In a world where cyberspace is intertwined with our everyday lives and digital threats lurk silently, the security provided by firewalls is essential, acting as tireless defenders, filtering internet traffic and protecting our networks and systems against malicious intrusions.
What are firewalls?
Firewall is a network security component or software that has the function of monitoring and controlling data traffic between a network or device and the Internet or other external networks.
The firewall's main objective is to protect a computer network or computer system against external threats, such as:
Unauthorized access;
Malware;
Hacker attacks;
Malicious traffic.
Operation
The operation occurs through rules and policies that determine which types of traffic are allowed or blocked through criteria such as:
Application types: Some modern firewalls can inspect traffic for patterns that match specific applications. This is known as application filtering or deep packet inspection (DPI). With this technique, it is possible to make more detailed decisions about how to handle network traffic, allowing or blocking applications according to their signatures or behaviors.
Communication ports: Each application or network service uses its own ports to communicate. Firewalls control access from the ports used, authorizing or preventing traffic.
IP Addresses: Based on source and destination IP addresses, traffic tends to be either granted or becomes a hindrance, which means that access may be restricted to some resources only for hosts with specific IP addresses.
Protocols: Firewalls examine the communication protocol used in a connection. For example, HTTP traffic (for web browsing) is generally accepted, while Telnet traffic (used for insecure remote access) is blocked.
Firewall Types
There are several types of firewalls, each with its own characteristics and functionalities. See the main ones below:
Packet Filtering Firewalls: Operate at the most basic level of network communication, analyzing each data packet that passes through the network and deciding whether to allow or block it based on filtering rules such as IP addresses, ports and protocols .
Stateful Firewalls: Monitor the state of network connections and make decisions based on the communication context. This means that it is understood whether a connection has been established legitimately and authorizes the traffic associated with that connection.
Next-Generation Firewalls (NGFW): Combine packet firewall and stateful firewall features with advanced functionalities such as deep packet inspection, content filtering, intrusion detection and intrusion prevention (IPS).
Web Application Firewalls (WAF): Designed specifically to protect web applications, HTTP/HTTPS traffic is monitored and filtered to identify and block attacks targeting web applications, such as SQL injections and cross-site scripting attacks ( XSS).
Proxy Firewalls: Act as intermediaries between clients and servers, masking the client's identity and preserving the security of servers against unauthorized traffic. Content filtering and advanced access control are also provided.
Network Firewalls: Generally, they are physical devices that protect an entire network, controlling traffic entering and leaving the network. Its purpose is to isolate internal networks from untrusted external networks, such as the Internet.
Host-based Firewalls: These are software applications that reside on an individual device, such as a computer or server, and manage traffic in and out of that device. Its usefulness is based on preserving individual systems.
Demilitarized Zone Firewalls (DMZ): These are configured to bring security to servers exposed to the Internet, such as web and email servers. They represent an intermediate layer of security between the internal network and the Internet.
Cloud Firewalls: Designed to protect cloud resources such as virtual machines and applications hosted on public cloud services. Cloud security policies are enforced by this type of firewall.
Application Firewalls: These firewalls are specific to individual applications and designed to protect enterprise applications against certain threats.
The choice of firewall type will depend on the security needs of the network and systems, as well as the specific requirements of applications and services that need to be protected. In many cases, a combination of different types of firewalls is used to provide a more robust, multi-layered security layer.
Its ability to guard against threats, control access, detect suspicious activity, and ensure regulatory compliance makes it a necessary security tool for the digital age. Investing in a robust firewall and keeping its configuration updated is crucial to ensuring the integrity and security of your systems.