What is Firewall, Features, Types and How does the Firewall Work?

Table of Contents

• Introduction
• A firewall is Hardware or Software?
  • A) Hardware Firewall
  • B) Software Firewall
• How does Firewall Work?
• Types of Firewalls in Computer Networks
  • A) Packet Filtering Layer
  • B) Circuit Level Firewall
  • C) Stateful Inspection Firewall
  • D) Applications Firewall
• Advantages of Firewall
• Disadvantages of Firewall
• Difference between Firewall and Anti-virus
• Conclusion
• FAQ
• Recent Articles on Computer Networks
• Related Articles on Linux

Introduction

A firewall is a network security device that acts as a barrier between an internal computer network and external networks, such as the Internet. Its primary purpose is to monitor and control incoming and outgoing network traffic based on predetermined security rules.

Firewalls are designed to prevent unauthorized access to or from a private network while allowing legitimate communication to pass through. They serve as the first line of defense against malicious activities, such as hacking attempts, malware infections, and unauthorized data access.

[Image]

A firewall is Hardware or Software?

The topic of whether a firewall is hardware or software is one of the most difficult to answer. As was already said, a firewall can be either a computer program or a network security hardware.

This indicates that the firewall is available on both the hardware and software levels, though it is recommended to have both.

A) Hardware Firewall

These are standalone devices specifically designed to act as firewalls. They are typically physical appliances that are dedicated solely to the task of network security.

Hardware firewalls are often deployed at the perimeter of a network, such as between the internal network and the Internet.

They are equipped with specialized hardware components and software to efficiently process and filter network traffic.

Example: Broadband Router.

B) Software Firewall

These are firewall solutions that run as software applications on servers, computers, or network devices. Software firewalls can be installed on individual computers or integrated into the operating system itself.

They provide protection at the individual device level and can be configured to control network traffic based on specific rules and settings. Software firewalls are commonly used on personal computers and laptops.

Both hardware and software firewalls serve the same purpose of filtering network traffic and enforcing security policies.

The choice between hardware or software firewall implementation depends on factors such as the scale of the network, security requirements, budget, and specific use cases.

Example: Any installed software in your system.

How does Firewall Work?

Types of Firewalls in Computer Networks

A) Packet Filtering Layer

A packet filtering firewall is a type of firewall that operates at the network layer (Layer 3) of the OSI model. It examines individual packets of data as they pass through the firewall and makes decisions on whether to allow or block them based on a set of predefined rules.

Packet filtering firewalls analyze the header information of each packet, such as the source and destination IP addresses, port numbers, and protocol type (e.g., TCP, UDP), to determine whether to forward or drop the packet.

The rules in a packet filtering firewall typically define specific criteria that packets must meet to be allowed through, and any packets that do not meet these criteria are discarded.

B) Circuit Level Firewall

A circuit-level firewall, also known as a stateful firewall, operates at the session layer (Layer 5) of the OSI model. Unlike packet-filtering firewalls that analyze individual packets, circuit-level firewalls maintain information about the state of network connections or sessions between two hosts.

Here’s how a circuit-level firewall works:

1. Connection establishment: When a client initiates a connection to a server, the circuit-level firewall examines the initial handshake packets (e.g., TCP SYN, SYN-ACK) to determine if the connection should be allowed. It checks if the connection is part of an established session or if it matches predefined rules.
2. Stateful inspection: Once a connection is established and deemed valid, the circuit-level firewall creates a session entry in its state table, which includes information about the source and destination IP addresses, port numbers, and connection state. It then allows subsequent packets related to that session to pass through without further examination.
3. Connection termination: When a session is closed or terminated by either the client or the server, the circuit-level firewall updates its state table accordingly and removes the session entry.

C) Stateful Inspection Firewall

A stateful inspection firewall, also known as a stateful firewall or dynamic packet filtering firewall, combines the features of packet filtering and circuit-level firewalls. It operates at the network layer (Layer 3) and session layer (Layer 5) of the OSI model, providing advanced security capabilities.

Stateful inspection firewalls maintain a state table that keeps track of the state and context of network connections. They analyze not only individual packets but also the complete network sessions or connections to make informed decisions about allowing or blocking traffic.

Here’s how a stateful inspection firewall works:

1. Initial packet analysis: When a packet arrives at the firewall, it examines the packet header information, such as source and destination IP addresses, port numbers, and protocol type. The firewall checks if the packet matches any predefined rules for filtering or access control.
2. Stateful inspection: If the packet passes the initial analysis, the firewall checks its state table to determine if the packet is part of an established session or connection. It looks at the packet’s sequence number, acknowledgment number, and other session-related information. The state table helps the firewall maintain context and track the state of network connections.
3. Session-level filtering: With the session context in mind, the firewall applies session-level rules to the packet. It considers factors such as session duration, permitted services or applications, and permitted users or IP addresses. This allows the firewall to make granular decisions about whether to allow or deny the packet based on the overall session characteristics.
4. Dynamic rule creation: Stateful inspection firewalls dynamically create temporary rules or open temporary ports to allow response packets related to outgoing traffic. This allows inbound traffic related to a specific session to pass through the firewall without requiring separate rule configurations.
5. Connection termination: When a session or connection is closed, the stateful inspection firewall removes the session information from its state table, freeing up resources and ensuring accurate tracking of active connections.

D) Applications Firewall

An application-level firewall, also known as an application-layer firewall or proxy firewall, operates at the highest layer of the OSI model—the application layer (Layer 7). It provides advanced security by examining the content, context, and behavior of network traffic, focusing on specific applications and protocols.

Here’s how an application-level firewall works:

1. Protocol analysis: An application-level firewall analyzes the content and behavior of application-layer protocols such as HTTP, FTP, SMTP, or DNS. It understands the specific protocol structure and can identify protocol-specific commands, requests, or responses.
2. Deep packet inspection: The firewall examines the payload or data within the packets, allowing it to inspect not just the packet headers but also the actual content. It can detect malicious code, unauthorized activities, or specific patterns that indicate security threats.
3. Content filtering: Application-level firewalls can implement content filtering mechanisms, such as URL filtering, to control access to specific websites or web resources. They can block or allow traffic based on URL categories, keywords, or predefined policies. This helps enforce security policies and prevent access to malicious or inappropriate content.
4. Application-specific rule enforcement: The firewall can enforce application-specific rules or policies. For example, it can enforce strong authentication for specific applications, restrict certain file types from being transferred over FTP, or enforce encryption for sensitive data transmitted over the network.
5. Application proxying: Application-level firewalls act as intermediaries between clients and servers. They establish separate connections with both sides and validate the content and behavior of traffic passing through them. By proxying connections, they can provide additional security measures such as authentication, caching, or data transformation.

Advantages of Firewall

Firewalls provide several advantages for network security and are commonly used in organizations to protect their systems from unauthorized access and potential threats. Here are some advantages of firewalls:

A) Network Security:

Firewalls act as a barrier between an internal network and external networks, such as the Internet. They inspect incoming and outgoing network traffic, blocking unauthorized or malicious communication attempts. Firewalls help prevent unauthorized access to sensitive data and protect against various cyber threats, including hacking attempts, malware, viruses, and other types of malicious activities.

B) Access Control:

Firewalls enable organizations to implement access control policies. They allow network administrators to define rules and filters that determine which types of traffic are allowed or blocked. By setting up specific rules, administrators can control who can access the network resources, what services can be accessed, and from which locations. This helps in maintaining the confidentiality, integrity, and availability of network resources.

C) Network Segmentation:

Firewalls facilitate network segmentation by dividing a network into separate security zones or subnetworks. This segregation helps to control and restrict the flow of traffic between different network segments. By isolating sensitive systems or resources from less secure areas, firewalls can limit the potential impact of a security breach and prevent the lateral movement of attackers within the network.

D) Application Control:

It can enforce application-level policies, allowing organizations to regulate and control specific applications or services that can be accessed from their networks. This feature helps to block unauthorized or undesirable applications, such as peer-to-peer file sharing or social media platforms, which may pose security risks or impact productivity.

E) VPN (Virtual Private Network) Support:

It often include VPN capabilities, allowing secure remote access to a private network over the Internet. VPNs encrypt traffic between the remote user and the network, ensuring confidentiality and integrity of data transmitted over potentially untrusted networks. Firewalls with built-in VPN support provide an additional layer of security for remote workers or branch offices connecting to the organization’s network.

F) Logging and Monitoring:

It offers logging and monitoring features that enable network administrators to track and analyze network traffic. They can generate logs and alerts for suspicious or unauthorized activities, providing valuable information for incident response, forensic analysis, and compliance audits. Monitoring firewall logs can help detect and mitigate security incidents in a timely manner.

G) Scalability and Flexibility:

Firewalls come in various forms, including hardware appliances, software-based solutions, and cloud-based services. This versatility allows organizations to choose a firewall solution that best fits their specific needs and infrastructure. Firewalls can be scaled up or down to accommodate the network size and traffic volume, providing flexibility as the organization grows or evolves.

It’s important to note that while firewalls provide significant advantages, they should be used in conjunction with other security measures, such as regular software updates, strong authentication mechanisms, and employee training, to establish a comprehensive and robust security posture.

Disadvantages of Firewall

While firewalls are an essential component of network security, they do have some disadvantages. Here are a few notable drawbacks of firewalls:

A) False sense of security:

Firewalls can create a false sense of security among users and organizations. While they are effective at filtering incoming and outgoing network traffic based on predefined rules, they are not foolproof. Attackers can still find ways to bypass or exploit vulnerabilities in firewalls, making it important to implement other security measures alongside them.

B) Complexity and configuration challenges:

Firewalls can be complex to configure and manage effectively. Organizations must define and maintain appropriate firewall rules and policies, ensuring they strike a balance between security and usability. Misconfigurations can inadvertently open up security vulnerabilities or cause disruptions in network connectivity.

C) Single point of failure:

If a firewall malfunction, experiences a hardware failure or suffers a successful attack, it can become a single point of failure for the entire network’s security. Redundancy and failover mechanisms can be implemented to mitigate this risk, but they add complexity and cost to the network infrastructure.

D) Inability to detect certain types of attacks:

Firewalls primarily operate at the network layer and are effective at filtering based on IP addresses, ports, and protocols. However, they may not be as capable of detecting more advanced threats like application-layer attacks, zero-day exploits, or targeted social engineering attacks. Additional security measures, such as intrusion detection and prevention systems (IDPS) and user education, are required to address these threats.

It’s important to note that while firewalls have their limitations, they are still a crucial part of a layered security strategy and provide valuable protection against many common network threats. Organizations should complement firewalls with other security measures to ensure comprehensive protection

Difference between Firewall and Anti-virus

Firewall	Antivirus
A firewall is a network security device that acts as a barrier between an internal computer network and external networks, such as the Internet.	An antivirus software, often referred to as just “antivirus,” is a computer program designed to detect, prevent, and remove malicious software, commonly known as malware.
It comes in the form of hardware and software.	It comes in the form of software only.
A firewall is usually defined as a network-controlling system.	It is used to scan, find, and remove viruses, malware, and Trojans, which can harm our system.
A firewall is usually defined as a network controlling system.	Anti-viruses are primarily responsible for detecting and removing viruses from computer systems or other devices.
It supports both types of implementation that’s why it is more scalable than Antivirus	It is less scalable than Firewall.

Conclusion

Firewalls can be implemented using dedicated hardware appliances or as software solutions running on servers or network devices. They are an essential component of network security, providing a vital layer of protection to safeguard networks and the data transmitted within them.

FAQ

Recent Articles on Computer Networks

1. Introduction to Computer Networking | What is Computer Network
2. What are Topology & Types of Topology in Computer Network
3. What is FootPrinting in Cyber Security and its Types, Purpose
4. Introduction to Cloud Computing | What is Cloud Computing
5. Distributed Shared Memory and Its Advantages and Disadvantages
6. What is a VPN? How does a VPN Work? What VPN should I use?
7. What is an Internet and How the Internet Works
8. What is a Website and How Does a Website or web work?
9. Introduction to Virus and Different Types of Viruses in Computer
10. What is TCP and its Types and What is TCP three-way Handshake
11. What is the UDP Protocol? How does it work and what are its advantages?
12. What is an IP and its Functions, What is IPv4 and IPv6 Address
13. What is MAC Address and its Types and Difference MAC vs IP
14. What is ARP and its Types? How Does it Work and ARP Format
15. Sessions and Cookies and the Difference Between Them
16. What is the ICMP Protocol and its Message Format?
17. What is Big Data? Characteristics and Types of Big Data
18. Disciplines of Cyber Security | What are the goals of Cyber Security?
19. Network Scanning, Types, and Stealth Scan in Computer Network
20. Cryptography and its Types in Ethical Hacking
21. Tor Browser and How Does It Work | Onion Router Tutorial
22. Proxy Server, Advantages, Difference between Proxy Server & VPN
23. DHCP Protocol and What Are the Pros and Cons of DHCP
24. Intrusion Detection System(IDS) and What are the types of IDS
25. Domain Name Server, How Does It Work, and its advantages
26. Telnet: Introduction, How Does it Work, and Its Pros and Cons
27. SOC: Introduction, Functions performed by SOC, and its Pros
28. What is SIEM? | What is the Difference between SIEM and SOC?
29. Application Layer in OSI Model | OSI Model Application Layer
30. What is SSL Protocol or SSL/TLS and SSL Handshake, and Architecture of SSL
31. What are Servers, how do they work, and its different Types
32. Network Devices-Router, Switch, Hub, etc in Computer Network
33. Connection Oriented and Connection-less Services in Network
34. Physical Layer in OSI Model | OSI Model Physical Layer
35. Presentation Layer in OSI Model | OSI Model Presentation Layer
36. Session layer in OSI Model | OSI Model Session layer
37. Transport Layer in OSI Model | Computer Network Transport Layer
38. Network Layer in OSI Model | OSI Model Network Layer
39. Data Link Layer in OSI Model | OSI Model Data Link Layer
40. Block Diagram of Communication System with Detailed Explanation
41. Transmission Mode, Types, Pros and Cons in Computer Networks
42. LAN, MAN, WAN, PAN, CAN: Types of Computer Network
43. Transmission Media | Guided and UnGuided Media in Networks
44. URL, Anatomy of a URL, and Difference between URI and URL

Related Articles on Linux

1. What is Linux Operating System | Introduction to Linux
2. Directory in Linux Define | Linux Directory & its Commands
3. Explain the chmod command in Linux | Linux chmod command
4. Linux User Management || User Management in Linux
5. Linux Computer Network Advanced Command | Network Command
6. Redirection in Linux I/O| Linux I/O Redirection