| certifications | security - Ross Heintzkill
13 Common Questions about Firewalls: Answered
Firewalls are one of the oldest and most widely used network security solutions. Firewalls monitor and filter traffic to and from a device, following predefined security rules to block suspicious traffic and protect devices from various cyberattacks. Firewalls range from free or inexpensive software solutions for home use to high-powered, special purpose hardware protecting sensitive enterprise assets.
To help you better understand firewalls, we answered some common questions. Hopefully, the answers can help you in choosing the right firewall solution for you or your company's needs.
1. Where did the term firewall originate?
The term firewall originally had a more literal meaning. As far back as the mid 1600s, it referred to special walls, made of noncombustible materials that were used to separate buildings or groups of buildings into sections. The walls would stop fires from spreading from one section to another.
Today, the term may be used in other contexts such as financial firewalls erected to prevent the spread of insider information. But it generally refers to hardware or software used to prevent the spread of malware or to detect data leakage in computer networks.
2. How does a firewall protect data?
Data transmitted over the internet has several categories of metadata associated with it. An individual packet has a source IP address and a destination IP address, which basically says where it's coming from and where it's going. It's also directed toward one of many ports, each of which are meant for different purposes.
Firewalls inspect this metadata and either block or allow it. For example, firewalls may be used to block a device from receiving any traffic originating from an external network, block off unused ports, or block all traffic except packets coming from a list of pre-approved IP addresses.
3. What can a firewall protect against?
Firewall capabilities vary quite a bit from basic home firewalls to advanced NextGen firewalls designed to protect critical enterprise systems. All firewalls can detect certain kinds of known malicious traffic. They can block traffic from IP addresses associated with malware and phishing attacks — or block traffic to ports that are not used by legitimate traffic. More advanced firewalls can also inspect the contents of data packets and detect known malware signatures.
4. What can't a firewall protect against?
No security solution is perfect, including firewalls. Firewalls are only as good as the security rules they are programmed to follow. Basic firewalls are able to block traffic to and from known malicious IP addresses and block unused ports and protocols; if they are properly configured, this will prevent many easy attacks. But it will not stop a malicious or compromised insider from exporting sensitive data or block attacks from apparently legitimate IP addresses.
Similarly, more advanced firewalls are able to inspect the content of data traffic and check for known attack indicators, but are unable to prevent new attacks. Hackers know how firewalls work and actively seek ways to evade them. Consequently, firewall users need to make sure their firewalls are configured properly and updated frequently to adapt to new threats.
5. What's the difference between hardware and software firewalls?
Hardware firewalls are a physical device usually controlled by a proprietary operating system. As a dedicated device, they handle higher volumes of traffic without any impact on the performance of the servers and end-user devices they are protecting. They are more expensive and more difficult to configure than software firewalls, but they are capable of protecting large networks with a high traffic volume. The proprietary operating systems provide additional security: they are not vulnerable to the attacks that take advantage of vulnerabilities in common operating systems, such as Windows, Linux, MacOS, and Chrome. OS.
6. Where are firewalls typically located?
Ideally, firewalls are placed as close as possible to the asset they are protecting. Perimeter firewalls protect an entire network from untrusted traffic. Internal firewalls may be used to protect particularly sensitive or critical network segments, or to limit the damage of any attacks that do get past the perimeter defenses. Many attacks attempt to move laterally once they gain a foothold, attempting to penetrate as many systems as possible. Internal firewalls can also prevent malicious or unwitting insiders from accessing prohibited systems.
7. What is the best firewall for home use?
As with any security solution, it depends. What do you need to protect, what solutions do you already have in place, what threats do you need to defend against, and how much are you willing to spend? Many home users just want to block viruses, malware and spyware. Installing a commercial off-the-shelf software firewall is sufficient.
For homes with many connected devices, hardware perimeter firewalls may be useful, as they will protect all the connected devices, including IoT devices. Some include controls that let parents limit their kids' internet usage.
8. How much does firewall software cost?
Firewall software varies depending on the sophistication and level of protection provided by software. There are free options, including Windows Defender, which is included by default on new Windows installations. Subscriptions to commercial firewall software as of March 2021 range from about $20 to $100 per device per year.
9. How does firewall inspection work?
Firewalls are configured with a list of predetermined rules that instruct a firewall on how to treat incoming or outgoing network traffic. These rules can be defined by conditions such as the IP address or port number from which a data packet originates, and generally include flags which are commonly used for malicious reasons. For each condition, a firewall can be set to allow it through or ignore it. When a packet arrives at a firewall, the firewall inspects the packet and checks it against its predefined security rules. If a packet fails to meet any of the security rule conditions, it is dropped.
10. What is deep packet inspection?
Basic firewalls only inspect packet headers for IP addresses and port and protocol numbers. More advanced firewalls perform deep packet inspection, examining the content of the data packet in addition to the header. These firewalls are able to block packets containing viruses or spyware, even if the packet header passes inspection. This allows the firewall to block malicious software even if it comes from a previously trusted source.
11. Will IPSEC make firewalls obsolete?
IPSEC is a suite of protocols, standards and algorithms used to secure traffic over an untrusted network. It is commonly used to set up virtual private networks (VPNs) over the internet. IT provides a secure, authenticated channel with end-to-end encryption. It does not, however, filter any other traffic coming into your device. IPSEC can provide privacy and protect information, it is not, in and of itself capable of filtering untrusted or malicious network traffic. In order to do that, it is still necessary to have a firewall in place to protect a device or network.
12. If I have a firewall, do I have a DMZ?
Maybe. If you have a DMZ you almost certainly have at least two firewalls, but you can have a firewall without having a DMZ. In networking, a demilitarized zone (DMZ) is used to create a segregated space to isolate Internet-facing devices, like e-mail, websites, and DNS servers from an organization's internal networks and devices. The internet-facing devices are most vulnerable to attack.
DMZs are designed to prevent attacks from spreading from those vulnerable devices to the rest of the organization. The DMZ will be protected by perimeter defenses, including perimeter firewalls, to prevent attacks coming from the internet. The rest of the organization's IT infrastructure will be protected by internal defenses, including firewalls, placed between the internal network and the DMZ to prevent any successful attacks from spreading beyond the DMZ.
13. What is the strongest firewall?
With technology in general, and security in particular, this is a difficult question to answer. A better question is, "what is the best firewall for my needs right now?" The answer to that will vary based on the assets you want to protect, the threats you face, the solutions you already have in place, and your security budget. The threat environment changes rapidly as hackers develop new attacks, and vendors develop defenses.
In general, the best firewall is one designed by a reputable, experienced vendor like Palo Alto, with the capabilities you need, that works with your existing network and devices, is updated frequently, and is available at a price you can afford.
Firewalls aren't a be-all-end-all solution. But configured properly and updated frequently, they can be a powerful tool for keeping networks safer from cyberattacks. The key is to understand their strengths and limitations. By doing so, you can complement firewalls with other security tools and measures.