Types of Firewalls and How to Design One

Leave a Comment / Cybersecurity, Network Security / By

Consider the Pentagon in Virginia, the military headquarters of the United States, you’d imagine security at such a facility to be extremely high, and you’d be right. It’s one of the most, if not, the most protected building in the world, and only authorized personnel and data are allowed to enter.

 

Just as the Pentagon needs to protect its data and people, in the same way, a computer needs a barrier to protect it from unauthorized access and other threats. Enter firewalls; that digital barrier that protects our computer systems from unwanted intruders, and a critical component in the realm of information security.

 

Firewalls have long been an integral part of cybersecurity measures for quite some time. Like that dreaded bouncer that prevents you from entering a club for not dressing properly, firewalls have complex rules and policies that filter network traffic. In today’s world, companies of all sizes recognize the critical need to safeguard sensitive information in this heavily data-driven society. Here in this digital battlefield, the old firewall is an essential line of defense.

 

However, many companies still don’t understand the ins and outs of firewall selection and configuration. Knowing what firewalls can do, and their limits, is more important than ever before due to the ever-changing threat landscape and the more sophisticated strategies used by hackers. In this article, I’ll provide a practical guide to various firewall solutions, deployment, and how they may defend your critical assets in the face of ever-present cyber dangers. Let’s get to it.

 


What is a Firewall?

In simple terms, a firewall is a network security tool aimed at restricting access to resources such as data, information, or services within a network. The limitations placed on such access stem from a security policy put in place by the organization. A firewall is capable of either permitting or denying access to resources, verifying users or machines prior to granting access to the resource, and overseeing the traffic entering and leaving the network.

 

Firewalls limit access to resources that would otherwise be available, meaning they can only block communications, not facilitate them. Firewalls not only limit access from untrusted external networks, but they can also restrict access from inside to external services considered risky or essential for the organization’s operations.  

 

Think about this; most businesses nowadays, if not all of them, permit workstations and servers to connect to the Internet, which is an external, untrusted network. While this is undoubtedly necessary, it also gives the outside world access to local network resources and presents a risk to the company. Now consider a network that has hundreds, thousands, or even tens of thousands of computers running various applications.

 

To create a regulated link and an external security wall or perimeter, a firewall is placed between the corporate network, also known as the private network, and the Internet. Firewalls provide network security in this manner, preventing outside parties from accessing resources and services that are meant to be used exclusively within the organization.

 

One crucial aspect that is frequently disregarded in network security design and firewall installation is the fact that these security measures merely limit the traffic that flows through them. The firewall is powerless to stop data from entering the network if there is another path available for the data to go between the client and the server that avoids the firewall.

 

Wi-Fi hotspots, wireless LANs, and dial-in lines are well-known instances of unsecured network access points that exist behind firewalls. For a firewall to function as an effective point of control, it must be the only channel of communication that links a trusted network—which can be a Local Area Network (LAN)—and untrusted networks, such as the Internet. I’ll discuss more about the limitations of firewalls later.

 

Diagram showing how firewalls restrict incoming traffic.

Firewall Design Characteristics

Before we delve deeper into firewalls, it’s a good idea to have an appreciation of what constitutes a good firewall. For any firewall to be effective, certain firewall design characteristics must be considered.

 

  1. Passing via the firewall is mandatory for all traffic, both inbound and outbound. All-access to the private network other than that which is allowed by the firewall is physically blocked in order to accomplish this. 

 

  1. The firewall will only let through approved traffic as specified by the network security policy of the organization. There are several kinds of firewalls in use, and they all apply different kinds of security policies.

  2. Intrusions must not be able to breach the firewall itself. To accomplish this, a secure operating system and trustworthy system have to be used. 



How Firewalls Control Access and Enforces a Security Policy



Service Control

The overall objective of a firewall is to obviously control what can and cannot enter into the private network. As mentioned before, this control of access is based on the security policy that is implemented by the organization.

 

So what’s a security policy? Or more specifically, a network security policy? In the most basic terms, a network security policy is essentially a set of rules. The rules define such items as system configuration, network responsibility, how to use the system, how to manage the system, and what data and information require what sort of protection. The firewall will obey the rules of the security policy dealing with authorized data access. Here are four techniques that firewalls use to control access and enforce a security policy. 

 


Direction Control

This establishes the direction in which certain service requests can be made and permitted to pass through the firewall.

User Control

The firewall identifies the user trying to access a service and controls their access accordingly. Users located inside the firewall’s perimeter (local users) are usually the ones that get this capability. It may also be applied to incoming traffic from external users, however, these users will be required to provide some form of secure user authentication before being allowed to proceed.

Behavior Control

Regulates the utilization of specific services. A firewall’s capabilities can be utilized in various ways; for instance, it can filter incoming emails to remove spam or restrict external access to a local web server’s data.


Limitations of Firewalls

 

  1. A major limitation of firewalls is that they only control network traffic that flows through them. They cannot control the flow of data between two machines that communicate without having to pass through the firewall. Furthermore, the most commonly type of firewall (the stateful packet filter) cannot block traffic based on its content, as there is no examination of the actual data held inside the TCP or UDP (User Datagram Packet) packets. Filtering is done purely on the basis of IP addresses and TCP/UDP port numbers.

 

  1. Internal risks, such as an irate employee or one who knowingly or unknowingly helps an outside attacker, are not protected by a firewall.

  2. The transfer of files or programs contaminated with viruses is not something that the firewall may not be able to stop. The firewall could never possibly check all incoming files, emails, messages, and viruses due to the wide range of operating systems and programs supported inside the perimeter. Sophisticated viruses and malware can employ various techniques to attempt to bypass or trick the firewall. 



Firewalls Types


Packet Filters

In networks, the term packet refers to a small, self-contained unit of data that traverses a network. It consists of two main components; a header and a payload. The header contains information such as source and destination addresses, error-checking data, and control details. The payload contains the actual data being transmitted. With packet filtering, the firewall makes the selection to route certain packets based on a combination of source IP address and destination port number. A packet filter requires a ruleset that tells it which packets should be allowed to pass through and which should not.

 

The principle of packet filtering firewalls is that every packet that arrives at the firewall is tested against the ruleset to determine if it should or should not be allowed. This is done for both outbound request packets and inbound reply packets. The firewall ruleset has to have explicit rules allowing the packet to travel in each direction, otherwise, effective communication cannot be achieved.



Circuit Level Proxies

These firewalls never route packets between source and destination, instead a new connection(s) are made between the proxy and the destination server on behalf of the operating client. The response from the remote server then comes back to the proxy machine, which then places the result into a response packet and returns it to the original client.

 

It is important to remember that proxy servers do not route packets. Packets are always absorbed in the interface where they arrive, the contents inspected, and if the data is allowed to pass through the firewall according to the ruleset, a new packet is generated at the outbound interface and sent to the destination.

 

Proxy firewalls always generate new packets containing the original data payload, and therefore all packets sent to the outside would have the characteristics of the proxy firewall. Far less information about the client’s systems being protected is leaked to the outside world by a proxy firewall.



Stateful Packet Filters

These are more advanced firewalls that not only inspect individual packets but also track the connections between them, allowing them to dynamically allow or block traffic based on the established state of the connection. The “state” of a connection refers to the current stage and information about the communication between two devices on a network. It’s like keeping a record of the conversation happening between them.

 

A state table or stateful inspection table is used by the firewall to maintain track of the status of active connections. This database keeps track of details regarding connections that have been made, such as ports, source and destination IP addresses, and the connection’s status (e.g., established, related, new). 

 

This offers better security than packet-filtering firewalls. A stateful packet filter is the most commonly encountered type of firewall architecture on networks today. It provides a good compromise between performance, security, and complexity. Stateful packet filters can recognize the state of a connection between source and destination machines and apply the following rules:

 

 

  1. Rules can be specified to allow requests from client to server, and then server-to-client responses can be automatically recognized by the state of the connection, without requiring explicit rules to allow the reply packets.

 

  1. Packets that are related to, but not strictly part of a communication session can also be recognized by the stateful filter and allowed through, without requiring explicit rules. 

Diagram showing how stateful firewalls restricts incoming traffic.



Circuit Level Gateway

Circuit-level gateways are another kind of firewall. This might be an application-level gateway’s specific task for a particular application, or it can be a stand-alone system. A circuit level gateway establishes two TCP connections, one between itself and a TCP user on an external host, instead of allowing end-to-end TCP communication. Following the establishment of the two connections, the gateway usually forwards TCP segments from one connection to the other without inspecting the contents. The security function decides which connections are acceptable and thus allowed.



Next Generation Firewalls

Next-generation firewalls (NGFWs) provide better security by scanning network data more thoroughly. They can find and stop advanced cyber threats like malware and specific attacks. NGFWs give you fine-grained control over network access and make sure you follow security rules with features like application awareness and attack prevention. They are necessary to protect modern networks from threats that are always changing.



Firewall Deployment Methods


Hardware Firewalls

These are physical equipment that are devoted to this purpose and located between your network and the Internet. High performance and centralized management are two benefits that they provide; yet, they can be costly and need more hardware and space. Hardware firewalls are much more prevalent in large organizations.

Software Firewalls

These are programming applications that can be installed on particular devices such as computers. Software firewalls are more prevalent in personal computers and smaller organizations.  Software firewalls are often free or come pre-installed with your operating system, however, for companies, especially larger ones, it is recommended to install a software firewall from a reputable source. It should be noted that software firewalls provide fundamental security, but they might not be as effective as hardware-based firewalls. 

Cloud-Based Firewalls

Cloud-based providers like Amazon’s AWS or CloudFlare offer hosting of firewalls, which are supplied as a service. However, they may come with subscription fees and are dependent on a dependable Internet connection. These cloud-based firewalls provide scalability, flexibility, and quick implementation


Firewall Configurations

Setting up a firewall may differ based on the particular firewall software or hardware device you have and the organization that is deploying the firewall. Larger organizations with more resources can implement very complex firewalls combining both hardware and software firewalls, whereas smaller organizations with fewer resources will have firewalls with less complexity.

However, there are basic steps to the implementation of any firewall.  Here are some basic steps to help you navigate through the process. It’s important to remember that the specific steps might vary depending on the firewall solution that’s being used.

1. Access the Firewall Settings

For hardware firewalls. Access the device through a web-based interface or command-line interface, often by entering the device’s IP address in a web browser. For software firewalls. Open the firewall management interface or application on the computer.

 

2. Create Firewall Policies

The policy is a set of rules that define what action must be taken place when a certain event takes place. Some firewalls may have predefined rules that allow or block certain types of traffic based on the organization’s security policy.

 

3. Create Ruleset

The ruleset defines rules what traffic is allowed or blocked based on criteria such as:

  • Source and destination IP addresses.

  • TCP or UDP ports.

  • Protocols (e.g., TCP, UDP, ICMP).

  • Connection states (e.g., new, established, related).


4 Set Logging and Notifications

  • Configure logging settings to keep track of firewall activity. This can help you monitor and analyze the traffic.

  • Enable notifications or alerts for specific events, such as blocked connections or suspicious activities.


5. Test Rules

After creating the ruleset, they should be tested to ensure they are working as intended. Try accessing services or ports affected by the rules and verify that the firewall responds accordingly.

 

6. Review and Updates Rules

Regularly review and update the firewall rules to accommodate changes in your network configuration or security policies.

 

7. Implement Security Best Practices

Security best practices should be followed, including the principle of least privilege. Only allow necessary traffic and services to enhance security.

 

8. Consider Application Layer Filtering

Some firewalls support deep packet inspection and application layer filtering. Consider using these features to inspect and control traffic based on the application layer content.

 

9. Backup Configuration

Regularly back up your firewall configurations. This ensures that you can quickly restore settings in case of configuration errors or device failure.

 

10. Documentation

Document the firewall configuration, including rules, policies, and any changes made. The documentation allows for troubleshooting and future reference in the event such information is needed.


Conclusion

To sum up, firewalls are the unwavering protectors of our digital domains, continuously observing and screening all incoming and outgoing information to guarantee the security and safety of our globalized society.

Even though they might not be infallible, firewalls provide an essential initial line of security in the constantly changing digital world. Users are better equipped to secure their important data and have a safe online presence with a properly configured firewall.

Maintaining cybersecurity requires constant attention, and in the linked world of today, being watchful and implementing extra security measures are crucial. Firewalls act as a vital barrier that enables us to take use of connectivity’s advantages without jeopardizing the integrity and confidentiality of our most precious data. 

Related Posts:

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x