What is a Firewall and How Does it Protect Computer Networks?
Firewall and Its Functions
A firewall is a security tool that monitors, controls, and filters network traffic between a trusted internal network and untrusted external networks like the internet. The name comes from construction: a physical firewall stops fire from spreading between rooms. There are 5 functions a firewall performs:
- Traffic Filtering: allows or blocks data based on security rules including source/destination IP addresses and port numbers.
- Data Packet Inspection: examines individual data packets using packet filtering to check if they follow security policies.
- Stateful Inspection: monitors ongoing connections and checks whether data requests match expected responses, not just single packets.
- Proxy Services: routes data through the firewall instead of directly between user and source, hiding internal IP addresses.
- Monitoring and Logging: records network activity continuously to detect unusual events like unauthorized access attempts.
A firewall is a security tool in computer networking. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Its job is to monitor, control, and filter incoming and outgoing traffic based on set security rules. By doing this, firewalls block unauthorized access and protect against cyber threats.
Why is it Called a Firewall?
The term “firewall” comes from construction. In buildings, a physical firewall is a wall that stops fire from spreading from one section to another. In networking, a firewall stops harmful or unauthorized traffic from spreading into a secure network.
How Firewalls Work
Firewalls analyze network traffic and decide whether to allow or block data based on security rules. Here is what they do:
1. Traffic Filtering
- Firewalls examine network traffic and allow or block it based on set security rules.
- Rules can include the source and destination IP addresses, the type of data being sent, or network port numbers.
2. Data Packet Inspection
- Firewalls inspect individual units of data called packets.
- This process, called packet filtering, checks the headers of packets to see if they follow security policies.
3. Stateful Inspection
- Modern firewalls use stateful inspection to monitor ongoing connections.
- Instead of checking single packets, they look at the context of the traffic. For example, they check whether a data request matches an expected response.
4. Proxy Services
- Some firewalls act as proxy servers. This means data flows through the firewall rather than directly between the user and the source.
- This extra step improves security by hiding internal IP addresses and separating internal systems from external threats.
5. Monitoring and Logging
- Firewalls continuously monitor network activity and record events for analysis.
- These logs help detect unusual activity, such as unauthorized access attempts or potential threats.
A security tool that monitors and filters network traffic between trusted and untrusted networks
Named after the physical firewall in buildings that stops fire from spreading.
- Blocks unauthorized access
- Uses rules based on IP addresses and port numbers
Importance of Firewalls in Network Security
- Network Protection: Firewalls protect systems by blocking cyber threats such as malware, ransomware, and unauthorized access.
- Traffic Regulation: They control what data enters or exits a network, so only safe and legitimate information passes through.
- Detection of Suspicious Behavior: Logged activity can alert administrators to unusual or harmful events, allowing them to act quickly.
- Enforcement of Security Policies: Organizations can set their own firewall rules to meet their specific security needs.
Monitoring the full context of a network connection, not just individual data packets
A regular firewall checks one packet at a time.
Stateful inspection checks whether the response matches the original request - making it harder to sneak harmful data through.