A firewall is a type of network security that filters incoming and outgoing traffic. It acts as a barrier between a trusted, internal network and an unknown, external network—like the Internet.
Firewalls are a foundational element of network security, controlling which traffic is permitted to enter or leave a network based on a set of predefined rules. They are deployed at the network perimeter to protect internal systems from external threats, and can also be used within a network to segment and protect sensitive systems.
Types of Firewalls
Packet-Filtering Firewall: The most basic type, which inspects packets at the network layer and allows or blocks them based on source/destination IP addresses, ports, and protocols.
Stateful Inspection Firewall: Tracks the state of active connections and makes filtering decisions based on the context of traffic, rather than just individual packets. This provides more intelligent and flexible protection than simple packet filtering.
Application Layer Firewall (Proxy Firewall): Operates at the application layer and can inspect the content of traffic, not just headers. Provides deeper analysis and control over specific application protocols.
Next-Generation Firewall (NGFW): Combines traditional firewall capabilities with additional features such as intrusion prevention, deep packet inspection, application awareness, and user identity tracking.
Web Application Firewall (WAF): Specifically designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
How Firewalls Work
Firewalls use access control lists and rules to permit connections only from pre-approved IP addresses or ranges, which significantly reduces exposure to brute-force attacks, unauthorized access attempts, and scanning activities from unknown sources. Rules can be configured to allow or block traffic based on criteria such as source and destination addresses, ports, protocols, and application type.
Limitations
While firewalls are an essential security control, they do not protect against all threats. They are less effective against insider threats, attacks that use permitted protocols, or sophisticated attacks that evade signature-based detection. Firewalls should be used as part of a defense-in-depth security strategy.