Set out to find the right firewall, but you don’t know where to start? There are thousands of options in the market and you might feel discouraged. But believe me is not so complicated.
In fact, if you are reading this post on your computer or mobile, then you are probably using some kind of firewall. If you are connected to the Internet then the ISP (Internet Service Provider), Wi-Fi router or Windows Firewall PC, might be filtering your connection.
"But you want to add an extra layer of protection to keep your sensitive data away from nasty cyber thieves"
Then you are in the right place. This tutorial will define the basics of firewalls and help define your requirements so that you can choose the right firewall for your network.
What Is A Firewall And How It Works
The original meaning of the word “Firewall” refers to a wall used to protect sensitive areas of a building in case of a spreading fire. Consequently a firewall in the IT world is a virtual wall that keeps your internal network protected from any malicious activity coming from the Internet or other sources.
In other words, a firewall keeps the network secured by controlling outbound and inbound network traffic. To do this an administrator has to define the rules that dictate how traffic is handled by the firewall. The firewall allows all packets that obey the rules and discards packets that contradict them.
One of the core benefits of a firewall is the ability to filter traffic in order to protect the network. With a firewall in the right place, you can specifically control what the network users are able to send and receive from the Internet
Types of firewall: Hardware or Software?
All firewalls work under some sort of firewall software and all firewall software needs to be hosted in hardware. But the terms hardware/software mentioned in the title are used for different purposes, mainly to distinguish between products.
A hardware-based firewall (or appliance) requires a bit more adjustment. It needs to be plugged into the network, configured with basic information and rules must be clearly defined. An example of an appliance can be either a Cisco ASA 5500-X or FortiNet FortiGate. Appliances vary in size and can be used for any type of network. Software-based firewalls (or host-based) on the other hand are intended for different purposes.
Firewalls such as Norton Security Premium are usually designed for individual users or small networks. For that reason host-based firewalls are cheaper and even free (for example Windows Firewall automatically comes with MS Windows). These types of firewalls are easier to implement as usually come with pre-defined rules and just need basic adjustment.
Either an appliance or a host-based firewall, it has the same objective in mind: Inspect traffic and avoid threats into the network. It is easy to make the following assumption: “Firewalls equal security”.
We believe that installing a firewall will save our battle against hackers and get rid of all malware.
But choosing a wrong firewall or performing a bad implementation can create unexpected problems, such as traffic bottlenecks, low network usability or may even expose critical data to the Internet. To avoid this, it is essential to specify the requirements before acquiring your new firewall.
Going deeper: Underlying Inspection Technology
No matter if a firewall is a piece of hardware or software; they work under different underlying traffic inspection technologies.
Below is a list with the basic types:
- Packet filtering: These are the simplest kind of firewalls out there. Their capabilities are limited to evaluating each packet header using simple defined rules. These firewalls do not maintain any history about traffic flows which make them the fastest. But their simple flexibility makes them also the most vulnerable. Not to go so far, the simplest kind of firewall can be either embedded on a router or an Ethernet switch. If you own a router, you already have a “packet filtering” firewall.
- Stateful inspection: A stateful firewall keeps track of all network connection states (for example TCP flows). These firewalls perform Stateful Packet Inspection (SPI) to prevent unrequested packets from entering a network. Their deeper inspection of packets makes them slower at high traffic loads but also makes them more secure. They can easily identify unauthorized and forged communications.
- Application-proxy: This type of firewalls has the most complex and intelligent functionality. Firewalls implementing this technology can act as intermediaries. They terminate the connection between client and server, get rid of the current IP header and create a new one. This firewall can work on any layer of the OSI model and can control network traffic in relation to an application. An application layer firewall can perform content filtering instead of just IP filtering in order to prevent attacks from websites.
Related Article: Best wireless routers 2018 Review Guide
Security Tech: What Are Vendors Doing To Keep Up To Date
Is a firewall the only option to protect a network? NO, firewalls are not the only players in the security field.
Today we are starting to see more advanced security capabilities built into a single box. Intrusion Detection and Prevention Systems (IDS/IPS), Honeypots, Antiviruses/Antispyware can perform very specific tasks.
But as everything they also have weaknesses, for example an Intrusion Detection System (IDS) might be the best option against hackers, but is usually costly and complex to implement. Antivirus appliances are great to protect from worms and Trojans but they might know nothing about a Denial-of-Service attack.
On the other hand, a firewall with basic functionality, right resources and the right configuration can work miracles. It can stop a Denial-of-Service DoS attack, deny unauthorized users from accessing the network, prevent a data leakage and even help against viruses. To keep up with competition most firewall vendors are adding simple features that are not related to firewall activities, but can be really impact security. The following is a list with 4 of the most common ones:
- Network Address Translation (NAT): The process of mapping an IP address with another one is known as NAT. The NAT process by itself is not designed to provide security but to prevent a shortage of IP addresses. However a NAT process can be a simple but efficient firewall because it can deny any inbound connections that do not correspond to the outbound connection. A firewall armed with NAT capabilities can use SPI and check if the inbound packets agree with the current connection. Almost all firewalls come with a certain NAT addressing scheme, One-to-one, One-to-Many, Many-To-One or Many-To-Many.
- Virtual Private Network (VPN) support: To allow remote network connection and ensure privacy from the Internet, some firewalls include VPN in its architecture. Firewalls that handle VPN capabilities such as authorization and support for encrypted traffic are sometimes used as VPN endpoints.
- Protection from DoS/DDoS attacks: In a DDoS (Distributed Denial-of-Service) attack, a hacker can target a victim with an army of robots or (unprotected computers on the web) and send large amounts of traffic to the Internet-facing server in order to exhaust the resources and bring the network down. A firewall can be armed with tools to identify suspicious traffic and stop this kind of attack.
- Real-time monitoring and alerts: Some firewalls don’t only have to ability to stop an attack they can also alert administrators when the attack is occurring. If the firewall is not able to fully mitigate the attack, an administrator can proceed with other alternative counterattack methods. With logs in hand, an administrator can also perform forensics to know the source of the attack and prevent similar ones.
Tips and tricks for defining your requirement
Outside the technologies and features available in the market, it is important to know the current network state and define exactly what you need. Below are three questions that can help you be more confident when choosing the right firewall. Answering these questions can help you know your requirements and find the right balance between cost and benefits.
- What is the firewall going to protect? This will help you define the inspection technology that your firewall requires. If you are an individual user, a host-based firewall can provide the best Application-proxy firewall to protect yourself from risky online content. But if you are a large business trying to control inbound TCP/UDP traffic, then a firewall with SPI capabilities might be the right choice.
- How many users will the firewall serve? The number of users that will be using the firewall needs to be evaluated beforehand. It is important to consider that the higher number of users, the higher RAM and processing power needed by the firewall. If your users are few, then a light firewall might be enough rather than a well-supplied firewall that is too expensive and difficult to manage.
- Where are you going to locate the firewall? Firewalls are location dependant. They will do the task you assign depending on their location on your network topology. If the firewall is intended to protect traffic coming and going to/from the Internet, the best location is in the network boundary. However if the firewall is designed to protect a sensitive area inside the network, then the firewall must be positioned in the internal network
Which firewall should I Choose?
So what are the most recognized brands of firewalls in the market? There are products aimed for enterprises and others aimed for Small Office Home Offices (SOHO). These products can take the shape of an appliance or a host-based firewall.
If you have a large number of users or your bandwidth is really high, then an enterprise firewall might be the right choice. Enterprise solutions can cover a large amount of users but at a much higher cost. For small networks, less than 50 users and limited amounts of memory requirements, a SOHO firewall might be enough.
There is a large diversity of firewall producers out there. NGFW (Next Generation Firewalls) and UTM (Unified Threat Management) devices are considered the new firewalls and can integrate many security services into one platform. The list below mentions some popular Firewalls, NGFW or UTMs found in the market.
- Cisco ASA 5500: A superior security appliance to protect from different cyber attacks.
- Juniper SRX Series: A Next Generation Anti-threat Firewall. Either virtual or appliance firewall.
- Norton Security Premium : An application that can protect up to 10 different devices and can be installed in Windows, Mac and Android.
- Kaspersky Total Security: An application that can protect a small network and can be installed in Windows, Mac and Android.
- Bitdefender Total Security 2017: Full security application suite for defending different Operative Systems, such as Windows, MacOs and Android.
- CheckPoint NG: An appliance that delivers extensive security at a fair price.
Note: None of the above link is paid/affiliate
You have understood the basic functionality of the firewall; now you know the differences between hardware or software firewalls and enterprise or SOHO. Armed with your requirements you can begin to give shape and define the firewall that will meet your needs.
This firewall tutorial is just the tip of the iceberg. Don’t be afraid to ask questions to the vendors and continue educating yourself on the subject. If you liked the tutorial please share it and let us know your comments and suggestions.