Firewall
What is a firewall?
A firewall is a central element of a security program that monitors and controls traffic into and out of a device (like a phone or computer) or a whole network. A firewall is positioned between the secure device or network and an unsecured or untrusted network. All traffic between the two points must pass through the firewall, where it can be evaluated for satisfying predetermined security rules. Traffic that doesn’t meet these rules is stopped at the firewall.
Firewalls can help improve network security, from large corporations to home networks to individual computers or other personal devices. A firewall can take the form of dedicated hardware, such as a single-purpose, stand-alone computer; software that resides on the device being protected; or some combination of the two. The chosen form of the firewall depends on the characteristics of what needs to be protected and the threats the firewall is designed to block. A single device or small home network can find protection in a software package, while a large network may need a more complex arrangement.
What do firewalls protect against?
Requiring all traffic to flow through a firewall creates a chokepoint that allows the single tool—the firewall—the opportunity to identify and intercept unwanted traffic. It can block unauthorized, external users trying to get access to the protected network. The firewall can also recognize and block known bad data by determining where the data is coming from and what it’s meant to do. Some firewalls can even look at the contents of a data file to find malware or other threats.
A firewall also monitors all traffic leaving the protected network and contacting the outside, unsecured network. By applying whitelists or blacklists, a firewall can limit the service the users on the protected network can access. For example, a school network may use a firewall and whitelist to limit students to visiting only a specific set of approved websites. Controlling access to material outside the protected network can be applied universally or tailored to the individual user or device.
A firewall can also prevent data from being taken outside of the protected network. Data theft, alone or as part of a ransomware attack, is a major threat to both individuals and organizations, and thus is a focus of some firewalls. A firewall can detect—and block—when someone is trying to move data from inside a secured network to the outside. Monitoring of data movement includes not only data files being downloaded or attached—it can also mean watching for and blocking data used to track a user’s activity.
How do firewalls work?
Firewalls can vary greatly in what they look like and what they do. Large networks primarily use a network-based hardware setup, consisting of dedicated hardware that fronts the entire protected network. A network-based firewall protects an entire network of multiple users and devices. The advantage of dedicated hardware is the ease to program and maintain. This setup has many programmatic options to choose from based on security needs—proxy, next generation (NGFW), stateful multi-layer (SMLI), and network address translation (NAT) are just a few examples of the types of firewalls available.
Firewalls for small networks and individuals
Small networks and individual devices usually employ a host-based software setup. The software firewall runs on the device (i.e. the host) it’s intended to protect. It’s often incorporated in the operating system (OS) of the device, but may also be a separate software package or app. The firewall software can be bundled with antivirus programming for additional protection. An advantage of host-based firewall software is that there’s no need to maintain extra hardware. However, it does use some of the device’s system resources (like a computer’s CPU and memory).
Another example of a firewall bundled with other protections is Brave Firewall + VPN (powered by Guardian)—the VPN expands protection of the user to include IP address protection and more. Although it’s launched via the Brave browser, it protects all activity on the device (i.e. it covers other apps, too). The actual firewall monitoring takes place on the Guardian VPN servers, so there’s little drag on the device’s resources. When an app sends data out through a Guardian VPN server, the firewall examines it and can block it from continuing to its intended destination. For example, an app can run in the background, collect your real location from your phone, and attempt to send it to a data collector. The firewall on the VPN server will detect this location data and block it from being passed to the data collector.
Small networks, like a home network, may also rely on firewall capabilities incorporated in a router. Router-based firewalls may be a good first step, but it’s usually best to layer on additional protection, like some form of host-based software. A router firewall is a good tool for keeping less secure things like peripherals (e.g. printers) and IoT devices from engaging outside the internal network.
Packet filtering, frequently found in software firewall programming, examines the headers of data packets. When data is transmitted, it’s broken up into smaller segments (packets) that travel separately. Each packet has a header that contains the information necessary to put the full data file back together correctly. If the firewall examines the headers and determines the contents match known threats or do not meet the programmed security criteria, the packet is rejected (not allowed to cross the firewall). Stateless packet filtering is the original type of firewall, and today this is considered a basic protection. Stateful packet filtering looks at data packets as a group, not individually, and can get a truer picture of what’s in the full data file.
What isn’t protected by a firewall?
A firewall mainly protects against malicious traffic, but not necessarily malware or malicious programs. For example, a firewall can keep a user inside the network from accessing an unapproved website, but it can’t control user-website interactions on a successfully accessed website. In order to accomplish this level of protection, the firewall needs to be paired with antivirus protection. Firewalls can block emails from specified sources, but can’t stop malicious email content (like phishing links, attachments, or other social engineering ploys). They can’t protect against legitimate login credentials used by the wrong person—for this, a system should use MFA or login tokens to protect against the threat of stolen passwords. Finally, because a firewall is positioned at the perimeter, it can’t protect a network from threats within the network.
How does a firewall fit into my security program?
A firewall is one tool in your security and privacy toolbox. It’s an important tool, but can’t protect you all by itself. Here are some other steps you should take, in conjunction with using a good software-based firewall, like the Brave Firewall + VPN:
- Keep your operating system up to date, to make sure the firewall built into the OS is as effective as it can be
- Don’t override your firewall when it blocks something or flags something as suspicious
- Use antivirus software and good email filters
- Use a VPN for an added layer of protection for transmitted data