The internet is all about connectivity. Unfortunately, while there are many sites and content that you may want to connect to, there are plenty of things you don’t want to connect to as well. Computer viruses have been around for a long time. Some of the really early ones weren’t really destructive and just did something unexpected like play techno music or sent a chain email.
That’s not the case in the modern world though. Viruses and malware can delete or encrypt files and hold them for ransom, log your key presses to determine passwords and banking information, or quietly enroll your computer in a botnet to attack others.
Viruses and malware aren’t the only nasty things out there either. Hackers constantly use automated scanning tools to probe devices on the internet to identify ones that are vulnerable to tools they have to hand.
You might be tempted to just disconnect your computer from the internet to keep it secure. While that will work, it’s not great as you lose access to the vast wealth of useful information and funny cat pictures that make up the internet. To manage the balance between access and security, you have the firewall.
What Is a Firewall?
A firewall is a tool that allows through specified network traffic and blocks other traffic. By carefully tuning the rules that control whether a network packet is let through the firewall or not you can meaningfully increase the security posture of your computer.
The basic concept is built around an access control list. Some things are allowed, some things are explicitly blocked and everything else is blocked by default. If you encounter a situation where your firewall is stopping you from doing something it’s generally a good idea to take a second to work out why that connection was blocked.
Of course, you can allow the communication if there is no legitimate reason. Or the reason no longer applies. Similarly, if you’re getting network traffic you don’t want you can just block it. It can be worth considering why it was allowed before doing so. As blocking access may break legitimate functions.
There are two main types of firewalls. The network firewall and the personal firewall sit at different points on a network diagram. They offer other benefits and drawbacks. Both can be useful and work together well, though having more than one can complicate the process of diagnosing which one is blocking something that shouldn’t be blocked.
Network Firewall
A network firewall is a firewall that is located somewhere within your Local Area Network (LAN). Or potentially your Wide Area network (WAN). It will always be placed between devices and the actual internet connection. It will generally be located as close to the internet connection as possible. In a network topology sense, not necessarily in physical proximity.
A network firewall is typically a physical server-type device. It may be a standalone device or be integrated into another networking device such as a router. They are usually deployed in enterprise-grade networks and are significantly less common in home networks.
Note: NAT and PAT, while not intended as a firewall-like security feature, offer similar benefits, at least when it comes to blocking and allowing inbound communication. All home routers implement NAT and PAT. So you could think of that as a network firewall.
Network firewalls are generally designed to filter all incoming and outgoing network traffic from an entire network. Its position on the network gives it excellent insight across all traffic on the network. Still, many connections are encrypted between end-user devices and web servers. It doesn’t always have a great view into the actual content of the network traffic. For this reason, most network firewall rules are based on blocking known bad IP addresses and preventing access to unwanted port numbers.
Network firewalls are great at providing protection for devices that cant run firewalls of their own. They’re also good at offering centralised protection of a large number of devices. Unfortunately, they’re often slow to be updated if there’s a rule that needs changing. However, this is generally due to weak or overly cautious corporate policies and people not knowing who to communicate with to fix the problem.
Personal Firewall
A personal firewall is a software firewall that is installed on your device. It can monitor communications and be configured to manage the access of individual applications. These are often tied into some sort of anti-malware type solution, though since Windows XP, Windows has come with a free firewall built in.
Personal firewalls also come with your device. This isn’t especially important for desktop computers. Still, laptops and mobile devices may connect to many networks each with different risk profiles. For example, in a corporate network, you may have many network-connected shares, printers, and other devices that need to be communicated with smoothly.
In a home environment, you are generally relatively safe but don’t necessarily need those services allowed by the firewall, and closing them is good defence-in-depth. If you’re connected to a public Wi-Fi hotspot though you have no idea what else might be connected to the network, your firewall should be locked down tight.
Personal firewalls are a lot easier to update to grant or deny access to something. While many devices include more management overhead, some offer centralised control end users aren’t trusted to be in control. Personal firewalls only cover one device but can protect it wherever it is. A significant risk is that if a virus does get through. It may get enough control of the computer to directly control the firewall, which might as well not be there.
Web Application Firewall
Web applications are also under a constant barrage of attacks by hackers. Typical firewalls are excellent at keeping the server protected from unwanted traffic, but the application itself may be vulnerable. While secure development practices and proper security testing are the best security policies, implementing a Web Application Firewall or WAF can help act as defence-in-depth.
Tip: Defence-in-depth is a security concept with multiple security feature layers. The idea is that if one defence mechanism fails or is bypassed, there are still other defences.
A WAF operates slightly differently from other firewalls. Because it’s in the application, it can see and analyse the decrypted traffic. This allows it to analyse the content of the actual messages sent. If any request is identified as being potentially malicious it can be blocked. A typical example of the type of thing that might be blocked are requests that contain javascript. Cross-Site Scripting or XSS attacks involve sending requests with javascript such that a browser might execute the malicious code.
Conclusion
A firewall is a tool that monitors network traffic and either blocks or allows it depending on a list of rules that the firewall has. These rules can b modified to suit the users’ needs and use cases, though in some cases the user may not be able to implement the change themselves.
Firewalls generally block unexpected incoming traffic, they also keep track of sent requests so that they can allow through the responses. It is usually also prudent to lock down the outgoing requests if they’re not necessary as a defence-in-depth measure.
Note: Firewall terminology often refers to blocklists and allowlists.
Did this help? Let us know!