Everyone at some point or another has heard the term “Firewall”. Unless they have never touched a computer that ran Windows or MacOS, everyone probably has run into a situation where the computer’s firewall has asked permission when a program or a file is being opened.
The term itself “Firewall” originated from describing the materials put into building walls to slow the speed that a fire spreads, there are even doors that have been designed to withstand fire as part of fire safety measures. In modern usage, the term “Firewall” often refers to computer hardware or software that prevents unauthorized access to private data by outside computer users (Merriam-Webster).
Firewalls have been an integral part of information security for decades. In the 2018 State of Firewall report by Firemon1, it was reported that 94% of security practitioners would rate that the importance (from a security perspective) of firewalls as Critical. However, that does not mean they are without issues. The report also outlines that Firewall management continues to represent a major challenge for many organizations due to the complexity of Firewall rules, policy compliance, optimizing firewall rules, managing multiple vendors, gaps in enforcement and device performance.
Firewalls is the first of five main sections that we will cover as part of our Introduction to Cyber Essentials series. Other sections include Secure Configuration, Access Controls, Anti-Malware and Patching.
What is a Firewall?
A firewall is a system designed to prevent unauthorized access to private network or device by filtering network traffic; it blocks and permits traffic based on how it is configured.
The importance of a Firewall
Firewalls are the first line of defence in protecting against unauthorized access. They are important for blocking unwanted content, helping prevent malicious files such as worms, viruses and malware and creating a secure network which protects every device within that network environment.
While they cannot detect viruses and malware, they can prevent infected traffic gaining access in the first place. However, it is still important to have an up-to-date antivirus and anti-malware installed to prevent threats and malware attacks.
There are two types of Firewalls
A Hardware Firewall is a device that typically sits between your devices and the internet that filters out network traffic. An example would be the internet router that you are running. Most modern-day routers will have a built-in firewall which filters traffic. The router would be considered a hardware Firewall, although they lack a lot of configuration options that a dedicated firewall server would. There are dedicated Firewall devices that you can connect in order to protect your network, but the most common one that everyone has access to would be the internet router.
The benefit is that it is a completely separate device which means that you only have to configure it once and not on every individual device connected to the network. It also means that the processes will not tax the server’s resources. If set up properly, your organization can disable software/application firewalls and solely rely on the hardware firewall, however it requires proper configuration and maintenance, hence it may not be feasible or practical for an organization with few devices connected to the network or one without a proper IT department2.
The software or Application Firewall is installed on individual devices and can block incoming and outgoing traffic at the application level. It differs from the hardware firewall in that it is a process running on your devices, which means it takes processing power to run. It also require installation, updating and maintenance on every device running it, which also means that you will be required to buy multiple copies and install and configure them individually. However, it is much easier to configure than a hardware firewall and is often sold as part of an anti-virus/anti-malware software package which means it is often a lot cheaper and more accessible than getting a dedicated hardware firewall3.
The big benefit that software firewalls tend to have over hardware firewalls is that it is positioned on the device, meaning it has a lot more information when filtering traffic. It ‘knows’ not just which ports being used and where traffic is ‘going’ but will also have information on which programs are trying to access the internet and can better determine if it is legitimate or malicious (provided that the users has kept the software updated).
You can employ both hardware and software Firewalls, if configured properly there will be no compatibility problems between the two and will provide an extra layer of protection to your network and your devices.
The NCSC’s (National Cyber Security Centre) guidance on Firewalls can be found as part of their cyber security scheme “10 steps”. In this scheme they state that firewalls should be deployed, and as a rule, should be set up to deny traffic by default, meaning that it will block everything as a standard. Organisations should then create a list of rules that allows traffic (ports, applications and protocols) that your organisations has determined necessary to conduct business, this is also known as Whitelisting. This protocol blocks all unnecessary traffic which reduces the exposure of your network to the internet which in turns reduces the risk of network-based attacks4.
For more information about NCSC read our blog ‘Introduction to the National Cyber Security Centre’ by Matt Quinn.