When talking about computer networks, a firewall can be defined as a software or a device configured to filter, encrypt or allocate traffic between different security domains based on predefined rules.
A firewall can prevent internet traffic coming from malicious sources, such as hackers, worms, and certain types of viruses before they cause issues to any device in the network behind it. In addition, a firewall can prevent a computer from being accessed by hackers without the owners’ will. Using a firewall is therefore mandatory if the network or the devices behind it contain crucial data or operations that you want to be permanently connected to the Internet.
Just like a router or a switch, a firewall is a piece of network equipment that aims to secure and protect the network from potential attackers coming from the Internet.
When talking about network security, we can refer to packet filtering with filters such as source/destination IP address, ports, URL filtering, and so on, in order not to allow unauthorized access to the network.
The firewall blocks all incoming external traffic, and it is up to the administrator to configure network access policies.
There is no such thing as a perfect security solution, and just a firewall is not enough to secure the network, but it is a critical component that helps secure external access (from the Internet to the LAN).The firewall uses security zones to secure traffic. Virtually every interface of a firewall is a security area. We can create numerous such areas and include one or more interfaces in them.
These security zones are usually divided into 3 categories:
1. INSIDE – the area that includes the internal LAN network
2. OUTSIDE – the area that includes the external network of the organization, usually the Internet.
3. DMZ – a special area that exposes external facing services to the internet
For example, if we have an INSIDE area with a security level of 100 and an OUTSIDE area without a security level, then ANY traffic from INSIDE will be left, by the firewall, to go to OUTSIDE, on the Internet, but the traffic that comes from OUTSIDE to INSIDE will be stopped, thus requiring special rules, also called dynamic learning or stateful traffic, that needs to be configured on the firewall.
A trusted firewall is a firewall that does heuristic analysis, meaning that it blocks previously unknown threats based on usage patterns. A significant cause of malware or spyware infection is that many software firewalls are believed to be trustworthy from the start by users because of the generic firewall name. The fact that many licensed shareware or freeware firewalls can be downloaded from websites other than those of their producing companies makes it possible for the software to be altered by malicious people to obtain confidential information or hack devices. The website from which we download a firewall must generally be the website of the producing company or a recognized website for the promotion of software, a website where it is quite unlikely that malware or spyware might be introduced in the software.