What is a Firewall?
A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on previously established security policies in an organisation. A firewall, at its most basic, is a barrier that sits between a private internal network and the public Internet. The primary function of a firewall is to allow non-threatening traffic in while keeping dangerous traffic out.
Firewall History
Since the late 1980s, firewalls have existed as packet filters, which were networks set up to examine packets, or bytes, transferred between computers. Though packet filtering firewalls are still in use today, firewalls have advanced significantly as technology has advanced over the years.
Gen 1 Virus Generation 1, Late 1980's, virus attacks on stand-alone PC's affected all businesses and drove anti-virus products.
Networks of Generation 2
Attacks from the internet impacted all businesses in the mid-1990s, prompting the development of the firewall.
Generation 3 Applications In the early 2000s, Generation 3 applications exploited vulnerabilities in applications, affecting the majority of businesses and driving the development of Intrusion Prevention Systems products (IPS).
Payload Generation 4, approximately 2010, rise of targeted, unknown, evasive, polymorphic attacks that impacted most businesses and drove the development of anti-bot and sandboxing products.
Gen 5 Mega Generation 5, approx. 2017, large scale, multi-vector, mega attacks employing advanced attack tools and driving advanced threat prevention solutions.
What Firewalls Do?
A firewall is an essential component of any security architecture because it delegated host-level protections to your network security device. Firewalls, particularly Next Generation Firewalls, are focused on blocking malware and application-layer attacks. When combined with an integrated intrusion prevention system (IPS), these Next Generation Firewalls can detect and respond to outside attacks across the entire network quickly and seamlessly. They can set policies to better defend your network and perform quick assessments to detect and shut down invasive or suspicious activity, such as malware.
Why Do We Need Firewalls?
Firewalls, particularly Next Generation Firewalls, are designed to prevent malware and application-layer attacks. Together with an integrated intrusion prevention system (IPS), these Next Generation Firewalls can detect and combat attacks across the entire network in real time. Firewalls can act on previously defined policies to better protect your network and can perform quick assessments to detect and shut down invasive or suspicious activity, such as malware. When you use a firewall as part of your security infrastructure, you configure your network with specific policies that allow or block incoming and outgoing traffic.
Network Layer vs. Application Layer Inspection
Network layer or packet filters inspect packets at a relatively low level of the TCP/IP protocol stack, preventing packets from passing through the firewall unless they match the established rule set, which is based on Internet Protocol (IP) addresses and ports. Firewalls that perform network layer inspection outperform similar devices that perform application layer inspection. The disadvantage is that unwanted applications or malware can pass through allowed ports, such as outbound Internet traffic via the web protocols HTTP and HTTPS, which use ports 80 and 443, respectively.
The Importance of NAT and VPN
Firewalls also perform fundamental network functions such as Network Address Translation (NAT) and Virtual Private Network (VPN) (VPN). Network Address Translation conceals or translates internal client or server IP addresses in a "private address range," as defined in RFC 1918, to a public IP address. Because the IP address is hidden from the Internet, hiding the addresses of protected devices preserves the limited number of IPv4 addresses and serves as a defence against network reconnaissance.
