What Is a Firewall and Why Is It Necessary?February 25, 2019
There are lots of ways in which you can become the victim of malware attacks. Using a firewall is one of the best shields against hackers attacks.
You probably heard before that using a firewall is a must to strengthen your internet security. But what is a firewall exactly?
In this post, we'll go over what is a firewall, how it works, and why you should use a firewall to protect your online security.
A firewall is a security system that keeps an eye on all the network traffic (both incoming and outgoing) and decides what network packets to let in or out, based on a set of security rules. Simply put, the firewall acts as a shield between the internal network and the external network (such as the internet).
In places with more computers or devices, such as an office, there are internal networks and external networks (the internet). While the internal network is safe and trusted because only certain users get access to it, the external network is an open door for malicious attacks.
When you connect to the internet, you expose yourself to various risks. Besides the risk of downloading malware that will cause your computer to crash, hackers also get the opportunity to get hold of your computer and steal your private data such as your accounts credentials or even your credit card information. The firewall is the first defense layer to protect yourself from such threats.
A firewall network system can be either software or hardware.
Hardware firewalls - These types can be either firewalls built into the network routers or physical firewalls, and they protect all the devices that are connected to that network.
Software firewalls - These types of firewalls are programs installed on a specific device and monitor the network traffic only on that device. On Microsoft operating systems, starting with Windows XP, you'll find a firewall already enabled by default. Although the Windows firewall comes in handy, it lacks more features than those purchased from antivirus software providers.
To better understand how a firewall works, let's go a bit over how your computer communicates with the internet.
The information travels between networks in the form of network packets. These packets contain information such as the source and destination address along with the data. Your computer receives these network packets through the entry points, called ports.
The easiest analogy here is to think about your computer as your house. The IP address is the address of your house, and the ports represent the rooms in the building. You only allow people you trust (source addresses) to enter your house (destination address). From there, the data is filter even further and only certain people have access to specific rooms. You, the owner, are allowed in all rooms (ports), but guests are only allowed in certain rooms (ports).
The firewall is the one that monitors all the network packets entering or leaving your computer, analyzes them, and decides which packets are trustworthy and which aren't. The firewall filters unsecured and suspicious traffic based on a set of established rules.
Filtering data packets is the base of how a firewall works. The main thing a firewall looks at is the IP address of the source or destination. If the IP address fails to follow the security rules that have been established, the data packet is rejected so you're protected against malicious attacks.
Modern firewalls software are more advanced and they can filter the traffic based on various criteria such as keywords, domain names, applications, and specific data ports.
The technology of firewalls evolved over time from when it was first introduced in the 1980s.
Packet filters are the first type of firewalls created and also the most common. Packet filters analyze the packets transferred between computers and when a packet does not match the filter's set of security rules, the packet is either dropped or rejected. When the packet is dropped, the process takes place silently in the background. As with rejected packets, the packets are blocked and the sender receives an Internet Control Message Protocol notification.
The data packets are filtered based on the IP address of the source or destination, protocol, and source or destination port numbers.
While packet filtering firewalls are more effective than having no layer of protection at all, they are also quite limited. For example, a data packet from a trusted source can pass the firewall filter because the IP matches the set of rules, but it can have hidden malware that the firewall is not able to spot.
The packet filtering firewalls of the first generation are stateless. This means the packets are analyzed independently, with no context, making them an easy target for hackers. The second generation of firewall systems introduced stateful filters.
Stateful firewalls work similar to the packet filtering firewalls, the difference being that, unlike stateless filtering, stateful firewalls analyze the connection as a whole. Stateful firewalls remember if the device had communicated with a specific source address beforehand, and only applies the filtering set of rules after inspecting the overall connection. This type of firewalls is considered to be more secure.
Application layer firewalls (also known as proxy firewalls) are more advanced than the packet filtering firewalls as they can comprehend applications and protocols. Such protocols are FTP (File Transfer Protocol), DNS (Domain Name System), and HTTP (Hypertext Transfer Protocol. Application layer firewalls can detect if an application is trying to bypass a firewall filter or if a protocol is used in a malicious way, making these kinds of firewalls more efficient.
Next-generation firewalls (NGFW) are the most recent types of firewalls. They offer a deep packet inspection, having advanced functions such as:
- identity awareness
- intrusion prevention systems (IPS)
- application level inspection
Because NGFWs are more advanced, they can better understand the network connection overall and take more informed decisions when deciding what data packs to let in or out a device. They can block malware even before it enters the network.
The main job of a firewall is to protect your devices from connecting to unreliable networks that could put your computer and personal information at risk.
Without any means to protect against attacks, you can, at any time, become a prey of hackers. There are numerous ways in which a hacker can get access to your computer or private information from downloadable malware and malicious sites to hacked WiFi networks. A firewall is able to spot some of these malicious actions and will block your computer from receiving data packets from harmful sources.
Firewalls also have other purposes. They are often used in workplaces and schools to block users' access to certain websites or applications. The most common websites and apps blocked in offices and schools are social media platforms, YouTube, torrenting, and email clients.
Advantages of a firewall
- Protecting your computer from external threads - When using a firewall, you're protected from cyber threats to a greater extent than without a firewall. The firewall acts as a barrier between your computer and the internet and only lets traffic from trusted and secure sources to communicate with your computer.
- You can customize your security protocols - With a firewall, you or the network administrator can choose which ports to receive and send data for specific actions such as accessing certain web pages or using certain email clients. This is highly useful because you can customize the firewall based on your specific needs. It is even more beneficial when there's a network of computers as the experience can be tailored for individual users.
Disadvantages of a firewall
Although firewalls can block intruders' access to your computer and prevent you from accessing malicious destinations, they can't block any kind of threat out there. Viruses, for example, can still get in your computer if you open an email containing malware. Not to mention, some types of malware are designed to bypass firewall filters.
The advantages of a firewall are significant. And while a firewall cannot protect you from all types of attacks, it still offers your devices a thick layer of protection against hackers attacks.
A firewall should not be seen as an all in one solution for network security but as a service. It is just the first line of defense.
If you want to properly keep your computer protected, you should always use a firewall in conjunction with an updated antivirus program.
Additionally, you can also use a VPN service to keep your web browsing private and anonymous, and protect yourself when using public WiFi networks. The internet traffic through a VPN is encrypted so hackers or other third-party snoopers can't get hold of your private information.