What's a Firewall: Everything You Need to Know

Overview

What is a firewall? A more intuitive explanation is that in order to prevent the spread of fire, high walls are built between buildings to isolate fire.

What we are more often mentioned is the firewall in the computer field. Firewall is a security system, which monitors network traffic and controls the access of network traffic based on a set of security rules. Firewalls are usually located between trusted networks and untrusted networks. Usually, the untrusted network is the Internet.

Contents 

How does the firewall work?

Different types of firewalls

Filtering method of firewall

Why should we use a firewall?

How does the firewall work?

In short, if external traffic wants to enter your device, it must pass through the port of the device, and the firewall is usually deployed here. It allows or blocks the access of data packets according to the defined rules or rule set called access control list.

Different types of firewalls

① Software firewall

This is our most common form of firewall. The software firewall needs to be installed on the device. If only a single network endpoint is isolated, the software firewall is very useful. Software firewall is very suitable for personal devices. However, it is not applicable to corporate networks because software firewalls need to be deployed on every device. The software firewall will occupy the resources of the device.

② Hardware firewall

Hardware firewall is a physical device. For enterprises, it is a better choice than software firewall. The hardware firewall is deployed between the external network and the internal network. The external traffic will be checked before it enters. It protects the equipment of the entire internal network. However, hardware firewalls also have disadvantages. They are vulnerable to attacks within the system, and some may not be able to handle multiple simultaneous connections.

③ Cloud firewall

The cloud firewall is deployed on the cloud server. Users generally set it as a proxy server to connect with the Internet through the cloud server. This kind of firewall is much easier to manage traffic load than using software or hardware firewall.

Filtering method of firewall

① Packet-filtering firewall

The most basic type is packet filtering firewall. It is used as an inline security checkpoint to connect to a router or switch. As the name implies, it monitors network traffic by filtering the information carried by incoming packets. As mentioned above, each packet includes a header and the data it sends. This type of firewall determines whether to allow or deny access to packets based on header information. To do this, it will check the protocol, source IP address, destination IP, source port and destination port. According to the matching method between the number and the access control list (rules defining the required/unnecessary traffic), the data packet will continue to be delivered or discarded.

② Circuit-level gateway

The circuit-level gateway is used to monitor the TCP handshake information between the trusted client or server and the untrusted host to determine whether the session is legal. The circuit-level gateway filters data packets on the session layer in the OSI model, which is two layers higher than the packet filtering firewall.

③ Rules check firewall

The firewall combines the characteristics of packet filtering firewall, circuit level gateway and application level gateway. Like packet filter firewall, rule check firewall can filter incoming and outgoing packets through IP address and port number on OSI network layer. Like circuit level gateway, it can check whether SYN and ACK marks and sequence numbers are logically orderly. Of course, like the application-level gateway, it can check the contents of data packets on the OSI application layer to see whether these contents comply with the security rules of the enterprise network.

④ Proxy firewall

The proxy firewall acts as an intermediate device between internal and external systems communicating through the Internet. It protects the network by forwarding the request from the original client and masking it as its own network. Agency means acting as a substitute, so agency plays a role. It replaces the client that sends the request. When the client sends a request to visit the web page, the proxy server will intersect with the message. The agent forwards the message to the Web server, pretending to be the client. This can hide the identity and geographical location of the client, thus protecting it from any restrictions and potential attacks. Then, the Web server responds and provides the requested information to the proxy, which will be passed to the client.

⑤ Next-generation firewall

The next generation firewall is a security device that combines many other firewall functions. It combines packet, status and depth packet checking. In short, NGFW will check the actual payload of the packet, rather than just focus on the header information.
Unlike traditional firewalls, next-generation firewalls check the entire transaction of data, including TCP handshake, surface level and deep packet check. Using NGFW can fully defend against malicious software attacks, external threats and intrusions. These devices are very flexible and do not clearly define the functions they provide. Therefore, be sure to study what each specific option provides.

Why should we use a firewall?

Security! Security is always the top priority when using the Internet. The first purpose of the firewall is to prevent unauthorized access to the connection. This means that hackers cannot simply link to your device to read your data or even control your device.

It is correct to use a firewall, but it still cannot prevent all threats. Of course, no tool can completely prevent the propagation of threats such as phishing and viruses from bypassing the good old firewall. This is why the updated firewall will contain many security roles at the same time.

The firewall is the first line of defense for your device, and you should use it! In addition, you can also use VPN and antivirus software to make your device more secure.