Back to Blog

pfSense

What is a Firewall?

Written by: Netgate

Date: June 21, 2023

What is a Firewall?

Today's interconnected digital world makes the concept of a firewall increasingly pertinent. But what is a firewall, and why is it essential to online security? This comprehensive guide will walk you through everything you need about firewalls, from their basic definition to advanced features and future trends.

Introduction

A firewall is a network security device that monitors and controls traffic to and from the network based on predetermined rules. It serves as a barrier between trusted internal networks and untrusted external networks (like the Internet). So, you could say that a firewall acts as a digital security guard that inspects the data trying to get into or out of a network.

Firewalls can be traced back to the late 1980s when the Internet was new and unthreatened. They began as simple packet filters and have progressed into the sophisticated systems we have today. The term "firewall," however, is borrowed from the construction industry, where it refers to walls built to stave off the spread of fire. In the digital world, firewalls exist for the same reason: to stop cyber threats from spreading to networked computers. Most people have some firewalls around their digital lives. If you have a decent antivirus program on your computer or an app that protects your phone, then you have a firewall.

Early firewalls were simple packet filters, but they've since evolved into complex systems capable of deep packet inspection, application-level filtering, and even incorporating artificial intelligence to detect and prevent threats.

The Importance of Firewalls

Why do we need firewalls?

  • Protection against cyber threats: Firewalls are your first line of defense against various online threats, including malware, ransomware, and denial-of-service attacks.

  • Prevention of unauthorized access: They control who can access your network, keeping out potential intruders and hackers.

  • Data security and privacy: Firewalls help protect sensitive information from being leaked or stolen by monitoring and controlling data flow.

  • Compliance with regulations: Many industry regulations, such as GDPR, HIPAA, and PCI DSS, require firewalls to protect data and maintain privacy.

Critical functions of firewalls:

  • Traffic filtering: Firewalls examine each packet of data trying to enter or leave your network, allowing or blocking it based on predefined security rules.

  • Access control manages who can access your network and what resources they can use from inside and outside the network.

  • Logging and monitoring: Firewalls keep detailed logs of network traffic, crucial for detecting unusual activities and troubleshooting issues.

  • Network segmentation: They can divide a network into separate segments, improving security by isolating sensitive areas from potential threats.

How Firewalls Work

Basic principles of firewall operation:

Firewalls examine packets of data traveling across a network and determine whether to allow or block them based on predefined rules. These rules can be based on various criteria, including:

  • Source and destination IP addresses

  • Port numbers

  • Protocol types

  • Application-specific data

When a packet arrives at the firewall, it's compared against these rules. If it matches a rule allowing it through, the packet is forwarded to its destination. If it matches a rule blocking it, or if there's no matching rule, the packet is dropped.

Network layer vs. Application layer inspection:

Firewalls can operate at different layers of the OSI (Open Systems Interconnection) model, primarily at the network and application layers.

  • Network layer inspection: Firewalls mainly function at the network layer and the application layer of the OSI model. Network layer inspection is also called packet filtering. Bandwidth throttling, present in many Internet service providers, is a firewall. Packet filtering is fast and efficient and uses only a tiny amount of system resources, but it is limited in what it can "decipher."

  • Application layer inspection: The application layer performs the inspection of packet contents, explicitly understanding the protocols and behaviors unique to different applications. This allows it to provide significantly more tailored protection and, therefore, more effective. However, it also requires a lot more processing power.

Types of Firewalls

Packet filtering firewalls

The most basic type of firewall is packet filters, which examine the headers of data packets and make decisions based on predefined rules. They're fast and use minimal system resources but need help understanding the context of the traffic.

Stateful inspection firewalls

These firewalls build upon packet filtering by monitoring the state of active connections. They can determine whether a packet is the start of a new connection, part of an existing connection, or invalid. This context-aware approach provides better security than simple packet filtering.

Proxy firewalls

Also known as application-level gateways, proxy firewalls act as intermediaries between internal and external networks. They break the connection between the client and the server, examining traffic at the application layer. This provides excellent security but can impact performance due to the additional processing required.

Next-Generation Firewalls (NGFW)

NGFWs combine traditional firewall capabilities with advanced features like:

  • Deep packet inspection

  • Intrusion prevention systems

  • Application awareness and control

  • Integration with threat intelligence feeds

Unified Threat Management (UTM) firewalls

UTM firewalls are all-in-one security appliances that include multiple features such as:

  • Firewall capabilities

  • Antivirus protection

  • Intrusion detection/prevention

  • Content filtering

  • VPN support

Threat-focused NGFW

These are NGFWs with enhanced threat detection and remediation capabilities. They often incorporate machine learning and behavioral analysis to identify and respond to sophisticated threats.

Virtual firewalls

Software-based firewalls are designed to protect virtual environments. They're instrumental in cloud computing scenarios where traditional hardware firewalls may need to be more practical.

Cloud Native Firewalls

These firewalls are designed specifically for cloud environments and services. They protect cloud-based assets and can scale dynamically with cloud workloads.

Advanced Firewall Features

Network Address Translation (NAT)

NAT hides internal IP addresses from external networks, adding an extra layer of security. It works by replacing the source IP address of outgoing packets with the firewall's external IP address, making it harder for attackers to map your internal network.

Virtual Private Network (VPN) support

Many firewalls include VPN functionality, enabling secure remote access to protected networks. This is especially important in today's world of remote work and distributed teams.

Intrusion Prevention Systems (IPS)

IPS actively detects and prevents potential security breaches. It monitors network traffic for suspicious activities and can automatically take action to block threats.

Firewall Implementation

Hardware firewalls

These are physical devices dedicated to network protection. They're typically used in enterprise environments and offer high performance and reliability. Examples include devices from Cisco, Palo Alto Networks, and Fortinet.

Software firewalls

These are programs installed on individual devices or servers. They're more flexible than hardware firewalls but may impact system performance. Windows Defender Firewall and macOS's built-in firewall are common examples.

Cloud-based firewalls

Also known as Firewall-as-a-Service (FWaaS), cloud security providers provide these. They offer the advantage of easy scalability and management, making them popular for businesses leveraging cloud infrastructure.

Real-World Firewall Examples

Enterprise-level firewall implementations

Large organizations often employ complex, multi-layered security systems. For example, a multinational corporation might use:

  • Perimeter NGFWs to protect the network edge

  • Internal segmentation firewalls to isolate different departments

  • Web application firewalls to protect customer-facing services

  • Host-based firewalls on individual servers and workstations

Home network firewalls

Most home routers have built-in firewalls that provide essential protection. Operating systems like Windows and macOS also include software firewalls. Some home users opt for dedicated firewall devices or more advanced router firmware like DD-WRT for enhanced security.

Notable firewall incidents

The Great Firewall of China is the most well-known example of a large-scale firewall implementation. It's a nationwide censorship and access control system regulating Internet traffic in and out of China. While controversial, it demonstrates the powerful capabilities of firewall technology when implemented on a massive scale.

Best Practices for Firewall Protection

Proper configuration

Tailoring firewall rules to your specific network needs is crucial. This includes:

  • Implementing the principle of least privilege

  • Regularly reviewing and updating firewall rules

  • Using strong authentication for firewall management

Regular updates and maintenance

Keeping firewall software and firmware up-to-date is essential for maintaining security. This includes:

  • Applying security patches promptly

  • Updating threat signatures

  • Conducting regular security audits

Integration with other security measures

Firewalls should be part of a comprehensive security strategy. This involves:

  • Combining firewalls with antivirus software and intrusion detection systems

  • Implementing security information and event management (SIEM) systems

  • Conducting regular security awareness training for employees

Total Cost of Ownership and Return on Investment

Calculating a TCO for your firewall is quite simple: Initial software cost + hardware costs + ongoing maintenance, support, and management.

Getting the ROI isn’t as easy. IBM® places the global average cost of a data breach at $4.45 million, but how does one measure the value of preventing a security breach and losing sensitive data? While the calculus of this isn’t super simple, starting with a very low TCO is the best place to start. The lower the TCO, the faster the ROI.

pfSense Plus is the lowest TCO enterprise firewall on the market. It provides the needed feature set and ease of use/ongoing management for enhanced cloud security and networking. With over 9 million downloads, more than 1 million active users, a massive installed base (which are active on Reddit and community forums), and 24x7x365 Netgate support for 1/10th the yearly cost of other vendors, you can’t get a lower total cost of ownership than that of pfSense Plus.

The Future of Firewalls

Emerging technologies in firewall development

  • Intent-based networking: This approach allows administrators to define high-level policies, which the network interprets and implements automatically.

  • Zero Trust security models: These assume no traffic, whether internal or external, should be trusted by default. Firewalls play a crucial role in implementing Zero Trust architectures.

AI and machine learning in firewall systems

  • Improved threat detection: AI can analyze vast amounts of data to identify patterns indicative of new or evolving threats.

  • Automated response to security incidents: Machine learning algorithms can make real-time decisions to mitigate threats without human intervention.

  • Predictive analysis: AI can anticipate potential security issues before they occur, allowing for proactive defense measures.

Conclusion

Firewalls are essential network security tools that bolster protection at various layers of an organization's network architecture. For all the good and necessary reasons, firewalls have and continue to evolve to become even more "user-friendly" with "better" and "richer" features. They also continue to become even more diverse in how and where they can be deployed across and within an organization's network architecture. 

Remember that cybersecurity is a continuous undertaking. Stay updated with the latest advancements in firewall tech and keep reviewing your security setup so you can always stay one step ahead of potential threats. By grasping what firewalls are, how they function, and how to implement them effectively, you are taking an essential step toward securing your digital life. At a time when data breaches and cyber-attacks are making front-page news daily, it's easy to see why that security precedence might feel overwhelming, but firewalls are an effective first line.

Frequently Asked Questions

What is a firewall in a computer?

A firewall in a computer is a security system that monitors and controls incoming and outgoing network traffic. It acts as a barrier between trusted internal networks and untrusted external networks, such as the Internet. Firewalls can be implemented as hardware devices, software programs, or a combination of both.

What are the 3 types of firewalls?

The three main types of firewalls are packet filtering firewalls, stateful inspection firewalls, and proxy firewalls. Packet filtering firewalls examine packet headers, stateful inspection firewalls monitor the state of network connections, and proxy firewalls act as intermediaries between networks. Each type offers different levels of security and performance.

What is a firewall for example?

A common example of a firewall is the built-in Windows Defender Firewall on Windows computers. Other examples include hardware firewalls in routers, software firewalls like ZoneAlarm, and enterprise-level firewalls from companies like Cisco or Palo Alto Networks. These firewalls protect networks and devices from unauthorized access and cyber threats.

What does a firewall do for dummies?

For beginners, a firewall can be thought of as a security guard for your computer or network. It checks all data trying to enter or leave your system, allowing safe traffic through and blocking potential threats. Think of it as a bouncer at a club, deciding who gets in and who stays out based on a set of rules.

How to Find Network IP Address of Computer Using Computer Name?

To find a computer's IP address using its name, you can use the command prompt or terminal. On Windows, open the command prompt and type "ping [computer name]" to see its IP address. On Mac or Linux, open the terminal and use the command "ping [computer name].local" to find the IP address.

What does a firewall protect against?

A firewall protects against unauthorized access, malware, and various network-based attacks. It can prevent hackers from accessing your system, block malicious software from entering your network, and stop sensitive data from leaving without permission. Firewalls are a crucial first line of defense in cybersecurity.

Can a firewall block viruses?

While firewalls can block some viruses, they are not designed to be a complete antivirus solution. Firewalls can prevent viruses from entering through network connections, but they may not detect viruses already on your system or those entering through other means. For comprehensive protection, firewalls should be used in conjunction with antivirus software.

How can I set up a firewall on my home network?

Setting up a firewall on your home network typically involves enabling the built-in firewall on your router and individual devices. Access your router's settings through a web browser, find the firewall section, and enable it. On Windows and Mac computers, ensure the built-in software firewalls are turned on in your system settings.

What is the difference between a firewall and antivirus software?

Firewalls and antivirus software serve different but complementary security functions. Firewalls monitor network traffic and prevent unauthorized access, while antivirus software scans for, detects, and removes malicious software on your device. Both are essential for comprehensive computer security.

What is the difference between a hardware firewall and a software firewall?

Hardware firewalls are physical devices that protect an entire network, while software firewalls are programs installed on individual devices. Hardware firewalls offer centralized protection for multiple devices but require physical installation, whereas software firewalls provide device-specific protection and are easier to install and configure.

How does a firewall work?

A firewall works by examining all network traffic passing through it and comparing it against a set of predefined security rules. It allows data packets that meet the security criteria to pass through, while blocking those that don't. Advanced firewalls can also inspect the content of data packets for more sophisticated threat detection.

What is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. It encompasses various technologies, processes, and practices designed to defend against, detect, and respond to cyber threats. Cybersecurity is crucial for safeguarding sensitive information and maintaining the integrity of digital systems in our increasingly connected world.

What type of firewall is best?

The best type of firewall depends on your specific needs and network environment. For home users, a software firewall combined with a router's built-in firewall is often sufficient. For businesses, Next-Generation Firewalls (NGFW) or Unified Threat Management (UTM) systems typically offer the most comprehensive protection.

How to Remove a Virus or Other Malware From a Mac Can Your iPhone or Android Phone Get a Virus?

To remove malware from a Mac, use built-in security features or trusted antivirus software to scan and clean your system. While less common, iPhones and Android phones can get malware; keep your device updated, avoid suspicious apps and links, and consider using mobile security apps for protection. Regular backups and cautious browsing habits are essential for all devices.