A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and, based on a defined set of security rules, accepts, rejects or drops that specific traffic.
A firewall establishes a barrier between secured internal networks and outside untrusted networks, such as the Internet.
Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to a specific IP address.
However, ACLs cannot determine the nature of the packet it blocks. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.
Connectivity to the Internet is no longer optional for organizations. However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization. This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.
Firewall Generations
First Generation- Packet Filtering Firewall
A packet filtering firewall is used to control network access by monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses the first three layers).
Second Generation- Stateful Inspection Firewall
Stateful firewalls (perform Stateful Packet Inspection) are able to determine the connection state of the packet, unlike Packet filtering firewalls, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So, the filtering decisions would not only be based on defined rules but also on the packet’s history in the state table.
Third Generation- Application Layer Firewall
The application layer firewall can inspect and filter the packets on any OSI layer, including the application layer. It has the ability to block specific content and recognize when certain applications and protocols (like HTTP and FTP) are being misused.
Next-Generation Firewalls (NGFW)
Next-generation firewalls are being deployed these days to stop modern security breaches like advanced malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats.
Types of Firewalls
Host- based Firewalls
A host-based firewall is installed on each network node, which controls each incoming and outgoing packet. It is a software application or suite of applications that comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.
Network-based Firewalls
Network firewall function on a network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the Firewall. A Network firewall might have two or more network interface cards (NICs).
Difference Between Traditional and NGFW Firewalls
Traditional Firewall
A traditional firewall is a network security device which typically provides stateful inspection of network traffic that enters or exits points inside the network based on state, port, and protocol. So, in simple, traditional firewalls mainly control the flow of control. It has Virtual Private Network (VPN) capabilities. But nowadays days, traditional firewalls are not so effective in offering al
l required protection to deal with the advanced and various types of cyber threats that are happening today.
Next-Generation Firewall
A Next Generation firewall is a network security device which not only typically provides stateful inspection of network traffic that enters or exits points inside the network based on state, port, and protocol but also includes far more additional features than a traditional firewall. In short, the Next Generation Firewall is only termed NGFW.
Features
The additional features which are included in the Next Generation Firewall are as follows –
· Application awareness and control
· Integrated intrusion prevention
· Deep Packet Inspection (DPI)
· Cloud-delivered threat intelligence
· Secure Sockets Layer (SSL) Inspection and Secure Shell (SSH) Control
· Sandbox Integration
· No impact of a list of protections enabled on performance
· Advanced Threat Protection
· Web Filtering
· Antivirus, Antispam, Antimalware
Top 10 Firewall Vendors in the Market
1. Palalto Network
2. Checkpoint Firewall Technology
3. Fortinet
4. Cisco FTD
5. Juniper
6. Huwaei
7. Sophos
8. Force point
9. Barracuda
10. Watch guard