Introduction to Firewall
A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.
Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.
Connectivity to the Internet is no longer optional for organizations. However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization. This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.
Generation of Firewall
First Generation- Packet Filtering Firewall: Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).
Second Generation- Stateful Inspection Firewall: Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table
Third Generation- Application Layer Firewall: Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.
Next Generation Firewalls (NGFW): Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats.
Types of Firewalls
Host- based Firewalls: Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.
Network-based Firewalls: Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs).
Difference Between Traditional and NGFW Firewall
A traditional firewall is network security device which typically provides stateful inspection of network traffic that entering or exiting point inside network based on state, port, and protocol. So in simple traditional firewall mainly controls flow of control. It has Virtual Private Network (VPN) capabilities. But now days traditional firewalls are not so effective to offer al
l required protection to deal with so advanced and various types of cyber threats those are happening today.
Next Generation Firewall:
A Next Generation firewall is network security device which not only typically provides stateful inspection of network traffic that entering or exiting point inside network based on state, port, and protocol but also includes far more additional features than traditional firewall. In short Next Generation Firewall termed as only NGFW.
The additional features which are included in Next Generation Firewall are as follows –
· Application awareness and control
· Integrated intrusion prevention
· Deep Packet Inspection (DPI)
· Cloud-delivered threat intelligence
· Sandbox Integration
· No impact of list of protection enabled on performance
· Advanced Threat Protection
· Web Filtering
· Antivirus, Antispam, Antimalware
Top 10 Firewall Vendors in Market
1. Palalto Network
2. Checkpoint Firewall Technology
4. Cisco FTD
8. Force point
10. Watch guard