Understanding the Operations of a Firewall

We’re living in an exciting world where we’re at war with cyber hackers! Firewalls are our shields, protecting our computers and networks. But have you ever wondered how these digital defences work and keep us safe online? Let’s find out together!

Firewalls are essential for protecting against cyber threats. They work by checking incoming data, applying rules, and blocking anything suspicious or unsafe. The main goal of a firewall is to keep computers and networks safe from unauthorized access by allowing only the traffic that meets certain criteria.

Think of a firewall as a guard at the entrance of a building, checking if each person is allowed in. In the same way, a firewall checks the source of incoming data to see if it can be trusted. For added security, firewalls can also check data based on where it’s going (destination address) and the port number. For example, they might only let certain IP addresses access specific ports.

Imagine IP addresses as houses and port numbers as rooms in those houses. Only trusted people (source addresses) are allowed into the house (destination address). Once inside, they can only enter certain rooms (destination ports), based on their privileges. The owner might access any room (any port), but guests and children are only allowed in specific rooms (specific ports). By setting up firewalls carefully to only allow authorized traffic, network administrators can prevent unauthorized access and reduce the risk of cyber attacks.

Varieties of Firewalls

Firewalls come in two types: software and hardware. Software firewalls are programs installed on individual computers, while hardware firewalls are physical devices placed between the network and the gateway. For the best protection, it’s recommended to use both. The most common type of firewall is the packet-filtering firewall, which checks packets and blocks those that don’t meet the security rules. These firewalls look at the packets’ source and destination IP addresses, allowing only the packets that match the “allowed” rules.

Packet-filtering firewalls are divided into two types: stateless and stateful. Stateless firewalls assess packets one by one without any context, making them more vulnerable to attacks. Stateful firewalls, on the other hand, remember information about previously processed packets, making them more secure. Packet-filtering firewalls offer basic protection but have limitations. They can’t tell if the content of a request will harm an application. For instance, if a trusted source sends a harmful request that could delete a database, the firewall wouldn’t notice. Next-generation firewalls (NGFW) were created to address this issue.

NGFW combines traditional firewall functions with extra features like encrypted traffic inspection, intrusion prevention, and antivirus. They also use deep packet inspection (DPI) to analyze the data within each packet, which helps identify and block malicious packets more effectively. Proxy firewalls filter network traffic at the application level by acting as intermediaries between systems. Clients make requests to the firewall, which evaluates them based on security rules before allowing or denying them. Proxy firewalls monitor layer 7 protocols like HTTP and FTP and use stateful and deep packet inspection to detect malicious traffic.

Network address translation (NAT) firewalls allow multiple devices with unique network addresses to connect to the internet using one IP address, hiding individual details. This makes it harder for attackers to gather information through network scans. NAT firewalls are similar to proxy firewalls, acting as intermediaries between a group of computers and external traffic. Stateful multilayer inspection (SMLI) firewalls filter packets at the network, transport, and application layers, comparing them with known trusted packets. SMLI firewalls evaluate packets to determine the state of communication, ensuring that all communication happens only with trusted sources. They check packets at each layer and allow them through only if they meet the requirements of each layer. Lastly, it’s important to understand the limitations of firewalls and how they are different from antivirus software.

Conclusion

Firewalls are an essential part of digital security today. They act as protectors, creating a shield against cyberattacks by analyzing incoming data. As one of the best ways to protect your home, business, and personal data from cyber threats, understanding and using firewalls is key to staying safe online. As technology evolves, firewalls are always being improved and strengthened. By learning more and staying aware, we can keep ourselves safe in the digital world and stay ahead of cyber threats.

As a DevSecOps enthusiast, I hope you enjoy this article. In this column called “Mindful Monday Musings” here every Monday, I will share articles on Dev(Sec)Ops and Cloud. You can support M3 (aka Mindful Monday Musings) by following me and sharing your opinions. Please send me your contributions, criticisms, and comments, it would make me glad.