Picking the best firewall software, hardware or application
A comprehensive collection of articles, videos and more, hand-picked by our editors
What are the most sophisticated attacks a firewall can repel by preventing or blocking traffic?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
It’s important to understand the role firewall network security plays with respect to information security controls. I would encourage enterprise security pros to think of a firewall as one layer in a set of defenses that comprise a defense-in-depth strategy, rather than as a standalone defense that protects against a specific set of attacks. The reality is many potential attacks are thwarted because of the interaction of a series of defenses rather than a single control.
The basic function of firewall network security is to control the traffic passing between two networks and block any undesired traffic. This is often expressed in the philosophy, “block anything that is not explicitly allowed.” A firewall is like a gatekeeper, watching the network and inspecting each packet to ensure it meets network security policy before it is allowed to pass.
In serving this basic role, firewalls prevent many simple attacks from succeeding. They can easily block reconnaissance attacks, such as port sweeps or IP scanning. They also restrict remote access to workstations and servers in enterprise environments, in addition to providing a degree of isolation between a network and the Internet at large. This set up can be thought of as a fence that separates a network from the outside world.
Modern firewalls also incorporate and integrate with other security controls to provide an added level of defense. These include intrusion detection and prevention systems, application-layer scanning, and other advanced defenses that monitor for and block sophisticated attack attempts.
However, firewalls will never protect a network against an insider attack. For example, a firewall placed at the perimeter of a network is not capable of protecting against an attack waged on an internal server by an employee. Similarly, if a firewall is used to segment the data center network from the corporate intranet, that firewall will be unable to prevent more sophisticated attacks like a server-to-server attack. This underscores the importance of a layered defense; an in-depth approach that includes both host-based controls, such as host firewalls and access control systems, in addition to network-based controls.
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.