A network firewall is a security tool that monitors and examines all incoming and outgoing traffic to a network or device. It is designed to filter out all unwanted and malicious traffic, while allowing “good” traffic unimpeded access. In theory, a firewall is quite a simple tool, but there are a whole range of different firewall types to choose from. Each offering slightly different capabilities and functioning in a different way.
In this article, we’ll explain what the different types of firewall are, and how they differ. We’ll indicate who they are best suited to, and the type of organizations that should implement one.
What Is A Network Firewall?
A network firewall is a cybersecurity tool that sits in your network security stack to examine and filter network traffic, blocking or restricting any unauthorized access to the network. Network firewalls will provide stateful inspection into all network traffic – they can allow and block traffic based on ports, protocols, filters, and state, depending on predefined policies. Network firewalls are often situated at the very front of a network, essentially acting as a gatekeeper to block unwanted traffic. They will communicate and share intel between devices and the network.
When a firewall is in use, all data that passes through the network will be examined. Anything that the firewall doesn’t like is immediately blocked or quarantined for further examination. It achieves this by examining packets – small bits of information that make up a larger message. Often, with information in transit, messages are broken down into packets for faster and easier passage through the network. Network firewalls will perform inspection into individual packets to identify any malicious content contained within.
Network firewalls are highly efficient at allowing wanted traffic to access your network while, simultaneously, blocking unwanted users, viruses, hackers, malware, worms, Trojans, and other network threats.
Hardware Firewalls vs Software Firewalls
Firewalls can be deployed as a hardware or software (including cloud) service. Hardware firewalls are physical tools that organizations can build into their on-prem security stack. This physical device has ports to allow a wired connection between multiple systems.
Software firewalls, on the other hand, are a piece of software installed on a computer and can be provided by an operating system or purchased directly from a firewall vendor. Software firewalls are typically more customizable, with greater control over functionality and increased configurability over protection features. While more flexible and adaptive, software firewalls can have difficulty preventing particularly sophisticated network breaches and attacks.
What Are The 5 Types Of Network Firewalls?
The five types of network firewalls are:
- Packet filtering firewalls
- Circuit-level firewalls
- Stateful inspection firewalls
- Application layer/proxy server firewalls
- Next-generation firewalls
Let’s look at each one in turn.
Packet Filtering Firewalls
Packet filtering firewalls operate by examining all packets passing through the network. Anything that seems suspect – such as packet’s source IP address, destination IP address, protocols, and ports – is blocked automatically. Every packet will have this information inspected by the firewall and have an acceptance decision based on predefined rules set by admin teams.
As explained earlier, packets are a way of breaking down large messages into more manageable chunks that’s easier to transport. Messages are broken down into individual packets and sent by a node over the network to its destination, where the message is reconstructed. Packets will contain the sender’s internet protocol (IP) address, the destination IP address, the header (which acts as the “title” of the message), and the body of the packet which makes up part of the original message.
Packet filtering will examine the source and destination IP addresses in a packet, checking that the IP addresses match a recognized source. Packet filtering firewalls also check the source and destination protocols, including user datagram protocol (UDP) and transmission control protocol (TCP). This address can be specific enough to identify an individual port.
Packet filtering offers strong filtering based on data content, though it can be complicated to configuring your firewall. This type of firewall is especially vulnerable to IP spoofing – this is when attackers spoof or mask an IP address so that it passes firewall inspections. The reason being that not all packet filtering firewalls are intelligent enough to recognize spoofed packets or catalogue used packets. This leads to successful instances of spoofing. Packet filtering is, however, effective at preventing attacks outside of a local area network. Overall, packet filtering is a well-regarded and commonly used firewall standard used in network security.
As introduced earlier, user datagram protocol (UDP) and transmission control protocol (TCP), are two of the main protocols for organizing network communications between computers and operating systems. Circuit-level firewalls apply security mechanisms after either a UDP or TCP connection has been made. It tracks protocol information between packets to determine whether or not the packet has a valid session. Traffic is then blocked or admitted based on session policies.
After a connection has been established – through a TCP or UDP handshake – the packet can be exchanged directly between the sender and recipient without further filtering. Handshakes are an agreement or acknowledgement between recipients and senders during data transmission processes to facilitate a connection by acknowledging each other. Circuit-level filtering doesn’t share or reveal any data about the network that they’re guarding. However, circuit-level firewalls do not inspect packets at all, meaning that any malicious traffic can easily be given the green light if the session is validated.
Stateful Inspection Firewalls
A stateful inspection firewall will use the transmission control protocol (TCP) to perform an inspection of each packet sent through the network. This analysis sits at layer 3 and 4 of the open systems interconnection (OSI) model – this is a way of describing the level that a computer system uses to communicate.
For example, layer 3 is the network layer, while layer 7 is the application layer. Layer 3 firewalls will filter traffic based on IP source/destination, port, protocol, while layer 7 can do all of that, plus intelligent inspection of the packets. This level of granular detail is slower than a lower level inspection.
Stateful firewalls track and monitor active network connections whilst also examining all incoming traffic and scanning for potential malicious content or risks. Stateful inspection firewalls will track the entire session of the packet during which it is engaged. They can allow or block traffic depending on security policy and data collected from activity that occurred within the same session. These firewalls will classify traffic based on destination port and packet tracking for all interactions during the session.
Stateful inspection firewalls are robust and diligent when it comes to filtering and examining packets, – they can offer more controls and capabilities than a packet filtering firewall. However, these firewalls take more time to examine and process packets passing through, and, as a result, can cause latency and impact network performance.
Application Layer Firewalls Or Proxy Server Firewalls
Application layer firewalls (alternatively called proxy server firewalls) examine and filter traffic that is sent to, from, or by a specific application or service. They can operate as either a hardware firewall, software filter, or as a server plug-in. Application layer firewalls add an extra layer of security to pre-existing network security features – FTP servers, for example, can define rules for HTTP connections. Rules can be tailored per application. These firewalls operate at the application layer, which is a layer up from the OSI model – a reference model that details how applications communicate over a network.
With more “traditional” firewalls, data flow is controlled to and from the CPU with inspection into every packet. Application layer firewalls do this as well as extending capabilities by exerting control over the execution of files or code from specific applications. This means that should a threat actor manage to breach a network they will still struggle to execute anything malicious.
These firewalls can be active or passive. Active firewalls inspecting all incoming traffic for known vulnerabilities then take action, while passive firewalls inspect all traffic requests, but don’t actively allow or deny access if a potential attack is discovered. Instead, a potential threat will be flagged to admins.
Next Generation Firewalls
The newer, more modern, firewall on this list is next generation firewalls (or next-gen firewalls, or NGFW for short). These firewalls are always software or cloud based. Alongside the standard capabilities of traditional firewalls – packet filtering and stateful inspection – next-gen firewalls offer deep packet and encrypted traffic inspection. Next-gen firewalls can also block advanced malware, application-layer attacks.
Next-gen firewalls are an amalgamation of advanced and intelligent tools to defend the network. They often include integrated intrusion prevention capabilities, threat intelligence sources, upgrade paths, and application awareness and control. Some models take this one step further, again, by including tools such as intrusion prevention system capabilities, URL filtering, sandboxing, and advanced malware protection. Some next-gen firewalls will have functionality beyond being a firewall, but also help with identity and bandwidth management.
Do I Need A Firewall For My Business?
Yes. Firewalls are a critical piece of infrastructure to ensure your organization’s overall security health. They’re the first line of defense when it comes to preventing attacks from accessing your network. Any unauthorized access could result in stolen data, data breaches, or follow up attacks that include malware and ransomware. Firewalls can prevent harmful code from affecting the network by creating a barrier between your network and any untrusted or suspicious outside networks. These days, attacks can happen at any time, on an unprecedented scale, so having a filter that automatically blocks threats 24/7 is vital.
Many operating systems and network security tools will have firewall capabilities inbuilt. If, however, you’re looking to upgrade and have more control over your firewall, why not start by checking our list of some of the best products on the market here:
The Top 11 Network Firewalls
While an abundance of network firewalls might seem like overkill, having choice in the market is always a plus. Network firewalls are the first line of defense in your network, which makes them one of the most critical components. When configured correctly, firewalls excel at blocking the bulk of persistent, but potentially devastating, threats. Firewalls can efficiently and quickly block Trojans, malware, zero-day exploits, viruses, known threat actors, and more from accessing your network and your valuable data and information. Some firewalls go one step further and ensure that no sensitive information is leaves your network when it shouldn’t.
Overall, having a firewall installed and configured correctly is a critical component of any healthy security stack. While it might seem like a simple gateway, different firewalls have different capabilities, and some have very advanced capabilities. Before investing in a firewall, consider what threats your network needs to mitigate, then find one to match your needs.