Firewall

A firewall is either a software or hardware device that is mainly designed to monitor incoming and outgoing network traffic and also allows or blocks data packets based on a set of security rules assigned to prevent your network from unauthorized access.

Access to the Internet is no longer an option for businesses whether it’s a small business or an enterprise since the Internet has become a basic necessity. But it too has a cons as providing internet access allows the outside world to interact with your internal network which has increased the threats for the organizations.

Before the invention of firewalls, Network security was performed by routers only. Access Control Lists (ACLs) residing on routers determines whether specific IP Address should be allowed or blocked to access the network. But ACLs alone do not have capacity to prevent from modern threats and are unable to identify the nature of traffic it is blocking. Hence in order to protect your internal network from unauthorized access, we need a firewall.

Before knowing more about firewalls; We must understand why we need a firewall and how does firewall keep us secure in this world of computing and what are its benefits.

In the era of high-speed Internet Access, we connect our computer to a wide network which is unseen to us. The high-speed internet has its own drawbacks if used without any security measures. Following are the features because of which we get High-speed connection and the same features are the reason you must deploy the firewall.

• Constant IP Address – Once the bad actor (attacker/hacker) discovers your IP Address; he can easily find you over the internet again & again.
• Always Active Connection – Makes your computer vulnerable every time it is connected to the internet.
• High-Speed Access – Allows a bad actor to execute his operation much faster while trying to access your computer.
• Firewalls are tools that can be deployed to increase the security of your computers by enabling granular control to prevent unauthorized internet users from accessing private networks when they are connected to an Internet.
• Firewalls have been the principal line of guarding & an integral part in network security framework for more than 25 years.

The primary tasks that any firewall must be able to perform are:

• Act as an middlemen
• Authenticate the access request
• Protect Resources such as Network, Data, etc.
• Manage and control network traffic
• Record the events in real-time & give you a detailed report

Firewalls can be categorized as Host-Based Firewalls and Network Firewalls.

Host-Based are basically an application or programming based firewalls which come inbuilt with mostly all the operating systems (for e.g. Windows Firewall). Otherwise you can also install third party firewall software in your machine like any other application. That is why Host Based Firewalls are also called as a Software firewall.

Also now-a-days all the antivirus softwares are coming with the Firewall feature which is a third party software firewall. Software firewalls allow you to customize its functions & features. Software Firewalls only protects the computer it is installed on. A single software firewall can not protect the entire network. If you wish to protect the whole network then each computer will need to have an individual software firewall installed on it which increases the workload for IT administrators.

Due to this, software firewalls are mainly used by home users or small offices. Since software firewalls get installed on your computer and in order to protect your computer, it will be continuously running in the background which consumes the system resources.

If you are buying the third party software firewall then you must also fulfill its system requirements. On the other hand, Host-based firewalls play an important role in your desktop level security because network firewalls cannot protect inside a trusted network. In that case Host-Based Firewalls protects each host from attacks and unauthorized access.

Network-Based firewalls can be bought as a stand-alone hardware. That is why it is also termed as Hardware Firewall. But usually a network firewall is the dedicated hardware with a proprietary software installed in it that executes all of its operations.

Network-Based Firewalls are a combination of hardware & software. Recently most of all broadband routers have the inbuilt firewall. Hardware firewalls are a crucial part of your network system for those who are using broadband connection. Network Firewalls are placed at the gateway of your network.

Generally network firewalls come with a minimum four ports and more than that depending on your requirement. Network Firewalls are configurable as per business requirement & in some cases, network firewalls require little or no configuration. Network Firewalls are mostly used by all kinds of businesses ranging from small & medium organizations to the huge enterprises & branch locations also.

There are many differences between a Host-Based Firewall and Network-Based Firewall. It is recommended for the organizations to use both for optimum protection as each offers different but much-needed security features and benefits. Host-Based Firewall protects your computer and Network Firewall protects your network. In simple language, Hardware Firewall acts as a watchman of your building and software firewall acts as a door of your house.

Packet-filtering firewalls are the most common and oldest type of firewalls. Packet-filtering firewalls are also known as the 1st generation of the firewall.

Packet-filtering firewalls operate at the 3rd layer of OSI Networking Model that is the Network Layer.

This type firewalls only checks the packet headers that have Source IP Address and Destination IP addresses and accordingly performs the action. The packets that match the assigned set of rules are allowed to enter the trusted network otherwise it prohibits the packets.

Packet-Filtering Firewalls provide the basic protection and have limitations. Packet-filtering firewall only checks for header’s IP Addresses; it does not examine the context of the packet. Due to this, they can not identify whether the receiving packets contain any malicious request or not. If such a request is allowed to enter the network then it may result in huge loss and the firewall will not even know about it. These firewalls are complex to configure and they have limited logging capabilities plus they are also susceptible to IP spoofing.

Packet-Filtering firewalls are used In SOHO networks that require minimal security and are concerned about cost.

A stateful inspection firewall is the advancement in packet-filtering firewall that is why it is also called as the 2nd generation of the firewall. It is referred to as Stateful Firewalls also.

These firewalls operate on the same fundamentals as packet filtering firewalls, but Stateful Inspection Firewalls can keep track of the traffic very intensively.

While a packet filtering firewall only examines an individual packet out of context and allows or blocks it based on packet’s header, a stateful firewall examines entire network traffic and allows or blocks it based on state, port, and protocol.

It inspects all operations from the start to the end which means from the movement connection has established and until it is closed. Stateful firewalls use the information collected from previous connections and packets belonging to the same connection and accordingly make the Filtering decisions based on context as well as administrator-defined rules.

A stateful firewall keeps track of the connection state through State Table. Such connections are more difficult to spoof because once the connection is removed from the state table then no traffic from the external device of this connection is allowed.

Stateful firewalls also have limitations such as Complex to configure, Cannot protect from application-layer attacks, Do not support user authentication of connections.

Stateful Inspection Firewalls are used In SOHO networks that require medium level security and are concerned about cost.

An application firewall is an enhancement to previous generations of the firewalls. Application Firewall controls traffic to or from by an application or a service.

Application Firewalls process information at the application layer which provides much more control over traffic than packet-filtering or stateful firewalls does.

Application Firewalls are usually called proxy firewalls also. The basic purpose to develop an application firewall is to manage all network traffic on any OSI layer up to the application layer.

By using a sequence of configured policies, Application firewalls decide whether to block or permit the communications to or from an application.

Unlike traditional firewalls that manage data flow by analyzing every packet as it comes to and from the CPU, An application firewall also controls the enforcement of files or code by using specific applications. This way, an intruder can’t execute malicious code even if they get an entry to a network or server.

Application firewalls can also discover the signatures of identified threats and prohibit them before they can damage the network.

With the increasing threats of cyber security; operating system providers started giving inbuilt host-based application firewalls.

Windows’ application firewall is called Data Execution Prevention (DEP). It stops the execution of any code that utilizes system services in such a way that could affect the data or virtual memory (VM).

The Macintosh Operating System (MacOS) also has inbuilt application firewall which can be configured to achieve two-layer protection. Application Firewall is the standard feature in MacOS. After enabling application firewall in MacOS devices; users will get an OS-generated warning asking for user authorization while installing applications that require network access.

The Linux OS does also provide an application firewall called AppArmor. This application firewall enables an administrator to create security policies and link it with every application available on the machine. This security policy created by the administrator restricts access capabilities of applications.

Application Firewalls have multiple advantages over packet-filtering and stateful firewalls, including the following:

• Application firewalls allow you to authenticate the individuals requesting the connection instead of the devices. Once the successful authentication is done then only it allows the traffic to external or internal resources.
• Application firewalls make it hard for an attacker to implement DoS/DDoS attacks or spoofing.
• Application firewalls can monitor and filter the data of application or service.
• Application firewalls also have capabilities of providing detailed logs.
• Application firewalls are mainly used by small & medium offices as well as enterprises where data is the main concern.

UTM stands for Unified Threat Management (UTM). UTM is the advancement of the conventional firewalls into a comprehensive security product that can fulfill various network security needs inside one single framework.

The main purpose to introduce the UTM in the field of network security is to reduce the complexities & costs that organizations have to pay to achieve an overall network security.

A decade ago; organizations needed to install multiple devices and applications to stay away from increasing cyber threats which had also increased the expense graph of an organization. As each device or application comes with its own management dashboard & login credentials, organizations must have to hire IT Professionals to manage all these different types of securities respectively. UTM has made all these advanced security options more accessible & cost-effective to all sizes of businesses.

That is the reason UTM has been adopted as an all-in-one management interface where various features, rules, policies and services could be centrally managed to make managing & reporting easier for admins of an organization.

UTM firewalls provide layer 7 protection and it can be equipped as hardware appliance only. UTM appliances are significantly more intense in terms of security as compared to previous generations of the firewalls.

BENEFITS THAT UTM PROVIDES –

• UTM firewalls filters inbound & outbound traffic & prevents from many threats & attack types.
• Stop attacks at the gateway only by using gateway Antivirus, Anti-Malware, & Anti-Spyware services which could run concurrently.
• Email filtering to avoid unwanted emails like spam.
• Web filtering to block unwanted & malicious websites.
• Integrated Intrusion Prevention to block the exploit of vulnerabilities
• Quality of Service (QOS), Load balancing & Bandwidth Management to analyze & control network traffic flow.
• VPN for connecting easily with remote locations.
• Simplified complex networks by providing Policy-based Routing, Dynamic Routing & Multiple Internet connections on a single device and single secure network.
• Easy to Install, configure and maintain.
• Saves time & money that needs to be spent to achieve & maintain IT Security.
• Prevents from Data loss prevention & data leaks.
• On-Appliance reporting gives you the logs in real-time.

UTM appliances are mostly used by SMB & enterprise segments where data & network securities are the main concern.

A Next-Generation firewall (NGFW) is the enhanced version of all the above mentioned firewall generations.

NGFW is a network security device that combines traditional firewall technology with additional features such as Deep packet inspection, TLS/SSL encrypted traffic inspection, Intrusion prevention/detection systems (IPS/IDS), Cloud-Delivered Threat Intelligence to discover attacks, malware and other threats.

IP addresses, protocols and port based protection are no more safe and enough in this rapidly growing threat landscape. What organizations required was the identity-based security approach over conventional security appliances. That is the reason firewalls have also evolved beyond just packet filtering and stateful inspection.

While conventional firewalls only examine packet headers, by using a deep packet inspection technique Next Generation Firewall checks the data within the packet itself to more efficiently discover, categorize or stop packets that contain malicious data.

By using deeper inspection capabilities, organizations can also get the deep visibility into which websites and applications their employees are using. NGFW also allows administrators to enforce very granular “allow/deny” rules for controlling use of websites and applications in the network.

Next Generation Firewalls are well equipped to tackle Advanced Persistent Threats (APTs).

The best next-generation firewalls are those which provide benefits to organizations from SMBs to enterprises. Make sure your NGFW delivers :

• Standard firewall features like packet filtering & stateful inspection
• Integrated intrusion prevention system
• Application awareness and control to view and block unwanted and harmful applications
• Prevention against data breaching
• Complete network visibility
• Easy deployment and administration options
• Fastest threat detection and immediate alerts
• Automation and easy integrations with other security products
• Real-Time Logs & Reporting
• Upgrade options to fulfill future requirements
• Techniques to tackle advanced security threats

There are several misconceptions we all have about firewalls that need to be addressed before you think to buy the one.

First and very common misconception : Firewalls are only required for large companies or financial corporations.But reality is totally different than this. Firewall is essential for every business that has a network, regardless of the size of the business.

From overall cyber attacks; half of the attacks have been executed by targeting small businesses. Because of such misconceptions, small businesses lack the necessary network security and therefore they become easy targets for the cyberattackers.

In the world of Cloud Computing, many organizations have started migrating to cloud infrastructures to minimize management and maintenance cost. Many business owners & managers believe that migrating to the cloud eliminates the need for firewalls as data protection is the cloud service provider’s responsibility. In fact, it’s true that cloud service providers have added protection but the computers and devices used to access that data must also be protected. So it’s equally important that you should deploy firewalls at cloud as well as on-premise. Although; NGFW have other important characteristics like load balancing, bandwidth management, Gateway Antivirus, Antispam & Anti-malware, URL Filtering & Application Filtering, VPN, and many more which protects a company’s network and computers from being compromised.

Another most common misconception is once Firewall is deployed & configured then you are 100% safe and you do not have to even look after it again. But In reality, a firewall is one of the security measures from multiple layers of security that is required to keep your business safe from advance threats. Firewall needs to be updated regularly. Firewall is not a security system that is “Once Set Then Forget”. Even if you buy the best firewall but fail to maintain it may welcome the attackers. Just like any other software, firewalls must also be updated so that it can detect the most recent threats.