Firewalls were developed over thirty years ago and function as the first line of defense for many business networks. This piece of network equipment is a perimeter defense that determines whether packets can move into or out of the network. While the basic concept of a firewall is simple, the way that it performs this function and the features it offers continue to evolve based on current threats.
Firewalls come in two major categories: hardware and software. The physical firewalls are network appliances that connect to the rest of the IT infrastructure so it’s able to monitor packets. There are several methods they can use to secure the network and assist with thwarting potential intruders.
Stateful firewalls retain information about the connections being made. It offers good performance because this technology allows it to skip inspecting every single packet. Once it has inspected a connection, it allows it for subsequent packets.
Application-level firewalls that are hardware based are designed to protect the application’s connections. They address common attack methods used on that type of application, such as stopping cross-site scripting for a web application.
When someone thinks about a standard firewall, a proxy firewall is most likely what’s on their mind. It stands between a host device and the data source and inspects the packets that are sent between them. This type of firewall may not stand up to complex attacks due to its simplicity, but it masks a lot of the network information.
This firewall is another basic one that focuses on checking the TCP handshake. It’s not resource intensive since it doesn’t look at the packet, but that does mean that it won’t protect against sophisticated attacks.
These firewalls have advanced features that give businesses more ways to stop malicious traffic from making it through the appliance. Some examples of these include deep packet inspection, checking attachments in sandboxes, and terminating encrypted traffic. Third-party data can be incorporated into the rules and filters of the firewall to improve protection against emerging threats. They can also incorporate technology that is found in other types of IT security hardware, such as intrusion detection. The drawback of this firewall type is that it can significantly slow down network traffic.
This firewall is a software package that’s installed on the business network and does not rely on a hardware appliance for protecting traffic.
Some applications have firewalls built into the software itself to act as a second layer of protection. Anything that gets through the physical firewall of the business network and reaches the application layer needs to go through another inspection. These firewalls focus on threats that are most common for that piece of software.
A cloud-based firewall leverages cloud computing technology for the virtual appliance. Some advantages of a cloud firewall include the ability to scale quickly, high availability, and cost-efficiency. For organizations with limited IT budgets, using a cloud-based service can give them access to powerful features that they wouldn’t have access to without paying a substantial upfront hardware fee.
The right firewall for your organization depends on the typical threats that you face, the sensitivity of the information you’re protecting, and your performance requirements.