How Does a Firewall Work?

Posted on Dec 6, 2018 by Sean Doyle
firewall

A firewall is software or hardware that uses predetermined rules to monitor incoming and outgoing network traffic. A firewall acts like a barrier of security between networks, such as an internal network and the internet. When your computer is protected by a firewall it will allow certain data to come through and block other data, such as malware, from gaining access to your computer through the internet.

Firewalls use various methods to monitor and control traffic:

  • Packet filtering (Static filtering) – Packet filtering is a method that works by checking a packet’s source and destination address. A packet is dropped if it does not comply with the firewall’s rules.
  • Stateful inspection (Dynamic packet filtering) – Stateful inspection is a newer method that keeps track of open connections and compares information in a packet header to determine if the packet is part of an established connection.
  • Proxy servers (Proxy service) – Proxy services make tampering with an internal system from an external network difficult by functioning as a proxy that masks a network address.

Firewalls can protect a personal computer or network from different types of cyber threats including remote access software, backdoors, bugs, and malware. They can also be used to control a network to block users from visiting specific websites.
 

Hardware firewalls

Hardware firewalls are separate devices from the computers they protect that filter information as it passes from the internet. Hardware firewalls are very secure and do not use up system resources on personal computers the same way that software firewalls do.

A hardware firewall works by examining data that comes from the internet and verifying if the data is safe enough to pass through. Verified data is determined by a set list of rules that tells the hardware firewall to allow or drop traffic.

Traditional firewalls, known as packet filters, examine data for information such as its source and destination IP address. If the source and destination IP addresses match, the packet is considered verified. Packet filtering compares information to a set list of rules and policies in order to determine if the information should be allowed through.

Next-generation firewalls (NGFW) are more advanced than traditional firewalls and include features such as packet filtering, network and port address translation (NAT), stateful inspection, and support for virtual private networks (VPNs). The purpose of a next-generation firewall is to provide deeper layers of protection to improve filtering of network traffic that is dependent on packet content.

There are many types of hardware firewalls including standalone devices and broadband internet routers that have firewalls built into them.

You can check to see if your internet router at home or office has a built-in firewall by opening a browser window and logging into your router’s administrative console by typing the router’s IP address. If you can locate a “security” or “firewall” page it is an indication that your router has a built-in firewall. You will have to consult your router’s manual or ISP for more information to enable and configure the built-in firewall.

The drawback to using a hardware firewall device at home is that it only examines inbound data and not outbound data. If your computer becomes infected with malware, your computer might begin to broadcast data that will not be detected by a hardware firewall.
 

Software firewalls

Software firewalls are firewalls that are installed onto a computer. Software firewalls are easy to customize and control which makes them a popular choice for home use. They monitor inbound and outbound traffic and can protect a computer from broadcasting malware or being used for other purposes.

Some operating systems come with a built-in firewall. Windows Operating System has a built-in firewall located in the Windows Defender program. There are also standalone firewall programs and security programs that have a firewall feature.

The disadvantage of a software firewall is that it can only protect one computer at a time unlike a hardware firewall device that can protect every computer connected to it. Also, a software firewall will always be running, and this requires the use of system resources.