which helps direct the packet to where it needs to go, and the body is the “main message”.
Filtering incoming packets is referred to as Ingress filtering, whereas egress filtering scans outbound information. Ingress filtering is especially useful in determining whether an email is coming from a spoofed IP address. IP spoofing is an attack used by threat actors by changing the source address on an email. Packet filtering can verify whether or not the source address on the email matches the address registered with the packets.
A packet filtering firewall isn’t completely foolproof, however. While it’s a low-cost option that can scan traffic at fast speeds and one device can service the entire network, there are some drawbacks. They’re not often secure, as they will allow any traffic to enter provided it is on an approved port – regardless of whether or not the traffic is malicious. Deploying and managing access control lists can also be time consuming and difficult.
Application firewalls (or proxy firewalls) can be seen as a complimentary firewall to packet filtering methods that takes it one step further. With a set of predetermined rules, this firewall will filter and monitor all HTTP traffic that traverse between web applications and the internet. Deployed at the application layer, this firewall essentially serves as the only entrance and exit to each individual application in a network. It does so by in-depth packet filtering, sorting based on characteristics such as destination ports and HTTP request strings. Different policies can be built and customized for each individual application and dictates rules for HTTP connections.
An external user will make a request to access a network which will pass through the application layer firewall, which will then decide whether or not to grant access after verifying the request. In addition to monitoring and granting access, application firewalls can also accept requests to web pages and applications but at the same time mask the identity and IP address of the internal network and devices for added protection. They also offer deep packet inspection.
Application-level firewalls can be deployed as either hardware, software, or a server plug-in. They can cause a slowness of traffic and can be difficult to configure and deploy. It is also one of the more pricier firewall solutions.
Circuit Level Firewalls
Circuit firewalls (or circuit level gateway firewall) assess Transmission Control Protocol (TCP) connections and monitor any active sessions. They work at the session layer in the OSI model. Circuit firewalls, predominantly, assess the security of an established connection after a User Datagram Protocol (UDP) or TCP connection has been completed.
It also works by protecting devices inside the network when they make a connection with a remote host. It does so by creating the connection on behalf of the device, masking the user’s identity and IP address.
While similar to packet filtering firewalls, they take it one step further by verifying established connections. Like packet filtering, it is also a fairly simple and straightforward measure that doesn’t take too much to run in terms of cost and deployment. However, their simplicity is also a drawback in that they cannot monitor data packet contents, meaning that a data packet that contains malware could slip past a circuit firewall if the TCP connection is legitimate. As such, other firewalls are needed in conjunction.
A stateful firewall monitors active network connection sessions, tracking and sorting traffic based on the destination port. It also scans incoming traffic for any risks or malicious activity. This firewall examines every packet that crosses the network, assessing whether it belongs to an established TCP or another network session. Stateful firewalls can also track and log a packet’s history.
Basic versions of this firewall block any traffic that is coming or going that can be considered harmful. They can detect and flag access attempts by unauthorized individuals and servers. Some more advanced stateful firewalls also have multilayer inspection capabilities, which tracks transactions across multiple protocol layers in the OSI model.
Stateful firewalls are certainly more robust and effective than packet filtering or circuit firewalls but can hinder network performance and can be cumbersome for admins to manage.
Next Generation Firewalls
Next Generation firewalls (NGFW or NextGen firewalls) are a little different to the other firewalls in this list. They’re part of the third generation of firewalls that seek to consolidate traditional firewall methods with additional features in a bid to overcome traditional firewall limitations. At a glance, NextGen firewalls filter traffic as it moves through a network. The filtering capabilities are determined by the ports assigned to applications and traffic.
Capabilities seen in traditional first and second gen firewalls that a next generation firewall also harnesses include: packet filtering, stateful inspection, VPN support, port address translation, and network address translation. Alongside these traditional firewall capabilities, NextGen moves across other layers in the OSI model to deliver a more comprehensive firewall solution. It provides application-level inspection, intel from outside the firewall, intrusion prevention, and offers in depth investigation into packet payloads and signatures to find any harmful activity. It can block DDoS attacks, block breaches from encrypted apps, and provide strong analysis features.
Next generation firewalls aim to consolidate traditional firewall methods with this involved packet inspection without hindering network performance. It’s often regarded as a more advanced stateful firewall. NextGen is a robust firewall solution that offers stronger security than the others on this list. It is a suitable option for companies with remote and hybrid working environments, and for companies that have Bring Your Own Device (BYOD) policies. For all their benefits, NextGen firewalls are often expensive, and configuration and deployment take a skilled team and a lot of time.