What is a Firewall? Do I Need One.

What Is A Firewall?

The Information Technology industry borrowed the term firewall from firefighting and fire prevention, where a firewall is a barrier established to prevent the spread of fire. With this thought in mind, a firewall is a network security system designed to prevent the entry and spread of unauthorized network traffic to or from your computer network.
Firewalls provide security against numerous online threats such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, spoof attacks, viruses, cookie stealing and others. Firewalls also track and keep logs of attempts to access your computer network, adding to their security functions.

Firewalls can be implemented in a myriad of ways; a hardware appliance, computer software (desktop or server) or a combination of both. Even with a firewall as a part of your technology infrastructure, a compehensive  cybersecurity strategy is more than hardware and software; they are a part of  a multipronged plan which includes the most critical component of user education.

The development of firewall technology evolved with the growing needs and usage of the internet and interconnected systems.  Software firewalls are installed on your computer and customizable either as a part of the Operating System or a separate installed application. This allows you some control over its functionality and protection features.

A software firewall will provide protection for your computer from outside and inside attempts to gain access to your computer. Depending on your choice of software firewall, it can also provide some protection against the most common cyber threats, allow user defined controls for setting up features such as safe file and printer sharing and to block unsafe applications from running on your workstation. Additionally some software firewalls may also include privacy controls, web filtering, identity protection and more. 

Unfortunately software firewalls only protect the computer it is installed upon and isn't a network solution. Meaning each computer on your network must have the software firewall installed and configured.

Similar to software firewalls, hardware firewalls are not created equal, lower-level firewalls maybe faster but are easier to bypass, whereas a more robust and comprehensive firewall appliance supports additonal features such as Gateway anti-virus, intrusion prevention, Application intelligence control, User Access Control, Content filtering and more.

The need to combat the increasingly sophisticated cyberattacks required firewall appliances to adapt to defend against these different cyber threats. This evolution spurred the creation of the different types of firewalls. 

Packet firewalls
Packet firewalls function as packet filters, inspecting the packets that are transferred between computers on the Internet. When a packet passes through a packet-filter firewall, its source and destination address, protocol, and destination port number are checked against the firewall's rule set. Any packets that aren't specifically allowed onto the network are dropped (i.e., not forwarded to their destination). While generally fast and efficient, they have no ability to tell whether a packet is part of an existing stream of traffic. Because they treat each packet in isolation, this makes them vulnerable to spoofing attacks and also limits their ability to make more complex decisions based on what stage communications between hosts 

Stateful firewalls
In order to recognize a packet's connection state, a firewall needs to record all connections passing through it to ensure it has enough information to assess whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. This is what's called "stateful packet inspection" This additional information can be used to grant or reject access based on the packet's history in the state table, and to speed up packet processing; that way, packets that are part of an existing connection based on the firewall's state table can be allowed through without further analysis. If a packet does not match an existing connection, it's evaluated according to the rule set for new connections

Application-layer firewalls
application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols -- such as HTTP, FTP and DNS -- are being misused.

Proxy firewalls
Firewall proxy servers also operate at the firewall's application layer, acting as an intermediary for requests from one network to another for a specific network application. A proxy firewall prevents direct connections between either sides of the firewall; both sides are forced to conduct the session through the proxy, which can block or allow traffic based on its rule set. 

Cyberthreats, identity theft and data breaches are very real topic in todays Information Technoloy landscape, that being said, shouldn't each level of your cybersecurity strategy be upto the task. Your choice of a firewall is your first impression.