There are four dominant types of firewall that every tech-savvy person should know to protect their internet security. Essentially a type of filter which ensures data between two networks is the type the user wants to allow, the firewall has continued to develop over the years. As technology has advanced so has the firewall. Importantly, each type addresses different kinds of operating environment based on similar principles.
The firewall monitors network traffic to decipher if it is benign or malicious. It uses a regularly updated set of rules to define the criteria from which it decides if traffic is safe for transfer across the network or intended to attack the recipient device. While there are a number of different types and an evolving set of progressive next-gen alternatives, there are four you really need to know about.
The most common type is the packet filtering firewall. The original firewall. It’s relatively easy to set-up on small networks and utilizes a router to examine every packet passing across the network, designating traffic to forward or drop based on its access control list.
The way it works, and the reason other firewalls are needed to complement its effectiveness, is through tracking the source’s IP address, destination, port number and type of traffic, meaning it cannot prevent attacks on application layer vulnerabilities. It’s a system for domestic or small-scale use mainly.
For larger networks, application layer firewalls are a more sophisticated way of dealing with network traffic, creating an indirect connection between the network and the internet. By utilizing a separate proxy to examine data at an application level, the firewall allows the network to enable or disable traffic based on additional application information.
To better support this type of security, dedicated firewalls take these principles to particular network functions and environments. For example, a Web Application Firewall (WAF) specifically protects web servers from being compromised”. An important addition for businesses, application layer firewalls improve overall security by preventing attacks to application infrastructure that could cause damage to data or service outage.
Identifying malicious content by monitoring TCP handshakes (and fulfilment of firewall rules) that are established within the network to decipher if the sessions initiated between local and remote hosts can be trusted, these gateways offer an additional layer of protection to packet inspection firewall functionality.
Ideal for networks that require a firewall providing connection security for Datagram Protocol (UDP) and Transmission Control Protocol (TCP), it works by creating a virtual circuit between the internal client and proxy server. It’s an important step in preventing internal private IP addresses being exposed to intruders.
Often, users that need an extra layer of protection will incorporate stateful inspection firewalls too which, instead of just examining each packet, track whether the packet is part of a recognised TCP session. It’s more secure than some firewalls but puts strain on network performance.
Combining the security measures employed by packet-based, proxy and stateful inspection, hybrid firewalls bring a number of advantages. Like stateful inspection firewalls, hybrids can monitor traffic across the network as well as at application level.
Hybrids are often used on major networks to offer the capability to quickly add new services such as supplementing a stateful packet filter with user authentication measures through additional proxies for the service or services within the network.