Picking the best firewall software, hardware or application
A comprehensive collection of articles, videos and more, hand-picked by our editors
What are the most sophisticated attacks a firewall can repel by preventing or blocking traffic?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
It’s important to understand the role firewall network security plays with respect to information security controls. I would encourage enterprise security pros to think of a firewall as one layer in a set of defenses that comprise a defense-in-depth strategy, rather than as a standalone defense that protects against a specific set of attacks. The reality is many potential attacks are thwarted because of the interaction of a series of defenses rather than a single control.
The basic function of firewall network security is to control the traffic passing between two networks and block any undesired traffic. This is often expressed in the philosophy, “block anything that is not explicitly allowed.” A firewall is like a gatekeeper, watching the network and inspecting each packet to ensure it meets network security policy before it is allowed to pass.
In serving this basic role, firewalls prevent many simple attacks from succeeding. They can easily block reconnaissance attacks, such as port sweeps or IP scanning. They also restrict remote access to workstations and servers in enterprise environments, in addition to providing a degree of isolation between a network and the Internet at large. This set up can be thought of as a fence that separates a network from the outside world.
Modern firewalls also incorporate and integrate with other security controls to provide an added level of defense. These include intrusion detection and prevention systems, application-layer scanning, and other advanced defenses that monitor for and block sophisticated attack attempts.
However, firewalls will never protect a network against an insider attack. For example, a firewall placed at the perimeter of a network is not capable of protecting against an attack waged on an internal server by an employee. Similarly, if a firewall is used to segment the data center network from the corporate intranet, that firewall will be unable to prevent more sophisticated attacks like a server-to-server attack. This underscores the importance of a layered defense; an in-depth approach that includes both host-based controls, such as host firewalls and access control systems, in addition to network-based controls.
Related Q&A from Mike Chapple
New guidance from the PCI SSC includes some essential aspects of tokenization security and what merchants need to know about tokenization products.continue reading
HIPAA data breach reporting now uses an electronic Web portal, so what does this mean for covered entities? Expert Mike Chapple explains.continue reading
Complex compliance mandates can lead to compliance fatigue. Expert Mike Chapple explains how to develop an effective compliance management plan.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.