What is a Firewall?

Firewalls are critical in network security. Explore how they function and their role in protecting sensitive data from unauthorized access.
By SentinelOne June 25, 2021

Firewalls are essential security devices that monitor and control incoming and outgoing network traffic based on predefined security rules. Our guide explores the different types of firewalls, including packet filtering, stateful inspection, and application-level firewalls, explaining their roles in protecting networks from unauthorized access.

Learn about best practices for configuring and managing firewalls to ensure robust network security. Stay informed about the latest trends in firewall technology and how they can help safeguard your organization’s digital assets.

What Are the Different Types of Firewalls?

There are several different types of firewalls, defined based on their format or function. Here we will first outline the basic firewall form factors, then functionality.

Firewall form factors include the following:

  • Standalone Firewall – An appliance that filters Internet traffic to and from a private network. This type of dedicated device is typical of larger enterprises and wouldn’t normally be seen on something like a home Internet setup.
  • Built-in Router Firewall – Internet routers typically used in home and small business setups will normally have firewall functionality built-in. This helps keep small networks secure with little thought on the consumer’s part but offers more limited control than dedicated solutions.
  • Cloud-Native Firewall – Operate in cloud-based environments, protecting virtualized infrastructure that would be unsuitable for the traditional firewall paradigm of walling off one network from another.
  • Host-Based Firewall – Host-based firewalls operate on individual computing devices to regulate traffic, providing a second line of defense if a standalone or router firewall is active. Operating systems like Windows and MacOS typically come with a firewall pre-installed, though it may need to be activated.

Firewall functionality types including the following:

  • Static Packet-Filtering Firewall (aka stateless inspection firewall) – Checks all individual packets sent across a network based on source and destination. Filtering is performed based on IP addresses, port numbers, and the protocol in use. Rules (known as an access control list) are set up by the system administrator and can be modified as needed. Previous connections and data context are not tracked or considered, allowing for a fast but comparatively unsophisticated filtering methodology.
  • Stateful Inspection Firewall – Like a static packet-filtering firewall, a stateful inspection firewall examines the IP addresses, port numbers, and the protocol in use for transmission. The stateful inspection methodology, however, also tracks past connections in a state table. This allows for a dynamic filtering methodology based on previous good or problematic connections in conjunction with the general rules set up by system administrators.
  • Proxy Firewall – A type of proxy server that acts as a middleman in a connection between a private network and the Internet. Data is filtered by the proxy server before being passed on. An early form of data protection, proxy firewalls are still common today.
  • Next-Generation Firewall (NGFW) – NGFW systems include advanced firewall protection features, including intelligence-based access control, integrated intrusion prevention system, application awareness, and more.

Are Firewalls Needed?

Yes, you need a firewall. Nearly any computing device connected to the Internet needs a firewall. You most likely already have a firewall between your computer and the open Internet.

Home routers typically come with a firewall enabled by default, and your ISP may use a cloud-based firewall solution to avoid passing malicious traffic to your system. At the host level, both Windows and MacOS have firewalls available, though they may not be enabled by default. Businesses typically have firewall-enabled routers or standalone equipment, which you may have noticed in the form of not being able to visit Facebook or other services deemed non-productive.

Without this basic data protection, your devices, including IoT (Internet of Things) devices and network appliances, would be more susceptible to threats from the outside world. While firewalls can be restrictive at times and may even impede performance, this type of filtering device is worth the tradeoff.

Does a Firewall Secure Systems from Cyber Threats?

While a firewall is a good way to help secure a network, cloud infrastructure, or individual hosts (i.e., computers) from intrusion, it will not eliminate every threat. Consider that cyber attacks, as outlined here, can come in many forms, well beyond penetrating a network from the open Internet.

Social engineering and account compromise can allow intruders to obtain credentials to log onto your network, potentially installing malware that can then wreak havoc internally. Exploits allow for attacks using unknown or unpatched vulnerabilities, and denial-of-service attacks simply flood a network with traffic, rendering it largely unusable. Even with a properly set up and maintained firewall, we still need to keep on guard for threat mitigation and response.

Firewalls Can Restrict Access to Non-Productive and Explicit Sites

In the context of this article, we are mostly discussing firewalls in the context of infiltration from malicious actors and data sources, providing a first line of defense in cybersecurity. However, firewalls are also implemented in the form of parental controls in home and school settings, keeping children from viewing explicit content.

In a corporate setting, workplaces can restrict which websites employees use on work computers in an attempt to increase productivity and squelch superfluous data usage. Of course, in our age of smartphones, employees can generally circumvent such productivity restrictions. At least this doesn’t create a drag on company bandwidth, though that is generally not a huge concern.

One might see a bit of irony in using a proxy server in this context, as this means implementing a technology that can be used as a type of firewall to defeat another firewall. Internet technology, whether aboveboard, criminal, or somewhere in-between, works surprisingly well considering how much equipment and programming is cobbled together to send data massive distances at incredible transfer speeds.

FAQ

What is a firewall?

A firewall prevents or allows data transmission from one point in a network to another. In the context of a computer, or host, a firewall is software that filters data to or from this individual device. This is also known as a host-based firewall.

Where does the term firewall come from?

The term firewall was originally used for a literal wall constructed inside a building to impede the potential spread of a fire from one area to another. Vehicles also have a firewall feature to separate the engine from the passenger compartment. Like literal “fire walls,” computing firewalls protect one computing “realm” — typically a private network or single computer — from threats emanating from another such realm (typically the open Internet).

Does a firewall system need to be updated?

The risk from malware and cyberattacks comes in many different forms, from direct incursions via the Internet to malware and even social engineering. The firewall, as a piece of hardware, does need to be kept continually up to date in the same way a computer’s operating system has to be updated to keep up with current threats. Custom firewall rules must also be updated, whether to account for new threats and even nuisances (e.g., social media) to your organization. Rules must also be updated to allow previously restricted websites and data sources to be used as needed (like social media in some contexts).

Conclusion | Firewalls Are a Good First Step in Cyber Security

Firewalls have a rich history in computing, keeping networks secure for well over three decades. Yet discussion about whether firewalls are still useful continues today. After all, directly attacking a network’s perimeter from the Internet is far from the only threat vector for cyberattacks.

In reality, the security of a router can be defeated, but this basic bit of protection is still useful for defeating many threats. More than a firewall is needed for overall cybersecurity. With the proper team and tools in place, cybersecurity threats can be defeated, but network defenders must always remain vigilant.

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.