Literally translated, firewall means “firewall”. The term refers to an IT system that can analyze, forward, or block data traffic. This enables the firewall to detect and prevent unwanted access to a system. Individual computers, servers, or entire IT environments can be protected with a firewall.
What is a firewall?
Each firewall consists of a software component that can read and evaluate network packets. Within this software, rules can be defined as to which data packets are allowed through and which are to be blocked. The software can be installed on the hardware component to be protected itself or on separate hardware dedicated only to the firewall.
In the second case, the firewall is also called an external firewall or a hardware firewall. Firewalls are often placed at network boundaries between an internal and an external network. At this central point, they control incoming and outgoing data traffic.
The most important functional components of classic firewalls
To fulfill the protection function, classic firewalls have various functional components. The number and feature set of individual components may differ from firewall to firewall solution, depending on their capabilities. Essential functions implemented in firewalls are often these:
- Packet filter
- Network Address Translation
- URL filter
- Content filter
- Proxy function
- Virtual Private Networks (VPN)
- Stateful Packet Inspection
- Deep Packet Inspection
The basic functionality of the firewall is the packet filter. It can filter IP packets based on characteristics such as IP sender addresses, IP destination addresses, and ports.
If the packet filter is capable of stateful packet inspection, it can also use the status of IP connections as a criterion for packet filtering.
Deep Packet Inspection evaluates additional information of the protocols transported in the IP packets and blocks packets or forwards the data based on rules.
The proxy function in the firewall assumes the role of the sender in network connections and forwards all requests by proxy. The proxy manages all communication and is able to analyze and influence content. For example, a proxy can prevent users from an internal company network from downloading unwanted content from the Internet.
The content filter extends these possibilities and allows an even deeper look into the data of the connection. In many cases, the firewall also terminates so-called virtual private network (VPN) connections. These encrypted connections allow secure access to the network behind the firewall from the public Internet.
What do modern Next Generation Firewalls (NGFW) do?
A Next Generation Firewall (NGFW) has the basic functionalities of classic firewalls but extends them with additional filtering and analysis options. Next Generation Firewalls can evaluate higher layers of the transmitted protocols and are able to detect dangerous data traffic more specifically and intelligently.
As a result, these systems provide even better protection and detect attacks that take place at higher layers of the OSI layer model. The following functionalities may be present on Next Generation Firewalls:
- Intrusion Prevention System (IPS)
- Deep packet inspection
- TLS/SSL and SSH inspection
- Website Filter
- Antivirus inspection
- Malware detection
- QoS Management
What is a Web Application Firewall (WAF)?
The Web Application Firewall (WAF) is a special application of the firewall. It is specifically designed to protect web applications from attacks that occur over HTTP (Hypertext Transfer Protocol).
The Web Application Firewall analyzes application-level traffic and can read protocols such as HTML, SOAP, or XML. For example, it protects web applications from threats that can arise from SQL injection or session hijacking.