A
firewall is a network security device or software that monitors and controls
incoming and outgoing network traffic based on a defined set of
security rules.
Its main purpose is to act as a barrier between a trusted internal network (like your organization’s LAN) and an
untrusted external network (like the Internet).
What a Firewall Does
Think of a firewall as a security guard at the gate of your network — it inspects every “packet” of data trying to enter or leave and decides whether to allow or block it, based on predefined rules.
How a Firewall Protects a Network
- Traffic Filtering:
- Examines each data packet and checks its source, destination, and content.
- Allows or blocks packets based on rules (e.g., block all traffic from unknown IPs or certain ports).
- Prevents Unauthorized Access:
- Blocks hackers or malware trying to access internal systems from the Internet.
- Ensures only authorized users and applications can communicate.
- Monitors Network Activity:
- Logs traffic for security audits or detecting suspicious behavior.
- Helps identify intrusion attempts or data breaches.
- Protects Against Malware and Attacks:
- Blocks known malicious IPs, domains, or suspicious patterns (like port scans).
- Some firewalls include intrusion detection and prevention systems (IDS/IPS).
- Enforces Security Policies:
- Allows organizations to define which users, devices, or applications can access specific services or resources.
Types of Firewalls
| Type | Description |
|---|---|
| Packet-Filtering Firewall | Examines packets’ headers (IP address, port, protocol) and filters them based on rules. Simple but basic. |
| Stateful Inspection Firewall | Tracks active connections and ensures packets are part of a legitimate session. More secure than simple filtering. |
| Proxy Firewall | Acts as an intermediary between users and the Internet. Hides internal network details and can cache content. |
| Next-Generation Firewall (NGFW) | Combines traditional firewall features with advanced ones like deep packet inspection, intrusion prevention, and app-level control. |
| Software Firewall | Runs on individual computers (e.g., Windows Defender Firewall). Protects single systems. |
| Hardware Firewall | A physical device placed between the internal and external network (used in routers or network gateways). |
Example of Firewall Rules
| Rule | Action |
|---|---|
| Allow inbound HTTPS (port 443) | Allow |
| Block inbound FTP (port 21) | Block |
| Allow internal IP range 192.168.0.0/16 | Allow |
| Block traffic from suspicious IPs | Block |
In Short
A firewall protects a network by:
- Filtering malicious or unwanted traffic
- Preventing unauthorized access
- Monitoring and logging data flow
- Enforcing security rules and policies
