Every single connection to the internet is an attack vector for threat actors to take advantage of. These connections leave companies open and vulnerable to threats such as malware, ransomware, hacking, and pretty much anything else in the world that’s been invented with the express intent of stealing data or causing disruption.
It’s a big problem, too. Cybercrime was predicted to total $6 trillion in losses by the end of 2021, with the figure for 2025 being estimated at $10.5 trillion. About 64% of all companies worldwide have reported being affected by at least one instance of a cyber-attack.
Yet despite the dangers, these connections are imperative for companies to function, so safeguarding against these threats is the best route to take. One of the most important security measures a company configures for protection is a network firewall.
What Is A Network Firewall?
In short, network firewalls are a security measure that blocks unauthorized access to private networks. They’re considered the first line of defense as they act as a gateway to the network as it monitors incoming and outgoing traffic. The monitoring, remediating, and blocking is dictated by a range of pre-set policies, only allowing traffic that gets the greenlight under these policies. Configuration allows for any data to have to pass through the firewall before it can access the network or leave it. Network firewalls only allow approved packets to reach networks and only allows exiting information to leave if it is authorized to leave the network.
Firewalls, while generally quite simple in concept and structure, are an important part of network security and can prevent viruses, malware, ransomware, threat actors, and any other threat from accessing a company network.
Hardware, Software, And Cloud Firewalls
Network firewalls can be either hardware or software, and what these two types can do differ slightly.
Hardware firewalls are a physical appliance that is usually built into a router or another piece of networking device. For larger companies or companies at enterprise level, hardware firewalls are usually a large standalone piece of equipment. All network and web traffic will pass through this, allowing for inspection of traffic, policy enforcement, and enablement of access controls. This equipment will usually have four or more network ports, allowing for expansive network connections to numerous connections. These ports are important as they connect the cables that web traffic can utilize to cross network boundaries that lie on the inside and outside of the firewall.
Software firewalls are often installed directly onto a device, such as laptops, phones, and any IoT devices. Working on a localized, more nuanced level, these firewalls allow for more customization and provide security over more network layers. They also offer device security and more granular controls and access down to the application level for admins.
While it offers perhaps more customization, the security software-based firewalls are not as robust as hardware firewalls provide and can’t protect networks from more advanced attacks, as well as being trickier to manage with so many devices. As such, they’re usually used in tandem with each other.
Conversely, cloud firewalls are a software-based, cloud-deployed firewall. They reside in online applications to provide flexible, comprehensive security. Deployment is usually fuss-free and not as costly as hardware and software solutions can be. It’s a fully scalable option that can handle bandwidth being taxed, such as in the event of DDoS attacks. It offers the same level of security hardware or software solutions can provide, as well as being more flexible. Cloud firewalls come in two formats: Software-as-a-service (SaaS) or NextGen, the latter of which we’ll look at further down this article.
Network vs Host Firewalls
On the other side of the network firewall coin is host firewalls. Network security firewalls endeavor to protect the entire network, as well as controlling network traffic. Host firewalls are software-based firewalls that are installed directly onto host computers and servers. If multiple devices are needed, then the host firewall will need to be installed directly onto each one individually. Unlike network firewalls, they can’t be
Host-based firewalls are more suited to, and frequently seen as, home devices to protect personal computers on a home network. They are also a cost-effective option for very small businesses, but for most companies seeking out strong security, a network-based firewall is the more suitable and effective option.
Why Is Having A Network Firewall Important?
Firewalls are a vital, advanced security measure that can block modern threats, filter unwanted traffic, and overall are just a vital component in cybersecurity initiatives. Firewalls are essentially the first line of defense when it comes to protecting vital data and information.
Any network that is connected to the internet needs a firewall to protect it from any threats that may emerge from that connection. If a network is connected to the internet, malware can take advantage of this connection, stealing data and information, overriding and shutting down systems, or utilizing the organization’s bandwidth. In addition to securing and protecting, firewalls can also strengthen network connectivity to the web and any applications.
Nowadays, a lot of operating systems come with firewalls built in
but they’re not always as robust or as comprehensive as is needed. A lot of these built-in firewalls also fail to meet certain standards and regulations needed by law for businesses to safely operate, such as HIPAA compliance.
Open Systems Interconnection (OSI) Model
While not necessarily important, it’s good to know at what level different firewalls operate at. Every brand of firewall is different and operates at a different Open System Interconnection (OSI) model layer, sometimes operating at more than one.
The OSI model is a conceptual model of seven layers that categorizes the layers of communication that networks use. These days, communication over the internet doesn’t model the OSI framework, but the model is still used and referred to understand the layers of communication and to help troubleshoot.
- Physical layer: This layer transmits raw data between devices and transmission mediums, a physical object that can receive signals.
- Data link layer: Providing data transfer, this layer operates as a link between nodes. It essentially creates a connection between two connected devices.
- Network layer: This layer dictates how and where data will travel through the network.
- Transport layer: Using transmission protocols, the transport layer is responsible for the actual transport of data.
- Session layer: This layer controls the connection between connected devices. It also controls ports and sessions.
- Presentation layer: The presentation layer can apply data encryption and presents data in a usable way.
- Application layer: This is the part that end-users can view and interact with, as it’s how they directly interact with the application. This layer is where apps can reach the network.
Most firewalls will operate at more than one layer in combination, meaning that knowing the difference for all of them isn’t too critical. But it can be good to know what firewall you deploy serves protection at what layer. The OSI model is a good visual for understanding how networks communicate with each other, which in turns help to show how firewalls operate and how they function. Most firewalls operate at the network and transport layer, though some can work at further levels up to the application layer. Understanding what levels your firewall solutions operate can help to understand what level of protection you have.
Types Of Network Firewalls
Packet filtering firewalls
As the name would suggest, packet filtering firewalls revolve around the filtering of incoming (and outgoing) packets. It can deny access or exit based on sender and recipient IP addresses, protocols, and ports, referring to predetermined policies set by administrators. Any packets that do not fall in line with these policies are automatically blocked. Access control lists are the protocol within this firewall that dictate what needs to be looked for in packets and what action ought to be taken.
So, what’s a packet?
A network packet is, essentially, data sent over a network. Often, large messages struggle to be sent over networks due to their size, so they’re broken down into these smaller packets. Think of breaking a letter down into small notes to be sent. Each of these packets will have a header and a body; the header contains user data and control information, which helps direct the packet to where it needs to go, and the body is the “main message”.
Filtering incoming packets is referred to as Ingress filtering, whereas egress filtering scans outbound information. Ingress filtering is especially useful in determining whether an email is coming from a spoofed IP address. IP spoofing is an attack used by threat actors by changing the source address on an email. Packet filtering can verify whether or not the source address on the email matches the address registered with the packets.
A packet filtering firewall isn’t completely foolproof, however. While it’s a low-cost option that can scan traffic at fast speeds and one device can service the entire network, there are some drawbacks. They’re not often secure, as they will allow any traffic to enter provided it is on an approved port – regardless of whether or not the traffic is malicious. Deploying and managing access control lists can also be time consuming and difficult.
Application firewalls (or proxy firewalls) can be seen as a complimentary firewall to packet filtering methods that takes it one step further. With a set of predetermined rules, this firewall will filter and monitor all HTTP traffic that traverse between web applications and the internet. Deployed at the application layer, this firewall essentially serves as the only entrance and exit to each individual application in a network. It does so by in-depth packet filtering, sorting based on characteristics such as destination ports and HTTP request strings. Different policies can be built and customized for each individual application and dictates rules for HTTP connections.
An external user will make a request to access a network which will pass through the application layer firewall, which will then decide whether or not to grant access after verifying the request. In addition to monitoring and granting access, application firewalls can also accept requests to web pages and applications but at the same time mask the identity and IP address of the internal network and devices for added protection. They also offer deep packet inspection.
Application-level firewalls can be deployed as either hardware, software, or a server plug-in. They can cause a slowness of traffic and can be difficult to configure and deploy. It is also one of the more pricier firewall solutions.
Circuit Level Firewalls
Circuit firewalls (or circuit level gateway firewall) assess Transmission Control Protocol (TCP) connections and monitor any active sessions. They work at the session layer in the OSI model. Circuit firewalls, predominantly, assess the security of an established connection after a User Datagram Protocol (UDP) or TCP connection has been completed.
It also works by protecting devices inside the network when they make a connection with a remote host. It does so by creating the connection on behalf of the device, masking the user’s identity and IP address.
While similar to packet filtering firewalls, they take it one step further by verifying established connections. Like packet filtering, it is also a fairly simple and straightforward measure that doesn’t take too much to run in terms of cost and deployment. However, their simplicity is also a drawback in that they cannot monitor data packet contents, meaning that a data packet that contains malware could slip past a circuit firewall if the TCP connection is legitimate. As such, other firewalls are needed in conjunction.
A stateful firewall monitors active network connection sessions, tracking and sorting traffic based on the destination port. It also scans incoming traffic for any risks or malicious activity. This firewall examines every packet that crosses the network, assessing whether it belongs to an established TCP or another network session. Stateful firewalls can also track and log a packet’s history.
Basic versions of this firewall block any traffic that is coming or going that can be considered harmful. They can detect and flag access attempts by unauthorized individuals and servers. Some more advanced stateful firewalls also have multilayer inspection capabilities, which tracks transactions across multiple protocol layers in the OSI model.
Stateful firewalls are certainly more robust and effective than packet filtering or circuit firewalls but can hinder network performance and can be cumbersome for admins to manage.
Next Generation Firewalls
Next Generation firewalls (NGFW or NextGen firewalls) are a little different to the other firewalls in this list. They’re part of the third generation of firewalls that seek to consolidate traditional firewall methods with additional features in a bid to overcome traditional firewall limitations. At a glance, NextGen firewalls filter traffic as it moves through a network. The filtering capabilities are determined by the ports assigned to applications and traffic.
Capabilities seen in traditional first and second gen firewalls that a next generation firewall also harnesses include: packet filtering, stateful inspection, VPN support, port address translation, and network address translation. Alongside these traditional firewall capabilities, NextGen moves across other layers in the OSI model to deliver a more comprehensive firewall solution. It provides application-level inspection, intel from outside the firewall, intrusion prevention, and offers in depth investigation into packet payloads and signatures to find any harmful activity. It can block DDoS attacks, block breaches from encrypted apps, and provide strong analysis features.
Next generation firewalls aim to consolidate traditional firewall methods with this involved packet inspection without hindering network performance. It’s often regarded as a more advanced stateful firewall. NextGen is a robust firewall solution that offers stronger security than the others on this list. It is a suitable option for companies with remote and hybrid working environments, and for companies that have Bring Your Own Device (BYOD) policies. For all their benefits, NextGen firewalls are often expensive, and configuration and deployment take a skilled team and a lot of time.
Network firewalls are a fundamental, critical tool that is a vital and intrinsic part of any security infrastructure. While simplistic in nature, their benefits shouldn’t be overlooked. Firewalls, when configured and managed correctly, provide surface level and deep packet inspection, block unauthorized users accessing networks, malware detection and prevention, and closely monitor web traffic. They provide a strong gateway between internal and external networks, protecting company data and information and thus preventing security breaches and leaks.
Not all firewalls are created equal and not all offer the same thing. A more holistic, layered approach is often needed with firewalls to offer full, comprehensive security. Companies can stand to benefit from deploying both software and hardware-based firewalls. Choosing more specific types of firewalls can get more complicated, however; there’s plenty to decide from on the market and not all of them offer the same level or type of protection. Assessing what your company needs first before actioning a purchase can prevent loss of time, manpower, and finances on ill-fitting methods.
To learn more, read our buyers guide to the top 11 network firewalls.