What Is a Firewall?
A firewall can be either a piece of software or hardware that helps control incoming and outgoing traffic by keeping unwanted traffic out. By defining a set of rules, the firewall is able to determine what traffic should be blocked and what can safely pass through. Firewalls have been around for some time, however, are becoming more and more prevalent as the number of cyber attacks increases, especially in terms of DDoS.
There are three main types of firewalls available with proxy firewalls being a fourth option. This guide will help provide a better understanding of what types of firewalls exist, what they are used for, how they work, and more.
Types of Firewalls
There are a few types of firewalls to choose from when wanting to protect your network from malicious incoming/outgoing traffic. Each type is explained in detail below.
Application Layer Firewalls
Application layer firewalls are the third generation of firewalls. As the name implies, application layer firewalls work on the application level of the TCP/IP stack (the 7th level). The need for application layer firewalls increased as hackers turned their attention from attacking the networking resources behind a server towards attacking the application itself.
Application layer firewalls work by examining all incoming and outgoing packets and blocking those that are deemed malicious. Filtering rules are usually set in place by the web developer or security service and can be modified to provide stronger protection or let more packets pass through.
Stateful firewalls are the second generation of firewalls. These type of firewalls record all connections passing through and are able to determine whether the packet is part of a new connection, existing connection, or not part of any connection at all.
If the packet is not part of any existing connection, it must be checked against a set of rules to determine whether or not it is malicious. To speed up this process of stateful packet inspection, packets are cross-checked with the firewall’s state table and if they are a part of an existing connection they can pass through without any further analysis.
Packet firewalls are the earliest generation of firewall technology. Using this method, the firewall looks at the network packet’s source and destination address, protocol, and destination port number. It will then check this information against the set of rules defined and if any of the information infringes upon those rules then the packet is dropped from the network.
Packet firewalls work mainly on the first 3 OSI model layers while stateful firewalls work on the first 4 and the 4th layer. Furthermore, application layer firewalls work on the 7th layer. The image below shows an overview of the different OSI layers.
A Proxy firewall acts as an intermediary between the client and the server and determines which traffic should pass through. If your content delivery network protects against DDoS attacks you can think of this as a proxy firewall wince the client makes a request to the CDN’s edge server and the CDN determines at that point whether or not the client’s packets should be dropped or not based on certain rules.
Hardware vs Software Firewalls
The difference between hardware and software firewalls is quite simple. The following section explains both.
Hardware firewalls are actual hardware systems tasked with the sole purpose of mitigating malicious traffic. Hardware firewalls are intermediaries and placed between a network (e.g. a company and the Internet). Large companies sometimes setup hardware firewalls themselves so that all traffic passes through their own firewall before going to the server. Alternatively, a dedicated security service can be used.
A software firewall is designed to run on a single machine and is typically seen on personal computers. These types of firewalls help ensure that unwanted third-parties don’t compromise the machine. Software firewalls do this by preventing communication over risky ports (i.e. those that aren’t used often to receive information).
How Do Firewalls Work?
As highlighted in the sections above, there are a few different types of firewalls and how they work is different based on the type used. However, at a high-level they all basically follow the same process:
- A client request is made to a server
- The client’s network packets are passed through the website’s firewall
- The firewall checks the packets against its list of rules
- If the packets pass the rules it goes through to the server
- If the packets fail one of the rules it is dropped
- Rinse and repeat
Should You Be Using a Firewall?
In regards to whether or not you should use a firewall, it comes down to your specific use-case. Macs are actually shipped with firewalls turned off because a standard Mac OS X system doesn’t have potentially vulnerable services listening by default. On the other hand, Windows does have the firewall turned on by default, which in most cases is a good idea to leave enabled.
As for web-based firewalls, that’s a bit of a tricky question. On one hand, if you enable a firewall your site will be more secure and less vulnerable to attack, however, on the other hand, enabling a firewall will come at a cost in terms of performance. Checking packets takes time and can slow down the performance of a website. Therefore, before deciding whether or not you need a firewall, you should audit your site and see if it has ever been hit before or if you’re in a space that is susceptible to cyber attacks. If so, it might be time to enable a firewall for your application.
Hopefully, this article has helped you better answer the question of “what is a firewall”. If you would like to learn more about web security, check out the related articles section below.