What is a firewall?

In this article, you will learn about a tool for protecting a network from both internal and external threats: the firewall.

Let’s start with a simple definition.

What is a firewall?

Firewalls are tools that protect networks by deciding how and what information can enter and exit the network. They can be used to protect large networks and individual computers from malware and data theft.

There are two forms of firewall:

• A network firewall acts as a barrier to the entire network. It normally comes in the form of a separate piece of hardware that sits between the network and the internet or any external networks.
• A host firewall is software, which is downloaded onto an individual device and only protects this device, known as the host device (to find out more about host devices, refer to our Networking course).

Network and host firewalls have different strengths and weaknesses and so are used in different situations:

• If your network is made up of one computer, then you only need a host firewall. This technology is cheaper and often easier to use if you are not an IT professional. Host firewalls can also be more specialised to their host and can show more clearly if the host has been compromised.
• If your network is made up of hundreds of computers, then a network firewall offers equal protection for all of the computers. If there was no network firewall in place, and any computer in the network had an out-of-date host firewall, then it could make the whole network vulnerable.

Most companies will use a combination of network and host firewalls for extra protection.

How do they work?

Firewalls can perform lots of different functions and try to protect the network from different attacks in different ways. Here are some examples of the role a firewall can play in defending a network:

• Filter: The firewall filters traffic entering and leaving the network. It evaluates incoming data to identify malware and other threats, but also checks that any outgoing data is authorised to leave the network.

• Access control: Firewalls can be used to prevent external devices from accessing the network. You will find out more about this later.
• Proxy service: Network firewalls can act as a proxy when communicating with websites. This means that any information requests sent outside the network are sent to the firewall, which passes the requests to the recipients on the user’s behalf. When the recipients respond, they respond to the firewall, which can pass the response to the user. This allows the firewall to screen potentially harmful messages, and stops the recipient from gaining access to the network. It can also speed up the user’s interactions with the internet — if the firewall stores websites that the user visits regularly, then it can load the information without having to get it from the website itself.

• Block websites: The firewall checks outgoing messages as well as incoming messages, so it can block certain requests. This allows organisations to prevent their employees from visiting or using particular websites. This is often done by implementing a blacklist of websites that are blocked, or by using a key word search that blocks any websites containing a particular word.

The restrictions that firewalls apply to the network can be specific to a device or an account. For example, the firewall could be set up to allow more senior staff to send information out of the network, but prevent less senior staff from doing so.

How effective are they?

Firewalls can only protect against the threats that they can identify. As you learned last week, threats change all the time, so firewalls must be kept up to date in order to be effective. Network firewalls will receive regular patches from the manufacturer and host firewalls will need to download and install updates as well. These updates include new types of traffic for the firewall to look out for.

In addition, many firewalls are not effective because they are not configured properly. If a firewall is not set up to scan an organisation’s internal network, then the network is not protected from internal threats.

Furthermore, many firewalls don’t or can’t scan encrypted traffic, so if an organisation is receiving a high number of encrypted files, it may be under threat.