Firewalls come in all shapes and sizes from big bits of hardware costing thousands of dollars to a piece of free software. Put simply, firewalls inspect packets and allow them through or drop them based on a set of rules. Firewalls may be for a specific device (e.g. the built-in Windows firewall), a whole network (such as a hardware firewall at the edge of an enterprise network) or a web application (for example hosted on cloud infrastructure).
Firewalls can have a range of features. Which you need will depend on the network, device or application you are seeking to defend.
Packet filtering – allowing or dropping packets based on basic network and transport layer information such as IP address, protocol (e.g. ICMP, TCP, UDP) or port (e.g. port 80 for HTTP traffic).
Stateful filtering – using the state of a transport layer connection to make judgements. For example only allowing TCP connections which were initiated by a host within the network.
Application layer filtering – using information from application layer protocols (such as HTTP, FTP and DNS) to make filtering judgements.
Network address translation (NAT) – translating IP address as packets transit the firewall.
Intrusion detection and intrusion protection.
Act as a virtual private network (VPN) gateway to allow clients and remote offices secure access to a private network.
OS – firewall functionality incorporated in an operating system, such as the Windows firewall.
Software which is installed separately. Many antivirus vendors also offer firewall functionality with their products.
Web application firewalls (WAFs) can be set up in front of a web application to prevent attacks. These are often offered by hosting and cloud providers. They will typically look for known attacks against certain application types such as cross-site scripting and SQL injection.
Integrated router / firewalls – many companies now sell hardware which will provide both routing and firewall functionality.
Dedicated hardware firewalls are available for large enterprises and service providers. Dedicated hardware can provide complex functionality and support high volumes of traffic and concurrent users.
Over time, firewalls have become more and more advanced and today integrate a wide range of features. Initially firewalls only provided basic packet filtering but today it is possible to buy ‘next generation firewalls’ incorporating all of the functionality outlined above. The most advanced devices will perform deep packet inspection (DPI) and include functionality found in intrusion detection / intrusion prevention systems (IDS/IPS). This may include using signatures to identify malicious traffic patterns and then actively blocking the traffic. This kind of protection may catch threats such as a Denial of Service (DOS) Attack or malware on the network which is trying to ‘call out’ to the internet.