If you are an executive, manager or business owner, you will have heard of firewalls and you probably think you need one, but if you’re not particularly technical, do you actually know what a firewall does and how it protects your organisation’s computer systems?
Firewalls have been our primary defence in computer security for more than a quarter of a century. They are essentially a barrier between trusted, controlled internal networks/systems and untrusted outside networks, typically the Internet.
A firewall can come in many forms. It could be a stand-alone hardware appliance or software installed on a computer, such as a server, laptop or mobile phone. Its job is to monitor incoming and outgoing network traffic and, based on security rules that you decide, it will allow or block that traffic.
There are different types of firewalls, which have changed and improved over the past 25 years, so what are the different types of firewall?
Early types of firewalls were simple proxy devices. A proxy firewall acts as the gateway from one network to another for a specific application. Simply put, it’s a stepping-stone between the network and your computer so that your computer is not attached directly to the network. Proxy servers can also provide other functionality such as content caching, which means keeping a copy of some information locally so that all information does not need to be retrieved from the network, which helps with performance.
Stateful inspection firewall
A Stateful inspection firewall is what you might now think of as a “traditional firewall”. It accepts or blocks traffic based on state, port, and protocol. In other words, it allows traffic according to where it’s coming from and how the connection is made. It monitors all activity from when the connection is made until it is closed. Filtering decisions are made based on both rules that you create as well as context, which refers to using information from previous connections and packets belonging to the same connection.
Unified threat management firewall
A Unified threat management firewall, often referred to as a UTM device typically combines the functions of a stateful inspection firewall with other security functions like intrusion prevention, which attempts to identify malicious or risky traffic, and antivirus, which identifies known malware. UTMs focus on simplicity and ease of use by putting multiple security controls in one solution and may also include cloud management.
Next-generation firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and layer 7 (application-layer) attacks. This means that Next Generation Firewalls can also identify and block direct attacks against web applications and back end databases rather than just ‘traditional attacks’ against servers and network devices. They may also have the capability to participate in and make use of a distributed threat intelligence services to stay abreast of current threats around the world.
According to Gartner, Inc.’s definition, a next-generation firewall must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
NGFW capabilities are becoming the standard for most companies.
Threat-focused NGFWs include all the capabilities of standard NGFW but can also provide advanced threat detection and remediation. A threat focused NGFWs, by combing event information from multiple IT assets and other sources, can help you understand which IT assets are most at risk with complete context awareness. It can also help allow you to quickly react to attacks with intelligent security automation that sets policies and hardens your defences dynamically and ease administration overhead with unified policies that protect across the entire threat landscape.
Hopefully this information will help managers understand some of the requirements of network security and facilitate better communications with in-house or external technical specialists. If you would like to discuss your network and website security and how it could be improved, please feel free contact us via our contact page