What is a firewall and how do they work?

Firewalls are the digital guardians that stand between our sensitive data and the cybercriminals lurking in the dark corners of the internet. In this article, I’m going to take you on a journey through the fascinating world of firewalls and explain how they work to keep us safe.

What is a firewall?

At its most basic level, a firewall is a piece of software or hardware that monitors and controls the flow of data between a computer or network and the internet. It acts as a barrier, blocking unwanted traffic while allowing authorised traffic to pass through.

Firewalls can be thought of as bouncers at a club. The bouncer’s job is to let in the people who are supposed to be there while keeping out the troublemakers. In the same way, a firewall allows legitimate data to pass through while blocking malicious traffic.

When did firewalls first come about?

As security issues evolved, new preventative measures had to be developed to protect organisations and individuals. In 1989, packet-filtered firewalls came about and then the first commercial firewall, called DEC SEAL, was released in 1992. Stateful firewalls began appearing in 1994.

As investments and technology continued, in 2004, IDC coined the term, UTM, or unified threat management, which involves a single hardware or software that provides multiple security functions, highlighting how this area of security was becoming more complex, with more companies enhancing these technologies. Next-generation firewall, introduced by Gartner, then came about in 2009.

How do firewalls work?

A firewall analyses networks based on rules, allowing incoming connections that it has been configured to allow through. It allows or blocks specific data packets, which are units of communication sent over digital networks. This way, only trusted IP addresses — these identify computers or sources — are allowed through.

Types of firewalls

You can get both software and hardware firewalls, both serving a different purpose. Hardware firewalls, like hardware, are physical and are stored between your network and gateway, like a broadband router for example. Software firewalls are internal programs on your device that work through port numbers and apps. As businesses transition online, there are now also cloud-based firewalls, known as Firewall as a Service (FaaS) which can grow with your organisation.

There are many types of firewalls based on how they filter traffic, their structure and functionality. Here are just a few:

Packet-filtering firewalls: these examine each packet of data that tries to pass through and compare it to a set of predefined rules. If the packet matches one of the rules, it is allowed to pass through. If it doesn’t match any of the rules, it is blocked. These are basic and are meant for smaller networks as they do have some limitations, like being unable to prevent web-based attacks.

Stateful multi-layer inspection (SMLI) firewalls: these go a step further, not only examining each packet but also keeping track of the state of the connection between the two computers. This allows them to determine whether a particular packet is part of an established connection or if it’s a new connection attempt. This type of firewall is more secure than packet-filtering firewalls because it can detect and block certain types of attacks that packet-filtering firewalls cannot. They are still, however, unable to tell the difference between good and bad web traffic.

Next-generation firewalls (NGFW): these are more sophisticated as they have higher levels of security where they inspect a packet in its entirety, such as its contents and source. These firewalls can block more complex and evolving security threats like advanced malware.

Network address translation (NAT) firewalls: these can assess internet traffic and block unwelcome communications. They only allow inbound web traffic if a device on your network has approved the IP address.

Firewalls can also be configured to block specific types of traffic, such as incoming or outgoing email, instant messaging or peer-to-peer file sharing. This can be useful in preventing data leaks or stopping employees from wasting time on non-work-related activities.

It’s a good idea to have both network-based and host-based firewalls set up. Network firewalls are usually used by businesses to protect large networks of computers, servers and employees, where they filter traffic from the internet to secured local area networks (LAN). A host-based firewall is a software that works somewhat the same but is stored on a single computer or device and can be installed on each server to control traffic and protect the host.

One of the most common uses of firewalls is to protect home networks. Many home routers have built-in firewalls that can be configured to block incoming traffic from the internet while allowing outgoing traffic. This helps to prevent hackers from accessing the computers and devices on your network.

Firewalls are also essential for businesses of all sizes. They protect sensitive data such as customer information, financial records and proprietary information. Without a firewall, a company’s network could be vulnerable to attacks such as viruses, malware and denial-of-service (DoS) attacks like ransomware.

Make sure to constantly update your firewalls as firmware patches come about after any new vulnerabilities are discovered.

Why should I use a firewall?

Being connected to the internet, you should have a firewall in place, especially since threats are constantly evolving. Some risks of not using a firewall include having your networks open for anyone to access, having your data exposed for cybercriminals to delete, steal or demand a ransom from, or could cause attackers to shut down your network, again, often requiring you to pay a ransom to restore. At the very least, not having one can mean a loss of data, time and money.

As much as you continue to tell staff not to click unknown links or to access untrusty websites, people make mistakes, so a firewall is a minimum protection you should be including in your business. Even if you combine this with virus protection, which you should, it’s still the bare minimum in security.

When does a firewall not work?

Firewalls can be great for protecting your networks, but there are many vulnerabilities your business can still face even when using one.

You could be hit by an insider attack, or even a distributed denial of service (DDoS) attack, where your network gets flooded with traffic. You could be hit by malware, which can be incredibly varied and complex which firewalls can find difficult to defend against, or there may be a missed vulnerability in your firewall that hasn’t yet been rectified which can allow threats to access your network.

Not all firewalls prevent employees from accessing malicious websites and they cannot protect against virus-infected files accidentally being downloaded. They don’t prevent issues surrounding passwords and if your system is already infected, a firewall will do nothing.

It is because of this that a firewall should not be the only protection your business implements as its security measure. All your devices need to have the latest operating system and security software. Contact your IT or managed service provider to make sure they are adequately protecting your business and continually monitoring your systems for cyberattacks to stop them in their tracks.

Firewalls are an essential part of computer security. They act as the first line of defence against cybercriminals and can prevent a wide range of attacks. Whether you’re using a home computer or running a business, it’s important to have a firewall in place to protect your data and keep your network secure. So, if you haven’t already, make sure to invest in a good firewall and keep your digital life safe from harm.