Blog
You are here: / / / How do Firewalls work?

How do Firewalls work?

The Rising Tide of Internet Crimes

How do Firewalls work?

 

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. The purpose of a firewall is to prevent unauthorized access to or from a private network and to monitor and protect against any malicious activities.

Firewalls operate at different layers of the OSI (Open Systems Interconnection) model, depending on their design. There are two main types of firewalls: Network Firewalls and Host-based Firewalls. Network firewalls are placed at the boundary of a network and operate at the Network Layer (layer 3) of the OSI model, while Host-based firewalls run on individual hosts and operate at the Application Layer (layer 7) of the OSI model.

Examines all network traffic

The Network Firewall examines all network traffic that passes through it and makes a decision about whether to allow or block the traffic based on its security policies. It does so by inspecting each packet of data that passes through the firewall and evaluating it against a set of rules. These rules may be set by the network administrator, or they may be predefined by the firewall itself.

For example, a rule may allow all incoming HTTP traffic (port 80) to reach a web server, while blocking all incoming FTP traffic (port 21). The firewall also checks the source and destination IP addresses and may only allow traffic from a specific IP address range.

There are different types of Network Firewalls, including Stateful Packet Inspection (SPI) Firewalls, Application-level Firewalls, and Next-Generation Firewalls (NGFWs).

SPI Firewalls

SPI Firewalls, also known as Stateful Firewalls, are designed to keep track of the state of network connections, such as TCP connections, and to allow or block traffic based on the state of these connections. For example, an SPI firewall would allow a response from a web server to a client request, but it would block any unsolicited incoming traffic from the same source.

Application-level Firewalls

Application-level Firewalls, also known as Proxy Firewalls, operate at the application layer and are designed to provide security for specific applications. They examine all data at the application layer and make decisions based on the specific rules set for each application. For example, an application-level firewall may be set up to allow email traffic but block instant messaging traffic.

Next-Generation Firewalls (NGFWs)

Next-Generation Firewalls (NGFWs) combine the capabilities of traditional firewalls with additional security features such as Intrusion Prevention System (IPS), Application Control, and URL Filtering. NGFWs provide deeper inspection of the traffic and can detect and prevent more advanced threats.

Host-based Firewalls

Host-based Firewalls are designed to protect individual hosts and are installed on each host in a network. They monitor all incoming and outgoing network traffic and make decisions about whether to allow or block traffic based on the rules set by the administrator. Host-based firewalls are often used in conjunction with network firewalls to provide an extra layer of security.

monitoring incoming traffic

In addition to monitoring incoming traffic, firewalls can also monitor and control outgoing traffic. This is important in preventing malware infections and controlling data leaks. For example, a firewall can be configured to block all outgoing traffic from a host except for specific, approved applications, such as web browsers and email clients.

Firewalls can also be configured to provide logging and reporting. This allows administrators to track and analyze network activity and to detect and respond to security incidents. Firewall logs can provide valuable information about network activity, including the type of traffic, the source and destination of the traffic, and the time and date of the activity.

In conclusion, firewalls are essential tools for securing computer networks from unauthorized access and malicious software. Firewalls operate by inspecting incoming and outgoing network traffic and making decisions based on predefined security policies. They can be hardware-based, software-based, or a combination of both, and can be configured to operate at different layers of the network communication model. Firewalls can be packet filtering, proxy, stateful inspection, or next-generation.

 

UK Cyber Security Group Ltd is here to help

Please check out our Cyber Essentials Checklist

Please check out our Free Cyber Insurance

If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us

You might also like
What Did the Implementation of GDPR Change? A Closer Look at UK Cyber Security Group's PerspectiveWhy every company should have Cyber Essentials
The Analyst's Guide to Tracking News Origins and PathwaysThe Analyst’s Guide to Tracking News Origins and Pathways
AI in Cybersecurity: Friend or Foe?AI in Cybersecurity: Friend or Foe?
firewalls explainedFirewalls Explained
VPN Essentials: Enhancing Privacy and Security OnlineVPN Essentials: Enhancing Privacy and Security Online
Navigating the Cybersecurity Landscape: Essential Tools and ResourcesWhat are the phases of a Trojan horse attack?
Demystifying Public Key Certificates: Essential Components in UK Cyber SecurityDemystifying Public Key Certificates: Essential Components in UK Cyber Security
governance in cyber securityGovernance In Cyber Security

You can trust us with your cyber security

Our Certifications

 
12
uk cyber security ltd logo footer

Follow us Online