Introduction to Firewalls
A Firewall is a critical network security system designed to monitor and strictly control incoming and outgoing network traffic based on predetermined security rules.
It establishes a highly secure barrier between a trusted internal network (like a corporate office LAN) and an untrusted external network (like the public internet). Without a firewall, internal computers are entirely exposed to malicious external attacks.
Types of Firewalls
For exam purposes, firewalls are strictly categorized based on which layer of the OSI model they operate on and how deeply they inspect the traffic.
1. Packet Filtering Firewalls (Stateless)
These are the most basic firewalls, operating strictly at the Network Layer (Layer 3). They inspect each individual data packet in isolation, looking only at the Source IP, Destination IP, and Port numbers.
They are completely stateless, meaning they have no memory of previous packets. For example, a network administrator might configure a Packet Filtering Firewall to instantly drop any incoming packets targeting Port 23, effectively blocking all legacy, unencrypted Telnet connections.
2. Stateful Inspection Firewalls
Operating primarily at the Transport Layer (Layer 4), these firewalls are significantly smarter. They actively monitor the state of ongoing connections.
Instead of looking at packets in isolation, they remember if a packet is part of an established conversation. For example, if an internal computer requests a webpage, the firewall remembers this request. When the external web server replies, the firewall allows the incoming traffic because it belongs to a trusted, pre established state. If a random external server tries to send data without being asked, the firewall instantly drops it.
3. Proxy Firewalls (Application Level Gateways)
These operate at the highest layer, the Application Layer (Layer 7). They do not just look at IP addresses; they deeply inspect the actual payload (the content) of the data.
They act as a strict middleman. When a user requests a file, the proxy downloads it first, inspects the actual content for malware, and only passes it to the user if it is safe. For example, a Proxy Firewall can be configured to allow an employee to access a website but strictly block them from downloading any executable files from that site.
4. Next Generation Firewalls (NGFW)
These represent the modern standard. They combine traditional port inspection with highly advanced features like Deep Packet Inspection, built in Intrusion Prevention Systems, and the ability to selectively block specific applications.
Hardware vs Software Firewalls
- Hardware Firewalls: Dedicated physical appliances that sit exactly at the boundary of the network (between the router and the internet). They protect the entire network of computers behind them.
- Software Firewalls: Software programs installed on individual host operating systems. They only protect the specific device they are installed on, making them an excellent second layer of defense.
Firewall Access Policies
- Default Deny (Whitelist): The firewall strictly blocks absolutely all traffic by default. The administrator must explicitly create rules to allow specific, trusted traffic through. This is the most highly secure approach.
- Default Allow (Blacklist): The firewall allows all traffic to pass by default. The administrator must explicitly create rules to block known malicious traffic. This is highly dangerous and rarely used in secure enterprise networks.
