2022's best place for Cybersecurity Insights and Advice for Everyone

#1 - Signup to our list and get regular insights and advice on how to be cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

What is a Firewall?

by Cybergal | Last Updated | September 7, 2021
Cyber Dictionary|CyberSecurity - SMB

Viruses, worms, hacking, break-ins, denial-of-service (DoS) attacks, ransomware, malware and many more are roaming the wide expanses of the Internet. Hackers are out there, always trying to find their way into our computers.

It takes only one careless click to compromise an entire network. And if that network is infected, the consequences can be damaging, most commonly in the form of:

Business closure is the most damaging, but information theft is the most expensive and fastest rising repercussion of cybercrime. 

The scope, scale, speed and frequency of cybercrime are far from abating. As digital technologies advance, they introduce new vulnerabilities faster than they can be secured. While the big players may have the resources to protect their systems, small businesses are most vulnerable. 

The first line of defense is a firewall.

What is a firewall?

A firewall is a security device in the form of a software or hardware that filters all incoming and outgoing network traffic between your computer or company network and the Internet. It not only blocks outsiders from gaining unauthorized access to your computer but helps stop malicious software from infecting your computer.

How Firewalls Work

What is the difference between a software firewall and a hardware firewall?

A hardware firewall is a physical device laid out between your computer and the Internet or other network connections. It has actual network cables connected to ports inside and outside the firewall. Many vendors offer it as a small office or home office router that has firewall features. It is a separate equipment that requires trained professionals to configure and maintain. 

A hardware firewall is particularly useful as an additional line of defense by controlling the incoming network activity that passes through it. It examines the data that flows in from the Internet such as its source and location. It then compares the information gathered to a list of established permissions to determine whether the information should be allowed or dropped.

The main advantage of a hardware firewall is that it can protect all computers connected to it. Its major drawback is its inability to analyze information leaving your computer. You may need another layer of firewall for this, such as a software firewall.

A software firewall is a security program with firewall features built into your computer’s operating system (OS). It is typically positioned on the same system that is being secured, giving it the ability to control specific activities of applications on that system. It needs to be managed and regularly updated to increase its ability to detect and stop malicious activity.

One advantage of a software firewall over a hardware firewall is that it can monitor outgoing data traffic. It is also customizable so you can adjust it to meet your needs. One downside, though, is that it can protect only the computer it is connected to. You will need to install a firewall in each of your network computers.

How does a firewall work?

The main function of a firewall from a security standpoint is to prevent anyone on the outside from accessing any of the computers in your private network. Firewalls use one or more methods to filter traffic coming in and out of your computer.

Basic Functions of a Firewall

Packet filtering

Packet filtering is a standard means of defense against attempts from computers outside a local area network (LAN). During network communication, packets are filtered and matched with predefined sets of rules. 

The filtering process involves checking the source, destination IP addresses and destination protocols. Some packet filters can memorize previously used packet information while some cannot. After matching, packets are either accepted or disallowed.

Proxy service

A proxy service is a go-between function done by a dedicated computer system or software between an endpoint device and a client requesting the service. It allows the client to connect to another server for easier access to files, Web pages and other connections.

A proxy service filters requests by applying strict routing rules to ensure that no dangerous traffic creeps in. When a request comes in, it looks for pages already cached and returns them to the client. If the page is new, the proxy service fetches the page for the client.

Proxy service has two main types. One is the forward proxy used to retrieve a range of sources. The other is the reverse proxy used particularly to protect and secure the server. It carries out tasks like authentication, decryption and caching.

Stateful inspection

This method does not analyze the contents of each packet but compares certain information to a cache of trusted databases. The firewall monitors specific defining characteristics and compares them with the incoming information. If the information provides a reasonable match, the request is accepted. Otherwise, it is denied..  

Firewalls can also be configured.. 

If an identified IP address is reading too many files from a server, you can block all activity to and from that IP address.

Domain names are readable human names that all servers have on the Internet. You can configure your firewall to block certain domain names or allow specific domain names.

You can set firewall filters on certain protocols. They include:

You can also configure your firewall for certain specific words and phrases, such as obscene, vulgar, swear or offensive words. For example, you could set the firewall to block any packet with the words  “asshole”, “piss off”, “son of a b*tch”, etc. and include as many variations as possible.

A common guideline is to block everything. But that defeats the purpose of having an Internet connection. So you will need to select what types of traffic you will allow to specific users depending on your needs.

#2 So here we are at the middle of the post. We still think it's a good idea to signup.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

Types of firewalls

Firewalls are classified according to functionality. Here are the most common types:

Types of Firewalls

Packet filtering firewalls

Packet filtering involves checking all data packets coming from the network server. The firewall inspects pre-established specifics such as the source and destination IP addresses, protocol, port number and other available data.

These firewalls provide only basic protection and are vulnerable to being bypassed because they are not resource-intensive. 

Packet Firewall

Proxy firewalls

Also known as application level firewalls, proxy firewalls work at the application level. They prevent outsiders from directly accessing your internal network. They analyze the content of data packets against a set of user-defined rules. Since a proxy firewall is essentially an added barrier between the server and the client, it can cause considerable slowdowns. 

Proxy Firewall

NAT (Network Address Translation) firewalls

NAT firewalls work by assigning a public address to a group of computers inside a private network. They hide the individual IP addresses to prevent hackers from finding their way into your network. They block unsolicited communication and only allow inbound web traffic if a device in your network requested it.

NAT Firewall

WAF (Web Application Firewalls)

A WAF takes care of filtering and blocking data packets as they travel in and out of websites or applications. A WAF can reside either on the network, at the host or in the cloud. WAFs are available as plugins, network appliances or cloud services. They are similar to proxy firewalls but focus more on defending the application layer against attackers.

Web Application Firewall

NGFW (Next Generation Firewall [10]

NGFWs provide capabilities beyond traditional firewalls. They offer additional functions such as:

NGFW - Next Generation Firewall

UTM (Unified Threat Management) firewalls

UTM firewalls are single security solutions or appliances that provide multiple security functions. These functions include:

UTM - Unified Threat Management Firewall

What firewalls cannot do

There are malware threats that firewalls cannot prevent. These threats are usually caused by human-initiated activity.. 

Stolen laptop or device

Data theft or leakage are potential problems that can arise from stolen devices especially when sensitive data is not encrypted. In most cases, passwords are not enough. We recommend the use of multi-factor authentication to provide much better security.

Phishing and pharming

Phishing happens when you click on malicious email attachments and links. You could be unwittingly giving away sensitive information such as your bank account password or credit card details. 

Pharming is a phishing variation where criminals set up fake websites that look like those you normally use. Once you enter your credentials, they can gain access and potentially ransack  your account.

Viruses, worms and trojans

These malware threats cause annoying symptoms ranging from the slowing down of your computer to the more serious risk of your equipment malfunctioning or being damaged. It can mean great losses for your business or, worse, closure of your business.

SPAM

SPAM is another common danger not covered by your firewall. SPAM often contains viruses and phishing emails that can affect business productivity. SPAM can come from malicious emails, websites that have been hacked and injected with virus or flash drives that have been also infected.

Spyware

This form of threat gathers information about you. It can spy and record everything you do on your computer that can potentially destroy your reputation. Often, hackers make money out this scheme by demanding ransom.

Firewall best practices

Your network firewall is your most essential security tool. Your firewall configuration should aim to protect your system from external security threats as well as malware that could potentially extract sensitive data from your network and bring it to other locations. 

We have compiled firewall best practices that you may consider to protect your network from present and future danger.

Set up your firewall properly

The details of firewall deployment may differ depending on your network needs and the vendor you have chosen. But there are general practices that apply to all systems such as the following:

Use a least privilege policy

Create firewall rules that are as tight as possible when matching data and permitting traffic. Only allow traffic that is permitted by your company security policy and deny all other traffic for both inbound and outbound flows. A least privilege policy helps mitigate the attack area, allowing for more effective control.

Monitor user access

It is advisable to limit access to some specific traffic to certain services and applications. User permission is necessary to ensure that only authorized staff have access to firewall configuration change. Each and every access must be recorded in a log for audits and compliance and to detect any unauthorized configuration changes..

Create a firewall configuration change policy

You will need to update your firewall configuration as the needs arise to ensure that your firewall is strong and can protect your network from new threats. Your firewall configuration plan should include the following factors:

Watch out for firewall software updates

And do it regularly. Updates involve minor changes in the firewall software to address new potential security threats. Be alert on the latest firewall software version to patch up loopholes in your existing system and ward off hackers.

Use a firewall monitoring system

A comprehensive firewall monitoring system helps you track the performance of your firewall. Your firewall capacity increases as your company grows. This means more traffic as more packets are accepted and dropped every second. You don’t want to overload your firewall so keep monitoring.

Automate manual tasks

Maintaining firewalls is tedious and time-consuming. You may also need to do firewall-related tasks like enabling and disabling various features, deploying new services, validating configuration and maintaining high availability. Keeping up with these activities is labor-intensive and people doing the tasks are vulnerable to error.

Automation can replace many of these tasks. It can run commands and identify issues to assess the health of your firewall system. Network automation also helps reduce costs and while providing more accurate information on performance.

Manage your firewalls centrally

If you have multiple firewalls from multiple vendors, use a centralized management tool to ensure that all are functioning. This tool allows you to have a unified view of your whole firewall network, policies and rules. It also enables you to compare the systems and determine which are performing better.

Do regular firewall configuration and security audits

It is important to do configuration audits to find out if there is redundancy or failover and to ensure that no firewall becomes a single point of failure.  

Security audits are also important for compliance with company and external security regulations. They also keep you updated on any changes made to the firewalls, new deployments and firewall migration.

Conduct regular cyber security training

Quarterly or semi-annual training doesn’t work anymore. Your security policies are useless if your employees are not always aware of them. After all, they may potentially and unwittingly be the weakest link between your data and the bad guys.

It would be a good thing to continuously train them on basic security policies such as:

In conclusion, whether you own a computer or a network of computers, firewalls provide the first line of defense against security threats. While there are some risks that firewalls cannot block, firewalls greatly diminish the vulnerability of your system.

 

#3 You really should sign up. "Scouts Promise" ... it really will help you stay cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.