Even if you don’t think of yourself as someone who’s fluent in Computerese, you’ll still most likely have heard of a Firewall. It’s a term that crops up with annoying regularity in cybercrime movies. And in crime-solving TV series with their “spot-on” enactment of a computer geek successfully ‘hacking’ a network every fourth episode.

Hacking as depicted in Movies
They make it look so easy..

So, what are those people talking about? What exactly is a Firewall? If you’d like the ‘techie’ version of the answer, Wikipedia can probably help. But if you’d like to understand in the common tongue – what a firewall is, why it’s needed, what it does and how it does it, then read on.

You, still here? Great! Let’s dive right in, shall we?

What Is A Firewall

In simple terms, a firewall is like a high safety fence that surrounds your house and protects it by preventing unwanted entry. Anyone who wants to get in has to come through the gate and only the ones you permit to enter can gain entry.

If your website or your network was a physical property like a building. A firewall would be like a forcefield around it. That forcefield has been designed to identify and stop anyone with ill intent from entering. Anyone who doesn’t want to do you harm is let in and anyone with malicious intentions is stopped outside the forcefield. A Firewall is the name that’s been given to that forcefield. The name has been derived from, you guessed it, actual firewalls that were used to stop the spread of fire from one building to the next.

When active, its job is to prevent unauthorised access to a private network. A firewall can be configured in software as well as hardware. Web applications and Servers can have their own independent firewalls. Your web router has a firewall protecting it and so does your computer’s operating system.

Why Do We Need A Firewall

Who wouldn’t want to live in a world where everyone was good and no one wanted to harm other people. But just like the real world, the cyber world is filled with both good guys and bad guys. And the bad guys are usually very good at causing trouble. That trouble can mean infecting your network with ransomware (like the recent ransomware attack on a massive worldwide scale). Through ransomware, hackers succeed in hijacking controls of your system and locking you out. Such acts are usually followed by demands of a ransom in exchange for the key to their lock.

Why firewalls are needed
A firewall makes sure you never have to see this!

Apart from that there numerous other threats out there which include multiple types of viruses, malware and spyware. A firewall is the among the first lines of defence that protects your network and your system from such malicious activity. It is by no means a foolproof measure but it keeps out all but the most sophisticated attempts of cyber mischief.

It allows you to permit or block the flow of network traffic. All traffic coming to your private network is screened and only that which conforms to the preset parameters of your network is let through.

A firewall not only protects you from unwanted access from the outside but it also monitors the applications installed on our computer for unauthorised attempts to connect to an external network. This is a common method used by hackers to steal private information from your system by tricking you into loading a software onto your system. The software then goes on to upload private information like passwords, financial information etc to the private server of the hacker. A firewall prevents this from happening.

If an application tries to access the internet, your firewall alerts you and you can decide whether to allow or deny access to that application. This way, unauthorised access gets highlighted and any malicious applications that may have crept into your system can be identified and removed.

How Does It Work

Firewall use a number of different techniques to protect a network from malicious attacks by hackers or malware. Over the years as attacks that threaten the security of networks have become more complex, firewalls have evolved to be able to better defend against these attacks.

Here’s a look at the different techniques used in firewalls from the earliest ones to the latest ones.

Types Of Firewalls

Packet Filtering Firewall

Packet filtering firewalls comprised the first generation of firewalls used to protect networks. This technique checks the ports and network addresses of the incoming packet to determine whether it should be allowed access or not. Okay, I know I used a bit of technical jargon in there so let me explain.

When data is transferred from your computer to another through the Internet, it travels in the form of packets that contain the chunks of the data you have just sent. Each packet contains specific information such as the destination, source IP, source port. The destination computer unpacks the information in the sequence prescribed in the packet and voila! Your message is reassembled and transmitted in as you wanted it.

How a Packet Filtering Firewall works
Packet Filtering Firewall

The packet filtering method used by firewalls inspects each of these packets for malicious content. It checks the source and destination protocols and it verifies the source and destination port addresses. If a packet does not match the packet filter’s filtering rule it is denied access to the network.

Only the packets that conform to the set parameters are allowed through and the rest are denied access. Packet filtering is considered a standard and economical method of ensuring network security. But it is largely outdated as it is virtually helpless to protect against advanced malware.

Proxy Firewall

Proxy firewalls act as a go-between when connecting to other networks. When you want to connect with a VPN (Virtual Private Network) or some other private network, the firewall is used as a proxy. It receives your message and then connects to the servers on your behalf before forwarding your message. When receiving a connection from an external network, it again accepts any data being transferred and after inspection, forwards it to you, the recipient. It essentially acts as a middleman in an interaction between two networks and thus ensures that the two networks never come in direct contact with each other.

This is how a proxy firewall works
Proxy Firewall

By using this method the technical details, such as the IP address of the sender and the recipient, are kept private and connections can be made with relative anonymity. On a side note, this basic principle underlies the functioning of a VPN.

Proxy Firewalls can fully inspect all traffic incoming to the network and make decisions on whether to allow or deny further access. In other words, in addition to acting as the middleman, it also acts as the security guard at the door that checks the entry pass of anyone attempting to enter. The ‘entry pass’ in this case are the specific parameters that have been set in the firewall and which must be met before permission to enter can be granted.

Due to the dual benefits offered by this method, proxy firewalls are an attractive option for network administrators. But it has its drawbacks. Due to the roundabout way in which the Proxy Firewall directs traffic, slow performance speed is a recurring issue. This problem is compounded by limited application support and technical issues with general functionality. These are the reasons why, when it comes to scalability, the proxy firewall becomes an impractical option. And while it was widely used in the 90’s its use has since declined.

Stateful Inspection Firewall

Also known as Dynamic Packet filtering, Stateful Inspection is a third generation technology in the evolution of the firewall. It is replacing the old Packet Filtering technique that was widely utilised earlier. Packet Filtering only examined the header information contained in each packet. Stateful Inspection hand analyses the packets up to the application layer. This way more actual data is examined.  

Stateful Inspection technique essentially does two things

  1. It checks destination ports and accordingly classifies the traffic.
  2. It steadily tracks the state of the flowing traffic by examining every single interaction of every single connection for as long as that connection is active.

Because of the way it works it adds more functionality to the control over access to the network. When granting or denying access, Stateful Inspection examines not only the port and protocol of the incoming packet but also its history in the internal state table. On receiving a packet, the firewall checks whether that connection has been established before and whether the request for the packet was made by the internal host network.

Incoming packets of information are compared to the outgoing packets to ensure consistency. This means that if the reply from the external network does not match the request from the source internal network, access is denied. If the data matches, the firewall allows the packets to flow.

If neither a history of earlier connection in the state table or a request from the internal host is found, then the firewall allows access only if the incoming packet conforms to the security policy of the firewall.

Because of its ability to quicken the flow of traffic between known networks, this firewall enjoys practical scalability. However, the additional layers of protection lend significant complexity to the network security structure and it is known to face difficulty in handling certain dynamic applications. Stateful inspection is also used in Deep Packet Inspection technique that’s used to block VPN usage in some countries. 

Next Generation Firewall

Firewalls have had to evolve rapidly to counter the threat of advanced malware and application-layer attacks. The increasing severity of the intrusive attacks on networks meant that a better, stronger and more adaptable firewall had to be used.

Malware developers have succeeded time and again to outsmart and overcome the barricades posed by existing firewalls. More and more inventive ways are being employed to sneak malware into a network. Advanced and sophisticated malware even possesses the ability to camouflage itself as part of an innocuous application or software. Once inside the system, malware can now auto initiate and establish a connection with its malware programs on other systems within the network. Most firewalls that rely solely on Packet filtering or Stateful Inspection are vulnerable against such highly organised and sophisticated methods of infiltrating a network.

The Next Generation Firewalls (NGFW) are the answer to the need of the hour. Incorporating the features of all the firewall technologies that came before, the NGFWs have now gone beyond anything previous generation firewalls could do. NGFWs conduct a more thorough inspection of the data packets and match signatures to check for malicious attacks by hackers or malware.

Technologies like Packet filtering, Network address Translation (NAT) and port address translation (PAT), Stateful Inspection and Virtual Private Network (VPN) support are now the standard features of the next-gen firewalls.

In addition to these, the NGFWs are increasingly equipped with intrusion prevention and application understanding which enables them to identify and block risky apps in real time. Advanced firewalls also possess the ability to assimilate new information feeds in the future.

What Lies Ahead

Though they are far more powerful than their predecessors, the firewalls of the future will need to become even more advanced to deal with the dynamic threats posed by sophisticated viruses and malware.

Experts agree that the firewall of the future should have, as standard features, the following capabilities:

Completely Integrated Intrusion Prevention – The capability to recognise both threat-facing and vulnerability facing signatures and implement this scrutiny simultaneously.

Extra firewall Intelligence – the capability to receive information from external sources and make informed decisions. For example – creating whitelists and blacklists in real time to be able to direct traffic efficiently.

Complete Stack Visibility and Application Identification – The capability to implement the firewall security policy at the application layer.

Adaptability – The capability to adapt to upgrades and enhancements in order to deal with evolving threats and attacks

Firewall technology continues to grow by leaps and bounds and there is no doubt that before we know it, the NGFWs will have equipped themselves with all of these features and maybe even more. Here’s hoping that the technology of the future will keep us a step ahead of cyber criminals and safe from their malicious intent.

 

SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here