What is a firewall?

M.Sc. Chris Wojzechowski

What is a firewall?

The term firewall appears very often in the context of corporate IT security. But what exactly is a firewall and what are the different types? So that you too can use this IT security tool correctly, we explain everything about the firewall in this article.

What is a firewall?

In a basic sense, a firewall is a tool that monitors, filters, and controls traffic entering or leaving your network. Their job is to allow good (trusted) traffic through and keep bad (untrusted) traffic from accessing or leaving your internal network. In other words, firewalls keep bad guys out of things while everyone else can use them normally.

They protect everything from malware (malicious software) and hackers, from simple home computers to the networks of large governments and corporations. Firewall architectures are available as both software and hardware. They can also be installed on your computers, different parts of your network or in your cloud environment.

Functionality

They inspect incoming or outgoing traffic and are programmed to either allow or block certain types of data packets. All data transmitted over a network (or between different networks) does so in the form of either TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) data packets. Each of these packets contains header information that tells where the data is coming from and where it is going. TCP packets contain more header data than UDP data packets, which means they are usually larger.

By inspecting the traffic that enters your network, you can prevent malicious code (viruses, malware, etc.) from entering your network through hackers that would otherwise compromise your data and systems. Of course, there are also firewall types that work at the application level. These target traffic flowing to and from your application or service to determine whether traffic should be allowed through.

Types of firewalls

  • Packet Filtering: As the simplest and oldest type of firewall architecture, packet filtering firewall types basically create a control point at a traffic router or switch. The firewall performs a simple inspection of data packets coming through the router – it checks information such as the destination and sender IP addresses, packet type, port number, and other surface-level information without opening the packet to examine its contents. If the information package does not pass the check, it is discarded.
    The good thing about these types is that they are not very resource intensive. That is, they do not have a great impact on system performance and are relatively simple. However, they are also relatively easy to circumvent compared to firewall architectures with more robust inspection capabilities.
  • Circuit-Level Gateways:
    Another simple firewall type designed to quickly and easily allow or deny traffic without consuming large amounts of computing resources, gateways operate at the circuit level by checking the transmission control protocol (TCP) handshake. This TCP handshake check is to ensure that the session from which the packet originated is legitimate. While these types are extremely resource efficient, they do not check the package itself. So if a packet contained malware but had the correct TCP handshake, it would pass. For this reason, line-level gateways alone are not enough to protect your business or home.
  • Stateful Inspection:
    These firewall types combine both packet inspection and TCP handshake inspection technology to provide a higher level of protection than either of the previous two architectures could provide alone. However, these types also place a greater load on computer resources. This can slow down the transmission of legitimate packets compared to the other solutions.
  • Proxy firewalls (cloud firewalls):
    Proxy firewalls work at the application level to filter incoming traffic between your network and the data source – hence the name “application-level gateway”. These firewalls are deployed via a cloud-based solution or other proxy device. Instead of allowing traffic through directly, the proxy firewall first connects to the source of the traffic and inspects the incoming packets. This check is similar to the stateful inspection firewall in that it examines both the packet and TCP handshake protocols.
    However, proxy firewalls can also perform deep-layer packet inspections, which check the actual content of the information packet to ensure that it does not contain malware. Once the check is complete and the packet is approved for connection to the destination, the proxy sends it. This creates an additional layer of separation between the “client” (the system from which the packet originates) and the individual devices on your network, providing additional anonymity and protection on your network. If there is a disadvantage of proxy firewalls, it is that they can cause a significant slowdown due to the extra steps involved in the transmission of data packets.

Next generation firewall architectures

Many of the recently launched firewall products are touted as “next-generation” architectures. However, there is no consensus on what really makes an architecture next generation.

Some common features of next-generation firewall architectures are deep packet inspection (checking the actual contents of the data packet), TCP handshake checks, and surface-level packet inspection. Next-generation firewall architectures may also include other technologies, such as intrusion prevention systems (IPS) that automatically stop attacks on your network.

The problem is that there is no single definition of a next-generation firewall. Therefore, before investing in such a type of firewall, it is important to make sure what specific functions it has.

Advantages of firewall penetration testing

Through a penetration test, it is possible to comprehensively test the configuration of a firewall architecture. This results in comprehensive protection against hackers. Conducting such a safety audit on a regular basis is essential to ensure and maintain safety. Assess and identify problems early using penetration testing.

A proactive rather than reactive approach prevents potential security incidents and eliminates the high costs associated with the recovery process. Increase the overall security posture of your business or household. A properly secured firewall means that the assets behind it are also adequately secured, especially from an external perspective. The recovery process after an incident and the resulting costs are usually high. These costs can be avoided if you perform security tests at regular intervals to reduce the likelihood of such an incident.

Conclusion

In general, the purpose of a firewall architecture is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communications to flow freely. In most server infrastructures, they provide an essential layer of security that, in combination with other measures, prevents attackers from accessing your machines in malicious ways.

New security vulnerabilities are discovered daily for any software – firewall architectures are no exception. To ensure the security of your architecture and your entire network, penetration testing (in addition to other security activities) should be performed at regular intervals.

Is a good firewall enough protection against malware?

A firewall is always only one of several technical measures to protect against malware. It is therefore recommended to use the firewall in conjunction with a virus scanner and other protective measures

Are open source firewalls worse than commercial products?

It is not possible to give such a blanket answer. The intended use and context of firewall products should be considered. Possibilities for customization and individualization must be taken into account. But the support from the manufacturer should also be considered.

How long can a firewall be used?

The duration of the possible use of a firewall depends on the availability and provision of updates by the manufacturer. As soon as a firewall no longer receives updates, you should quickly look for an alternative. If critical security vulnerabilities appear in the product, it must be replaced as soon as possible.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.