One of the major challenges that companies face when trying to secure their sensitive data is finding the right tools for the job. Even for a common tool such as a firewall, many businesses might not know how to find the right firewall (or firewalls) for their needs, how to configure those firewalls, or even why firewalls are necessary.
Firewalls are the first line of defense for your network security. A firewall is a type of cybersecurity tool used to monitor and filter incoming and outgoing network traffic – from external sources, internal sources, and even specific applications. The primary goal of a firewall is to block malicious traffic requests and data packets while letting through legitimate traffic.
There are many types of firewall deployment architectures, including network-based (software), host-based (hardware), and cloud-based. Every firewall operates based on predetermined rules to determine which outside networks and applications can be trusted. As such, firewalls are a key component of any network security architecture.
So, how do firewalls work? Simply put, a firewall shields your network from suspicious data by inspecting incoming data packets for threats. Firewalls analyze network traffic for data content, which firewall ports (or entry points) the data is trying to use, and where the data originated.
Different types of firewalls use different methods – or combinations of methods – to assess potentially malicious sources.
These firewall tools include packet-filtering, TCP verification, deep-layer inspections, and proxy checkpoints. Next-generation firewalls (NGFWs) go even further by employing preventative measures, such as using machine learning to detect unusual data behavior.
Firewall types can be divided into several categories based on their general structure, method of operation, and whether they offer basic or advanced threat protection (ATP). Examples of firewalls can be found below.
Firewall Types:
Firewall Delivery Methods:
To determine which firewall is best for your business’s cybersecurity needs, here are some detailed explanations:
Packet-filtering firewalls are the most “basic” and oldest type of firewall. The process of packet filtering involves creating a checkpoint at at traffic router or switch. The firewall performs a simple check fo the data packets coming through the router – inspecting information such as the destination and origination IP address, packet type, port number, and other surface-level details without opening the packet to examine its contents. It then drops the packet if the information doesn’t pass inspection.
The good thing about these firewalls is that they are not very resource-intensive. Using fewer resources means they are relatively simply and don’t meaningfully impact system performance. However, they are also relatively easy to bypass compared to firewalls with more robust inspection capabilities.
Circuit-level gateways are another simple firewall type meant to quickly and easily approve or deny traffic without consuming considerable computing resources. Circuit-level gateways work by verifying the transmission control protocol (TCP) handshake. This TCP handshake check is designed to ensure the requested packet session is legitimate.
While extremely resource-efficient, these firewalls do not check the packet itself. So, if a packet had malware but also had the proper TCP handshake, it would easily pass through. Vulnerabilities like this are why circuit-level gateways are not enough to protect your business by themselves.
Stateful inspection firewalls combine packet inspection technology and TCP handshake verification to offer more serious protection than either of the two architectures could provide alone. They also can keep a contextual database of vetted connections and draw on historical traffic records to make decisions about the depth of scrutiny each packet warrants.
However, these firewalls also put more of a strain on computing resources. This may slow down the transfer of legitimate packets compared to the other solutions.
Proxy firewalls (aka application-level gateways or cloud firewalls) operate at the application layer to filter incoming traffic between your network and the traffic source. These firewalls are delivered via a cloud-based solution or another proxy device. Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the source of the traffic and inspects the incoming data packet.
This check assesses both the packet and TCP handshake protocol, similar to the stateful inspection firewall. Proxy firewalls may also perform deep-layer packet inspections, checking the actual contents of the information packet to verify that it does not contain malware.
Once the check is complete and the packet is approved to connect to the destination, the proxy sends it off. This rates an extra layer of separation between the “client” – the system where the packet originated – and the individual devices on your network, creating additional anonymity and network protection.
The one drawback to proxy firewalls is that they can create a significant slowdown because of the extra steps in the data packet transfer process.
Many recently-released firewall products are touted as “next-generation” architectures. However, there is no consensus on what makes a firewall genuinely next-gen.
Next-generation firewall architectures typically include the same core features as other firewall iterations – deep-packet inspection, TCP handshake checks, and surface-level packet inspection. They can also consist of other technologies, such as intrusion prevention systems (IPSs) that automatically stop application-level attacks and malware attacks against your network.
Since there is no one definition of a next-generation firewall, it is essential for you to verify what specific capabilities such firewalls have before investing.
Software firewalls include any type of firewall that is installed on a local device rather than a separate piece of hardware or cloud server. The big benefit of a software firewall is that it is highly useful for providing in-depth security by isolating individual network endpoints from one another.
However, maintaining individual software firewalls on different devices can be difficult and time-consuming. Furthermore, not every device on a network may be compatible with a single software firewall, which may mean having to use several different software firewalls to cover every asset.
Hardware firewalls use a physical appliance that acts like a traffic router to intercept data packets and traffic requests before they’re connected to the network’s servers. Physical appliance-based firewalls like this excel at perimeter security by ensuring malicious traffic from outside the network is intercepted before the company’s network endpoints are exposed to risk.
However, the major weakness of a hardware-based firewall is that it is often easier for insider attacks to bypass them. In addition, the actual capabilities of a hardware firewall may vary depending on the manufacturer – for example, some may have a more limited capacity to handle simultaneous connections than others.
Cloud firewall – also called firewall-as-a-service or FaaS – refers to any firewall delivery architecture that uses a cloud solution. Many consider cloud firewalls synonymous with proxy firewalls since a cloud server is often used in a firewall setup (although the proxy does not necessarily have to be on the cloud, it frequently is).
The primary benefit of having cloud-based firewalls is that they are straightforward to scale with your organization. As your needs grow, you can add additional capacity to the cloud server to filter larger traffic loads. Cloud firewalls, like hardware firewalls, excel at perimeter security.
To find the answer, consider the bottom line:
The real question is: Why would you only use one?
No single protection layer, no matter how robust, will ever be enough to protect your business on its own. To provide better security, your networks should have multiple layers of firewalls, both at the perimeter and separating different assets on your network. For example, you could have a hardware or cloud firewall at the perimeter of your network, and individual software firewalls on each of your network assets.
Additional firewalls help make your network tougher to crack by creating additional defense-in-depth (DID) that isolates different assets. This acts both as a deterrent and gives you more time to respond, as it forces attackers to perform extra work to reach all your most sensitive information.
The particular firewalls you want to use will depend on your network’s capabilities, relevant compliance requirements for your industry, and the resources you have to manage these firewalls.
Need help finding the ideal firewall architecture for your business needs? Click below for our FREE comprehensive guide on how to accelerate your firewall monitoring and management to keep your network exceptionally secure.