Definitions: Firewall

Definition

A firewall is a system consisting of hardware, software or  both designed to prevent unauthorized traffic from entering a private network.  The firewall examines  all packets to determine whether they should be allowed through based on  pre-defined policies.

Business applications

Network firewalls have long been considered a necessary  component of a network security strategy. They are most commonly implemented at  the network gateway to prevent unauthorized traffic from the public Internet  from entering the private intranet. However, they can also be implemented  between network segments to enforce varying levels of trust. You might, for  example, choose to filter traffic coming into the sales department’s portion of  the network to ensure that users from other departments are not accessing  sales-related resources.

Deployment Concerns

As the network’s first line of defense, a network firewall  is inarguably important. But an organization’s security efforts should not stop  there. There are many threats that a firewall cannot stop, including distributed denial-of-service  attacks, spam and data leakage. Even though firewall manufacturers are  continually updating their technology to keep up with the barrage of threats, experts strongly  recommend implementing a layered  defense that includes antivirus, intrusion detection and content filtering.

Also, a network firewall is only as good as the policies it  enforces. Best practices advise implementing “default-deny” rules in which the  firewall denies all network connections by default unless a connection is  specifically allowed. However, given the number of endpoints and applications  accessing the network on a daily basis, it is much more practical – and  therefore more common – for organizations to implement “default-allow” rules.  In this case, all network connections are allowed unless explicitly denied or  blocked.

Technical details

Firewalls can filter traffic a number of ways and may incorporate multiple  methods.  In addition to packet filtering  in which the firewall inspects individual packets attempting to enter the  network, a firewall might serve as a proxy, executing requests on behalf of  internal users. This frees users from connecting directly to the Internet.  Bastion hosts, on the other hand, intercept all network connections coming from  the Internet. Some firewalls also use network address translation, which helps  organizations conserve the number of IP addresses they need while protecting  sensitive hosts by changing public-facing IP addresses.