What does a host based firewall protect against that a network based one doesn t?

A firewall is defined as a cybersecurity tool that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of cybersecurity rules. This article gives you a comprehensive understanding of a firewall, its benefits, and best practices for using firewall protection in 2021.

Table of Contents

• • What Is a Firewall?
  • Key Components of a Firewall
  • Types of Firewalls
  • Key Benefits of Firewalls
  • Top 7 Best Practices for Using a Firewall Protection In 2021

What Is a Firewall?

A firewall is defined as a cybersecurity tool that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of cybersecurity rules.

Firewalls are generally deployed to isolate network nodes from egress and ingress data traffic or even specific applications. Firewalls operate by using software, hardware, or cloud-based methods for safeguarding the network against any external attack. The primary objective of a firewall is to block malicious traffic and data packets while allowing legitimate traffic to pass through.

Firewalls scrutinize inbound traffic based on predefined security rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Traffic is guarded at a computer’s entry point called ports, where information is actually exchanged with external devices. Consider an example where source address ‘198.21.1.1’ is allowed to reach destination ‘198.21.2.1’ over port 22. Here, port 22 is looked at as a point of data exchange, and therefore firewall safeguards it against intruder attacks.

Firewall Architecture

The firewall operation can be comprehended by considering a simple analogy, where ‘IP addresses’ are treated as ‘houses’, and ‘port numbers’ as ‘rooms’ within the house. In such a scenario, only trusted people (source addresses) are allowed to get into the house (destination address) at all times. The movement of these people within the house is further filtered or restricted as disclosed below:

a) The people entering the house are only given access to certain rooms (destination ports), depending on whether they’re the owner or a guest. 

b) The owner is allowed to venture into any room (any port), while guests are allowed into a particular set of rooms (specific ports). 

Here, the rules for the kind of activity allowed for an entire bunch of people are pre-defined as and when the firewall is configured on a system or a network. Hence, technically the entire firewall functionality relies on the monitoring job and allows or blocks the packets based on a set of security protocols.

Key Components of a Firewall

Firewall architecture is built upon four primary components — network policy, advanced authentication, packet filtering, and application gateways. Let us look at each component in detail.

1. Network policy

The design, installation, and use of a firewall in a network are largely influenced by two levels of network policy — the higher-level policy and the lower-level policy.

(a) The higher-level policy is an issue-specific network access policy that defines services that are allowed or explicitly denied from the restricted network, how they would be used, and the conditions for exceptions to this policy. 

(b) The lower-level policy discloses how the firewall will handle access restriction and service filtration defined in the higher-level policy. 

These policies are briefly explained below.

• • Service access policy

The service access policy focuses on internet-specific usage issues and all outside network accesses (i.e., dial-in policy, SLIP, and PPP connections). For a firewall to be successful, the service access policy must be realistic and sound and should be drafted before implementing a firewall. A realistic policy is one that provides a balance between protecting the network from known risks while still providing users access to network resources. 

A firewall can implement several service access policies. However, a typical policy may be to allow no access to a site from the internet but allow access from the site to the internet. Another typical policy would be to allow access from the internet, but perhaps only to selected systems such as information servers and email servers. Firewalls often implement service access policies that allow some user access from the internet to selected internal hosts. However, this access would be granted only if necessary and only if it could be combined with advanced authentication.

• • Firewall design policy

The firewall design policy is specific to the firewall and defines the rules used to implement the service access policy. One cannot design this policy in a vacuum isolated from understanding firewall capabilities and limitations and threats and vulnerabilities associated with TCP/IP. Firewalls generally implement one of two basic design policies — permit any service unless it is expressly denied and deny any service unless it is explicitly permitted.

A firewall that implements the first policy allows all services to pass into the site by default, except services that the service access policy has identified as disallowed. The second policy follows the classic access model used in all areas of information security, where the second policy denies all services by default but then passes those services that have been identified as allowed.

2. Advanced authentication

Advanced authentication measures such as smartcards, authentication tokens, biometrics, and software-based mechanisms are designed to tackle weak traditional passwords. While the authentication techniques vary, they are similar in that the passwords generated by advanced authentication devices cannot be reused by an attacker who has monitored a connection. Given the problems posed by passwords on the internet, an internet-accessible firewall that does not use or does not contain the hooks to use advanced authentication may be regarded as irrelevant in the current setting.

Some of the more popular advanced authentication devices in use today are called one-time password systems. A smartcard or authentication token, for example, generates a response that the host system can use in place of a traditional password. Because the token or card works in conjunction with software or hardware on the host, the generated response is unique for every login. The result is a one-time password that, if monitored, cannot be reused by an intruder to gain access to an account.

3. Packet filtering

IP packet filtering is accomplished using a packet filtering router that filters packets as they pass between the router’s interfaces. A packet-filtering router usually can filter IP packets based on source IP address, destination IP address, TCP/UDP source port, or destination port.

Not all packet filtering routers currently filter the source TCP/UDP port. However, more vendors are starting to incorporate this capability. Some routers examine which of the router’s network interfaces a packet arrived at and then use this as an additional filtering criterion. 

4. Application gateways

To counter the weaknesses associated with packet filtering routers, firewalls need to use software applications to forward and filter connections for services such as TELNET and FTP. Such an application is referred to as a proxy service, while the host running the proxy service is referred to as an application gateway.

Types of Firewalls

Firewalls can be divided into two types: host-based and network-based firewalls

Firewall Types

1. Host-based Firewalls

A host-based firewall is installed on each network node, which controls each incoming and outgoing packet. It is a software application or suite of applications that come as a part of the operating system. Host firewall protects each host from attacks and unauthorized access.

2. Network-based Firewalls

Network firewall functions on the network level by employing two or more network interface cards (NICs). In other words, these firewalls filter all incoming and outgoing traffic across the network by using firewall rules. A network-based firewall is typically a dedicated system with proprietary software installed.

Firewall categories have evolved over the years. In addition to the above broad classifications, here are the five distinct types of firewalls that continue to play a significant role in network security.

A) Packet filtering firewall

Packet filtering firewalls operate in line at junction points where devices such as routers and switches do their work. These firewalls don’t route packets but compare each packet to a set of established criteria — such as the allowed IP addresses, packet type, port number, and other aspects of the packet protocol headers. Packets that are flagged as troublesome are dropped.

B) Circuit-level gateway

Circuit-level gateways monitor TCP handshakes and other network protocol session initiation messages across the network as they are established between the local and remote hosts to determine whether the session being initiated is legitimate, whether the remote system is considered trusted. They don’t inspect the packets themselves. However, they provide a quick way to identify malicious content.

C) Stateful inspection firewall

State-aware devices examine each packet and keep track of whether that packet is part of an established TCP or other network sessions. Such provision offers more security than packet filtering or circuit monitoring alone but takes a greater toll on network performance.

Another variant of stateful inspection is the multilayer inspection firewall, which considers the flow of transactions in process across multiple protocol layers of the seven-layer open systems interconnection (OSI) model.

D) Application-level gateway

Application-level gateway, also known as a proxy or a proxy firewall, combines some of the attributes of packet filtering firewalls with those of circuit-level gateways. They filter packets according to the service they are intended for (specified by the destination port) and certain other characteristics, such as the HTTP request string.

E) Next-generation firewall (NGFW)

NGFW combines packet inspection with stateful inspection, including a variety of deep packet inspection, along with other network security systems, such as intrusion detection/prevention, malware filtering, and antivirus.

Packet inspection in conventional firewalls generally looks at the protocol header of the packet. However, deep packet inspection looks at the actual data transported by the packet. A deep packet inspection firewall tracks the progress of a web browsing session. It is capable of noticing whether a packet payload, when assembled with other packets in an HTTP server reply, constitutes a legitimate HTML formatted response.

Key Benefits of Firewalls

Understanding the benefits of firewall security is the first step in helping businesses grow safely in the ever-changing digital age. Firewalls serve as a first line of defense to external threats, malware, and hackers trying to gain access to data and systems. Following are some of the key benefits of deploying a firewall in a network:

1. Block spyware

In today’s data-driven world, stopping spyware from gaining access and getting into a system is of paramount importance. As systems become more sophisticated and robust, criminals trying to gain access to the systems also increase. One of the most common ways unwanted people gain access is by employing spyware and malware. These are software programs designed to infiltrate systems, control computers, and steal sensitive or critical data. Firewalls serve as an important blockade against such malicious programs.

2. Direct virus attacks

A virus attack can shut down any enterprise’s digital operations faster and harder than expected. As the number of threats continues to evolve and grow in complexity, it is vital that the defenses are put in place to keep the systems healthy and up-and-running all the while. One of the most visible benefits of firewalls is controlling the system’s entry points and stopping virus attacks. The cost of damage from a virus attack on any system could be immeasurably high, depending on the type of virus.

3. Maintain privacy

Another benefit of employing a firewall is the promotion of privacy. By proactively working to keep your data and your customer’s data safe, you build an environment of privacy that your clients can trust. No one likes their data stolen, especially when it is known that steps could have been taken to prevent the intrusion. 

4. Network traffic monitoring 

All of the benefits of firewall security start with the ability to monitor network traffic. Data coming in and out of your systems creates opportunities for threats to compromise your operations. By monitoring and analyzing network traffic, firewalls leverage pre-established rules and filters to keep the systems protected. With a well-trained IT team, an enterprise can manage customized protection levels based on what is seen as coming in and out through the firewall.

5. Prevent hacking

The trend followed by most businesses today is that of digital operations, which is inviting more thieves and bad actors into the picture. With the rise of data theft and criminals holding systems hostage, firewalls have become even more important, as they prevent hackers from gaining unauthorized access to data, emails, systems, and more. A firewall can stop a hacker completely or deter them from choosing an easier target. 

Key Applications of Firewall

A firewall’s job is to prevent unauthorized connections and malicious software from entering your network. The infiltration of unwanted traffic into a network can occur via software, hardware, or software-based cloud means. Hence, it is important for the firewall to mark its footprints on all possible network fronts exposed to external attacks. Broadly, firewall applications are divided into the following types:

1. Software-based applications

Software-based applications involve securing data by using any type of firewall installed on a local device rather than a separate piece of hardware (or a cloud server). The benefit of such a software-based firewall is that it’s highly useful for creating defense in depth by isolating individual network endpoints from one another.

However, maintaining individual software firewalls on different devices can be difficult and time-consuming. Furthermore, not every device on a network may be compatible with a single software firewall, which may mean having to use several different software firewalls from different vendors to cover every node or device.

2. Hardware-based applications

Hardware firewalls use a physical appliance that acts as a traffic router to intercept data packets and traffic requests before they’re connected to the network’s servers. Physical appliance-based firewalls like this excel at perimeter security by making sure malicious traffic from outside the network is intercepted before the company’s network endpoints are exposed to risk.

The major weakness of a hardware-based firewall, however, is that it is often easy for insider attacks to bypass them. Also, the actual capabilities of a hardware firewall may vary depending on the vendor manufacturing it; some may have a more limited capacity to handle simultaneous connections than others.

3. Cloud-based applications

Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall or firewall-as-a-service (FaaS). Cloud firewalls are analogous to proxy firewalls, where a cloud server is often used in a proxy firewall setup.

The advantage of having cloud-based firewalls is that they are very easy to scale with any organization. As the needs grow, one can add additional capacity to the cloud server to filter larger traffic loads. Cloud firewalls provide perimeter security to network architecture.

Top 7 Best Practices for Using a Firewall Protection in 2021

A firewall is the most crucial security tool for any network. Network firewall configuration can be a challenging task for administrators as they have to create a perfect balance between security and speed of performance for the users. It is important to protect the network from any prospective security threats in the future, protect from malware that could exfiltrate sensitive data from your network to other locations, and also handle existing threats appropriately.

Here are the best seven firewall practices to adopt to secure any network from an existing or potential threat:

1. Automation of firewall updates

With advancements in technology, many processes have become faster and easier. It may not always be possible for firewall administrators to constantly check for updates and perform software updates regularly, which may leave the network at risk of security breaches.

To avoid any lapse in updating the firewall, one can automate the process instead. An automated system can be scheduled to check for available updates and implement the updates as and when they are available. Such automation considerably reduces the need for human intervention and keeps the firewall secure and robust at all times.

2. Centralized management tool for multi-vendor firewalls

Multi-vendor firewalls are operational in many organizations. Companies prefer firewalls manufactured by different companies installed in the systems to offer additional layers of security. But, here, the architecture of firewalls offered by different vendors is usually different.

Therefore, it is important to manage all your firewalls centrally in one place to ensure they are all functioning properly. Using a centralized tool for managing multi-vendor firewalls can give a unified view of firewall policies and rules of various manufacturers, thereby also enabling the organizations to compare and manage firewall rules easily. The organization can also perform security auditing and reporting, troubleshoot configuration issues, and support firewall migration through this centralized management tool.

3. Design and optimize network-specific firewall rules 

The firewall rules must be well designed and optimized to provide the expected security protection. Cleaning up the firewall rule base on any kind of unnecessary clutter can have a positive impact on network security.

The firewall rule base generally has certain redundant elements, duplicates, or unnecessary rules that make the guidelines complex and ineffective. Therefore it is important to streamline these rules to have a clear set of guidelines that can be followed better.

To clean-up firewall rule base, one can:

a) Discard unessential shadowed rules, which can cause more critical rules to be neglected.
b) Eliminate conflicting rules.
c) Eliminate redundant or duplicate rules that slow down the firewall performance.
d) Errors or inaccuracies in the firewall rules must be addressed as they can lead to malfunctions.
e) Remove the rules that are obsolete or no longer in use, which can make the firewall management more complex, or a possible security threat if not updated.

4. Establish a firewall configuration change plan

The network’s firewall will need to be updated from time to time for various reasons. This is necessary to ensure that the firewall complies with new firewall rules and stays updated, capable of protecting against new threats. However, it is important to have a change management plan in place to be seamless and secure. An unplanned configuration change leaves a loophole in the network’s security that can be exploited by the attackers.

A resilient firewall change management plan must include the following features:

• • Define the objectives of the required changes.
  • Enlist the risks involved due to the policy changes, their impacts on the network.
  • Mitigation plan to minimize the enlisted risks.
  • Audit trails highlighting who made the change, when, and why.

5. Monitor user access and block traffic 

Blocking all traffic to the network by default is highly recommended. Allow only some specific traffic to certain known services. This can help in controlling who can access the network and thereby preventing any security breaches from occurring.

The firewall being your first layer of protection against threats, must not allow access to anyone and everyone to alter the configuration. User permission control is necessary to ensure that only authorized administrators have access to change firewall configurations. Further, every time an authorized administrator does change any configuration, it must be recorded in the log for audits and compliance. Any unwarranted configuration changes can thus be detected, and configuration restore may be implemented in such a case.

Besides, firewall logs must be monitored regularly to detect any unauthorized break-ins to the firewall, from inside or outside the network.

6. Periodic firewall security audits

Security audits are necessary to ensure that the firewall rules are compliant with the organizational norms and adhere to the network’s external security regulations. Firewall configuration changes that are unauthorized can cause non-compliance. Hence, it is important for administrators and IT security staff to carry out regular security audits to ensure no unauthorized changes have taken place. This will also keep you updated on the necessary changes made to the firewall and warn you against any potential risks created by these changes. 

Security audits are critical and essential when a new firewall is installed within a network, on-going firewall migration activity, or bulk configuration changes made on multi-vendor firewalls.

7. Regular firewall software update

Software updates are released regularly by firewall vendors. These updates address any new potential security threats by introducing minor patches to the existing software. It is important to keep updating the firewall software as it ensures that the network is kept secure and that it is not vulnerable to potential security threats. Hence, one must check if the firewall software is updated to the latest version from time to time.

In conclusion

A firewall acts as a cybersecurity tool that protects systems when operating over the internet. With a lot of malicious content floating over the web and the exponential rise in cyber threats and cybercriminals, it is very important to keep the systems secure. Hence, choosing the right kind of firewall that meets the organizational requirements plays a crucial role in protecting the systems effectively. 

How important is firewall security for your organization? Comment below or let us know on LinkedIn, Twitter, or Facebook. We’d love to hear from you!

MORE ON FIREWALL

• Top 10 Firewall Security Software in 2021
• Top 10 Firewall Hardware Devices in 2021
• Top 10 Firewall Software for Desktops in 2021
• Top 10 Linux Firewall Solutions in 2021

Which of these host

What does applying software patches protect against?

Does full

Which host