Firewalls first appeared in the 1980s to protect computers against virus attacks. They were viewed as a barrier against malicious software that could spread like wildfire if not contained. Since then, cybercriminals have created more sophisticated ways to bypass firewalls while companies work on more comprehensive protection.
What Are Network Firewalls?
Firewalls serve as a barrier protecting a network from unauthorized access. They shield network-connected devices from malware threats. How well a firewall works depends on how it’s configured. Firewall configurations establish rules to block data from locations, ports, and applications while letting accepted information through.
Firewalls may be hardware appliances or software applications.
- Hardware-based firewalls are separate devices that protect multiple devices and control network traffic.
- Software-based firewalls may operate on a network server or in a virtual machine. They provide control of network traffic and devices.
Cloud-based firewalls are also available from companies offering firewalls as a service.
How Does a Firewall Work?
Firewalls monitor network traffic using pre-set rules. The type of firewall determines the type of protection.
Packets are blocks of data sent across networks. Packet-filtering blocks traffic based on the IP protocol, IP address, and port number of the incoming packet.
Firewalls that support proxy server filtering retrieve information from the internet and send it to the requesting device or application. Message filtering occurs at the application level. These firewalls centralize data for more efficient scanning.
These firewalls track established connections and filter traffic based on state, port, protocol, and rules. The firewall retains information on every established connection, making sure that incoming traffic matches an established connection.
Unified Threat Management
A unified threat management (UMT) firewall combines the functions of stateful firewalls with intrusion prevention and antivirus. UTM firewalls may include cloud management features.
These firewalls inspect packets as well as filtering them. They look at the contents and sources, making it possible to block more sophisticated threats.
Network Address Translation
A network address translation (NAT) firewall monitors internet traffic and blocks unsolicited communications. NATs only accept inbound traffic if a network device requests the connection.
Firewalls offer protection from unauthorized access; however, the extent of that protection depends on the specific solution being deployed.
Why Use a Firewall?
Firewalls are fundamental to good security hygiene. Without a firewall, organizations expose their digital assets to possible theft or disruption. According to a 2021 report, the average cost of a data breach is $4.24 million (US), with a significant percentage of that coming from lost business and damaged reputations. The following statistics highlight the impact of cyberattacks:
- Cybercrime damage in 2021 averages $190,000 per second.
- IoT attacks grew by 300% in 2020.
- The average ransom payment is $233,817.30.
- Organized cybercrime accounts for 55% of all data breaches.
- 59% of buyers will not do business with a compromised company.
- 25% of buyers will move to a competitor if a company suffers an attack.
- Ransomware attacks occur every 11 seconds.
- Over 50% of cyberattacks target small- to medium-sized businesses.
- 60% of small businesses will fail within six months of an attack.
Distributed Denial of Service
- A DDoS attack can affect up to 25% of the total internet traffic in a country.
- By 2022, the total number of DDoS attacks will reach 14.5 million.
- 43% of data breaches involved web applications.
- 45% of data breaches involved hacking.
- 52% of data breaches were by malicious attacks.
- 34% of organizations reported having malware in 2020.
Today’s cyber threats come from organized groups where crime is a business. They are continuously looking for vulnerabilities to exploit and developing more sophisticated ways to launch an attack. Without a firewall, an organization is a cyberattack waiting to happen.
What Features Should a Software Firewall Have?
Network firewall software can be host- or cloud-based. It can operate on a physical server or in virtual machines. How the software is used determines which features are essential for successful operation. When looking at different firewall software, companies should consider the following:
- Instances. Protecting multiple locations versus a single location requires different capabilities. Centralized management and remote access are two areas where the number of locations may impact a decision.
- Support. Getting help when needed is critical because a gap in firewall protection can lead to catastrophic events. Make sure the company offers support that matches organizational expertise.
- Availability. Unprotected networks are vulnerable. Assess uptime and discuss redundancy options with a vendor.
- Proxy. Proxy firewalls mask the source of outgoing data and validate incoming data for improved security.
- Logs and Reports. Keeping a record of firewall activity helps IT see network traffic flow. Logs give administrators better visibility into anomalies on a network.
- VPN. Virtual private networks are encrypted connections that hide IP addresses during site-to-site communication. They use tunneling to secure connections between a remote device and a network.
- Segmentation. Segmentation partitions a network into smaller segments to minimize the risk of a virus spreading through a network. Creating small logical networks enables supervisors to shut down infected areas without killing the entire network.
- Maintenance. Firewalls require rules. If setting rules is cumbersome and time-consuming, IT personnel may struggle to ensure adequate coverage. Creating, maintaining, and migrating policies should be as streamlined as possible. Rule-level metrics should be part of maintaining a firewall.
- Deep packet inspection. Firewalls must look at more than data packets. They need to inspect the data to minimize the risk of security threats.
- Distributed Support. For organizations with large remote workforces, firewalls need to provide a secure channel for communications. VPNs can provide that security, but so can cloud-based firewalls.
- Compatibility. If security solutions are already in place, making sure the firewall is compatible can save time and money. Incompatible solutions result in significant code development, workarounds, or replacements.
- Bandwidth. Network administrators allocate bandwidth based on application and user requirements. Firewall solutions should provide access to bandwidth controls.
Many of the software firewall companies also offer hardware, virtual, and cloud-based solutions. Some firewalls are hosted, while others sell services by subscription.