A firewall is a network security system designed to prevent unauthorized access to or from a private network. It monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. Firewalls are generally designed to protect network traffic and connections, and therefore do not attempt to authenticate individual users when determining who can access a particular computer or network. This means that the only traffic allowed onto the network is defined in the firewall policy, all other traffic is denied.
The term was applied in the late 1980s to network technology that emerged when the Internet was fairly new in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s. And the first paper published on firewall technology was in 1988 when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls.
In addition to limiting access to your computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins. Firewalls can be implemented in both hardware and software, or a combination of both.
Hardware firewalls can be purchased as a stand-alone product but are also typically found in broadband routers, and should be considered an important part of your system and network set-up.
Where, Software firewalls are installed on your computer and you can customize it, allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer.
Types of firewall
The earliest firewalls functioned as packet filters, inspecting the packets that are transferred between computers on the Internet. When a packet passes through a packet-filter firewall, its source and destination address, protocol, and destination port number are checked against the firewall rule set. Any packets that aren't specifically allowed onto the network are dropped.
Stateful inspection firewall
A stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It performs the work of the packet firewalls but operates up to the transport layer. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.
Web Application Firewalls
As attacks against Web servers became more common, so too did the need for a firewall that could protect servers and the applications running on them. A web application firewall is a hardware appliance, server plug-in, or some other software filter that applies a set of rules to an HTTP, FTP, and DNS conversation. Such rules are generally customized to the application so that many attacks can be identified and blocked.
Proxy firewalls act as middlemen, they accept all traffic requests coming into the network by impersonating the true recipient of the traffic within the network. After an inspection, if it decides to grant access, the proxy firewall sends the information to the destination computer. The destination computer’s reply is sent to the proxy, which repackages the information with the source address of the proxy server.
Unified threat management firewalls
A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus. It may also include additional services and often cloud management. UTMs focus on simplicity and ease of use.
Firewalls have evolved beyond simple packet filtering and stateful inspection. Next-generation firewalls were created in response to the evolving sophistication of applications and malware. It acts as a platform for network security policy enforcement and network traffic inspection. Application and malware developers have largely outwitted the long-standing port-based classification of traffic by building port evasion techniques into their programs.
As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "wider" or "deeper" inspection at the application layer.
In practice, many firewalls use two or more of these techniques in concert. In Windows and Mac OS, firewalls are built into the operating system. Even third-party firewall packages also exist. Many of these offer free versions or trials of their commercial versions. In addition, many homes and small office broadband routers have rudimentary firewall capabilities built in. These tend to be simply port/protocol filters, although models with much finer control are available.
How a firewall works?
Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate action is applied to the network traffic.
For example, Rules are defined as any employee from HR department cannot access the data from code server and at the same time another rule is defined like system administrator can access the data from both HR and technical department.
Rules can be defined on the firewall based on the necessity and security policies of the organization. From the perspective of a server, network traffic can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Still, setting rule on outgoing traffic is always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source address and destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead of a port number which identifies the purpose of that packet.
It's very difficult to explicitly cover every possible rule on the firewall. For this reason, the firewall must always have a default policy. Default policy only consists of action (accept, reject or drop). Suppose no rule is defined about SSH connection to the server on the firewall. So, it will follow the default policy.