What is a firewall in networking, and what are its types?

Any business’s primary objective is to secure its data. Data can be stored on paper or digitally on a hard disc drive. If the data is stored on a hard drive in a server accessible via a network, the business requires a firewall to protect its critical information.

However, determining what type of firewall suits a business and how it will secure its sensitive data is a significant question.

Moreover, installing and configuring a firewall requires additional expertise, which burdens the company.

What is a Firewall in networking?

You can think of a firewall similar to a security guard at the entry of a residential building. When there is a visitor, he verifies the visitor’s information. Based on that, it allows or denies.   

A firewall performs a similar function in a computer network by inspecting network traffic. It can safeguard internal information from external or internal users, even from specific applications.

For instance, if a company in the United States of America wishes to prevent people from other countries from accessing its servers, it can use a firewall to block all traffic from outside the country.

A firewall can be hardware-based, cloud-based, or software-based. Which type you require is determined by various factors, as each type has distinct advantages and disadvantages.

The fundamental purpose of a firewall is to protect internal data from malicious network packets while allowing legitimate traffic.

How does a firewall work?

The firewall works on the filtering mechanism. When a network packet enters the firewall, it inspects it against the rules configured. A rule could be a group of parameters such as port numbers, IPs, etc. Each direction is given a status of allowed or disallowed.

How is a firewall deployed in a network?

Firewall Deployment in a Network
Firewall Deployment in a Network

A firewall is placed just before the central server and is configured to filter all incoming and outgoing traffic. It can be a software firewall, a hardware firewall, or a cloud firewall.

  • Software Firewall –  It is distributed as a software package. The user installs the firewall software on the server that needs to be protected from the external network. Despite many operating systems, including a software firewall, this is the simplest option.

    For example, the Linux operating system has IP tables. Using IP tables, a user can add the rules to inspect the packets with an action(allow/drop).
  • Hardware Firewall – The firewall comes as separate hardware with software installed. A network router is one example where the external WAN plugin is on one port, and the internal LAN connects to another. It adds some cost as it needs additional hardware.
  • Cloud Firewall – The kind of firewall where the interception works on a cloud server. It is also known as the SAAS firewall as a service. A user should have a fast internet connection to the firewall. The best part is that one can start using a firewall with an elementary plan. Later as requirements grow, he can add more to enhance the plan. This type of firewall keeps updated very regularly by the service provider.

Types of firewalls –

Packet-Filtering Firewalls

This fundamental type of firewall works on the packet level. To do the packet filtering, firewalls create basic rules. A rule may have a destination IP, source IP, source port, destination port, etc., and an outcome (allow/discard). Once a packet enters, it is inspected against all provisioned rules. The inspection checks top-level packet parameters, such as source IP, destination Ip, etc., against the rules.

If the inspection fails, the packet is discarded and may log an error for the operation guys.

A packet-filtering firewall consumes a significantly lesser number of resources. That means they do not have any impact on the system’s performance. But at the same time, it just looks like surface-level parameters, so any attack the content performs is not blocked.

Circuit level filtering –

Another primary type of firewall is that it filters the packets for setting up dedicated circuits or connections. One example is a TCP connection. Once set up, a circuit takes significant resources. If the number keeps increasing, there will be a denial of service at some point.

The most straightforward approach is to allow creation only from trusted sources. E.g., the firewall filters the packets for TCP handshake. The first packet is the TCP SYN segment, and the firewall allows the connection if the source IP and ports are legitimate.

As do not look into the content. So good if you want to protect the resource usage, but not suitable to protect from the malicious contents in a packet.

Stateful Inspection Firewalls

As the name implies, the firewall inspects all packets for the duration of a TCP connection in addition to performing initial-level filtering. To accomplish this, it stores connection information in the database, such as the source IP, the destination IP, and the connection state. It inspects all data that is transmitted over the connection.

A TCP connection lifetime starts with a 3-way handshake and ends with a connection termination. In a stateful inspection, a firewall inspects the actual data transfer too. That makes it a better option as compared to the other stateless firewalls. But it needs more resources.

Proxy Firewall –

In contrast to other types of firewalls, a proxy firewall intercepts messages at the application layer. This is accomplished by deploying a proxy server as an intermediate node between the communicating hosts. The server hosts the proxy filtering application, redirecting all messages from one direction to another.

With a proxy server in the middle, there are logically four communicating hosts. In one direction, the intermediate server acts as a client. In another, it acts as a server.

A firewall at the application layer is application-specific. For instance, it can intercept web traffic and e-mail traffic.

Suppose a business utilizes a proxy firewall to guard against unauthorized website visits. When an internal user accesses a website via the internet, the HTTP request is forwarded to the application firewall for packet examination before being sent to the web server.

While this appears to be a very promising solution, but all of the application-level processing places additional strain on the hardware and introduces a delay between request and response.