On Firewalls and Their Role in Enterprise Security

Firewalls are integral to enterprise security; over the years, firewalls have evolved greatly to ensure better functionality and to provide comprehensive security to users/enterprises.

What is a firewall?

A firewall is a network security system that monitors and controls/filters network traffic (both incoming and outgoing) based on certain rules (predetermined rules) which define what traffic is permissible and what is not. Thus, a firewall secures a network by creating a barrier between a trusted internal network and an untrusted external network (for example, the internet).

Today we have all kinds of different advanced firewall software that monitor and control the traffic coming from outside in different ways and also protect internal segments of a network from other segments of the same network.

The different types of firewall

There are different types of firewall software, which perform different kinds of functions…

Proxy-based firewalls-

Proxy-based firewalls, which act as a gateway between end users requesting data and the source of the data, work by connecting host devices to the proxy and thus establishing a separate connection. The proxy filters packets before they are passed on to a destination address. Thus, this helps enforce rules and at the same time protects systems/networks as well. The most notable advantage of the proxy-based firewall is that it gives out only limited information about the network.

Stateful firewalls-

Stateful firewalls, which are faster than proxy-based firewalls, maintain knowledge of specific conversations and at the same time can inspect every single packet as well. However, stateful firewalls can forego inspecting incoming packets that are identified as legitimate responses to outgoing connections, which are already identified. The firewall, by establishing that a connection is legitimate and then by preserving the same in its memory, can allow traffic that’s part of the connection to pass.

Web application firewalls-

Designed to give protection from some HTML attacks (cross-site scripting, SQL injection etc) that come from some applications, web application firewalls serve as a barrier or layer of protection between the internet and the servers that support web applications. Web application firewalls can be cloud-based or hardware ones; they can even be integrated into the applications themselves.

Next-generation firewalls-

By incorporating rules regarding what can be allowed for individual users or applications and by blending data that other advanced technologies help collect, the next generation firewalls work in a very advanced manner and make precise and better-informed decisions about traffic monitoring and allowing/restraining of packets.

Technologies that add strength to firewall protection

Sandboxing- Helps isolate communications/attachments containing malicious codes and make communication more secure.
IPS (Intrusion Prevention Systems)- Uses more granular security (like signature tracing) to protect networks.
DPI (Deep Packet Inspection)- Does more than mere packet filtering, gathers more information, for example regarding applications etc and helps filter and control packets more effectively.

SSL/TLS termination-

Though traffic that’s encrypted using SSL/TLS technology is not subjected to deep-packet inspection, some next generation firewalls, on detecting suspicious behavior, can terminate SSL traffic and even create a new SSL connection to the address to which the packets are to be sent.