What is a firewall?

‘Firewall’ is one of those IT phrases we’ve all heard, and while we have a vague idea that it’s to do with security, we don’t really know what it actually means. The basic functions of firewalls aren’t that confusing or mysterious, even to non-techies, and it is important to be informed when it comes to your IT security.

Firewalls have been a first line of defence in network security for over 25 years. As the name suggests, they essentially form a barrier between secured and controlled internal networks which can be trusted (e.g. your office or home network) and untrusted outside networks, such as the Internet. A firewall monitors incoming and outgoing data traffic and decides whether to allow or block specific traffic based on a defined set of security rules in order to prevent unauthorized access to or from a private network. There are various types of firewall which might be hardware, software, or both.

Proxy firewall

Also known as a gateway firewall or application firewall, this is an early type of firewall but is still in use. It functions as an intermediary for the data exchanged from one network to another at the application level: i.e. for each individual program. This provides a some security, but can affect speeds and limit what application your network can support.

Stateful inspection firewall

A stateful inspection firewall, also known as also known as dynamic packet filtering, monitors all activity from the opening of a connection until it is closed. This means that filtering decisions are based on both the specific rules defined by the administrator and information gathered from monitoring previous connections. Part of the wider context this creates is that the firewall can, for instance, recognise when network packets (units of data) are coming from a known source it has dealt with before. A stateless inspection firewall, by contrast, has no record of previous interactions and each individual request has to be handled based only on information that comes with it.

Unified threat management (UTM) firewall

A UTM device might be a network hardware appliance, virtual appliance or cloud service and combines multiple security services and features. This commonly includes a stateful inspection firewall with the addition of intrusion prevention and antivirus functions, and sometimes cloud management. UTMs are sometimes seen as a ‘one stop shop’ for IT security and the focus is on simplicity and ease of use.

Next-generation firewall (NGFW)

Beyond the packet filtering and stateful inspection described above, next-generation firewalls block modern threats such as advanced malware that can infect your network and application-layer attacks which target the layer of the internet that faces the end user, i.e. the applications that you are used to accessing yourself online.

Common definitions of next-generation firewalls state they should include standard firewall capabilities like stateful inspection, plus integrated intrusion prevention, application awareness and control to see and block risky apps, upgrade paths to deal with future information feeds, and techniques to address evolving security threats. These security capabilities are becoming standard for most companies, but NGFWs are still advancing to deal with new security issues.

Threat-focused NGFW

Building on all the functionality of traditional next-generation firewalls, threat-focussed NGFWs also provide more advanced threat detection and early remedies. Their additional functionality allows you to learn which assets are most at risk with complete context awareness, react to attacks quickly by using intelligent security automation that sets policies and heightens defences in response to threats, and better detect suspicious activity with network and endpoint event correlation (i.e. monitoring of the full picture from beginning to end). Threat-focussed NGFWs can also reduce the time from detection of a threat to clean-up by using retrospective security that continues to monitor for suspicious activity after the initial connection has been approved. There is also a reduction in the administrative burden in that threat-focussed NGFWs provide unified security policies to protect you before, during and after an attack.