A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predefined security rules. It can be deployed as a dedicated hardware appliance, a virtual appliance in a virtualized environment, or as software running on devices like routers.
The main purpose of a firewall is to establish a barrier between trusted internal networks and untrusted external networks, such as the Internet. It filters traffic, allowing authorized data to pass while blocking or logging unauthorized or potentially harmful data.
Firewalls typically protect against various threats, including unauthorized access attempts, malware, viruses, and DoS attacks, primarily by performing policy-based filtering based on enterprise requirements. They are essential for enhancing network security and protecting sensitive data and resources.
A properly designed firewall solution is simple and scalable but can also be robust and complex, depending on the requirements. Although firewalls can be placed anywhere in the networks, they are typically deployed at the internet edge, where they mainly protect from external threats.
Security Zones
One of the main aspects of the firewall architecture is dividing a network into zones. Zones are used to categorize different network segments or areas of trust. Each zone represents a specific level of trustworthiness. Firewalls manage traffic by applying rules and policies based on these zones. Default behavior often involves allowing traffic within the same zone while blocking traffic between zones to enforce security.
Typical zones are "Inside" (local network), "outside" (Internet), and "DMZ" (demilitarized zone). The firewall enforces security policies to control data flow, protecting sensitive internal resources from external threats and unauthorized access while allowing legitimate traffic to flow seamlessly. The crucial aspect is that if one zone is compromised, a well-configured firewall confines the attack to that zone, preventing it from spreading throughout the enterprise network.
Stateless Firewall
A stateless firewall is a network security device that filters traffic based solely on static criteria, such as source and destination addresses and port numbers. Because this approach is similar to Access Control Lists (ACLs) on routers and is static, it cannot track the state of active connections.
Stateless firewalls evaluate each packet individually, which makes them less effective with complex protocols and vulnerable to advanced threats like IP spoofing or session hijacking due to their inability to track ongoing sessions or perform deep packet inspection.
Consequently, configuring stateless firewalls for incoming traffic, especially from the internet, can be complex, requiring manual rule definitions for each direction. This limitation makes them less suitable for handling dynamic or state-dependent protocols.
Stateful Firewall
Unlike stateless firewalls, stateful firewalls maintain a dynamic table known as a state table that contains active connections, allowing it to inspect and manage traffic based on the state of ongoing sessions. It tracks the state of each connection, enabling more intelligent and context-aware filtering.
Stateful firewalls can make informed decisions, like allowing return traffic for established connections, and are highly effective at detecting and preventing advanced threats, providing robust security and ease of configuration compared to stateless firewalls.
Next-Generation Firewall
A next-generation firewall (NGFW) is an advanced security device that combines traditional firewall functionalities with modern features like deep packet inspection, intrusion prevention, application visibility and control, advanced malware protection, and context awareness.
NGFWs provide enhanced security by identifying and mitigating threats at a deeper level, offering granular control over applications and user behavior and enabling better protection against evolving cyber threats.