Definition

firewall

This definition is part of our Essential Guide: How to conduct a next-generation firewall evaluation
Contributor(s): Michael Cobb

A firewall is a network security system, either hardware- or software-based, that controls incoming and outgoing network traffic based on a set of rules.

Acting as a barrier between a trusted network and other untrusted networks -- such as the Internet -- or less-trusted networks -- such as a retail merchant's network outside of a cardholder data environment -- a firewall controls access to the resources of a network through a positive control model. This means that the only traffic allowed onto the network defined in the firewall policy is; all other traffic is denied.

History and types of firewalls

Computer security borrowed the term firewall from firefighting and fire prevention, where a firewall is a barrier established to prevent the spread of fire.

When organizations began moving from mainframe computers and dumb clients to the client-server model, the ability to control access to the server became a priority. Before firewalls emerged in the late 1980s, the only real form of network security was performed by access control lists (ACLs) residing on routers. ACLs determined which IP addresses were granted or denied access to the network.

The growth of the Internet and the resulting increased connectivity of networks meant that this type of filtering was no longer enough to keep out malicious traffic as only basic information about network traffic is contained in the packet headers. Digital Equipment Corp. shipped the first commercial firewall, DEC SEAL, in 1992, and firewall technology has since evolved to combat the increasing sophistication of cyberattacks.

Packet firewalls

The earliest firewalls functioned as packet filters, inspecting the packets that are transferred between computers on the Internet. When a packet passes through a packet-filter firewall, its source and destination address, protocol, and destination port number are checked against the firewall's rule set. Any packets that aren't specifically allowed onto the network are dropped (i.e., not forwarded to their destination). For example, if a firewall is configured with a rule to block Telnet access, then the firewall will drop packets destined for TCP port number 23, the port where a Telnet server application would be listening.

Packet-filter firewalls work mainly on the first three layers of the OSI reference model (physical, data-link and network), although the transport layer is used to obtain the source and destination port numbers. While generally fast and efficient, they have no ability to tell whether a packet is part of an existing stream of traffic. Because they treat each packet in isolation, this makes them vulnerable to spoofing attacks and also limits their ability to make more complex decisions based on what stage communications between hosts are at.

Stateful firewalls

In order to recognize a packet's connection state, a firewall needs to record all connections passing through it to ensure it has enough information to assess whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. This is what's called "stateful packet inspection." Stateful inspection was first introduced in 1994 by Check Point Software in its FireWall-1 software firewall, and by the late 1990s, it was a common firewall product feature.

This additional information can be used to grant or reject access based on the packet's history in the state table, and to speed up packet processing; that way, packets that are part of an existing connection based on the firewall's state table can be allowed through without further analysis. If a packet does not match an existing connection, it's evaluated according to the rule set for new connections.

Application-layer firewalls

As attacks against Web servers became more common, so too did the need for a firewall that could protect servers and the applications running on them, not merely the network resources behind them. Application-layer firewall technology first emerged in 1999, enabling firewalls to inspect and filter packets on any OSI layer up to the application layer.

The key benefit of application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols -- such as HTTP, FTP and DNS -- are being misused.

Firewall technology is now incorporated into a variety of devices; many routers that pass data between networks contain firewall components and most home computer operating systems include software-based firewalls. Many hardware-based firewalls also provide additional functionality like basic routing to the internal network they protect.

Proxy firewalls

Firewall proxy servers also operate at the firewall's application layer, acting as an intermediary for requests from one network to another for a specific network application. A proxy firewall prevents direct connections between either sides of the firewall; both sides are forced to conduct the session through the proxy, which can block or allow traffic based on its rule set. A proxy service must be run for each type of Internet application the firewall will support, such as an HTTP proxy for Web services.

Firewalls in the perimeterless age

The role of a firewall is to prevent malicious traffic reaching the resources that it is protecting. Some security experts feel this is an outdated approach to keeping information and the resources it resides on safe. They argue that while firewalls still have a role to play, modern networks have so many entry points and different types of users that stronger access control and security at the host is a better technological approach to network security.

Virtualization strategies such as virtual desktop infrastructure can dynamically respond to different scenarios by offering tailored access control to applications, files, Web content and email attachments based on the user's role, location, device and connection. This approach to security does provide additional protection that a firewall can't, but information security requires defense-in-depth, and firewalls still offer essential low-level protection as well as important logging and auditing functions.

This was last updated in November 2014

Next Steps

Read in-depth expert information about next-generation firewalls in the enterprise and then learn about the three things you should consider before deploying a NGFW in your organization.

Learn more about the critical security benefits of implementing Web application firewalls and find expert advice on what to consider before purchasing a WAF product and whether your organization would benefit from deploying one.

In this Buying Decisions series on network security, you will gain a better understanding of network security basics before making any purchasing decisions and learn the best questions to ask before buying a network security tool.

In this feature on buying network security measures -- such as firewalls -- learn how to choose the best product for your organization's needs.

 

 

Continue Reading About firewall

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

8 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Amid the widespread use of user-owned devices in the enterprise and the emergence of the Internet of Things, is the answer better firewalls or better host protection?
Cancel
I think the answer lies with host protection; firewall improvement seems too reactive. (Not a security expert here, so please tell me if I'm wrong.)
Cancel
The answer, I think, would depend far more on implementation and success than the specific approach. But, that said, perhaps this is exactly the right moment to completely rethink our solutions to the problem.

We keep building better security while the bad guys build better ways to defeat it. So we patch and they attack from a different angle. The whack-a-mole loop is underway. Now that the IoT grows more entrenched in our lives and BYOD has become the standard throughout the industry, isn't it time we stopped using the same failed security system and found an entirely new approach...?

No, sorry, I don't know what that is. Wish I did so I could stop writing and buy my own island. But I do know it's time we realize that whatever we're doing isn't working very well. Surely we can do better....
Cancel
I want to question the trend here. Why is it necessary to jump to "IoT" with the current state of insecurity? Why current software model assumes patching immediately after releasing?
Note that much of troubleshooting of software is now passed on the end users. But they are not software security experts and can't be - everyone is a specialist in their own domain.
What' adds risk here - many devices are sold with minimal security settings and generic preset passwords.
Cancel
well you could just get chrome sever and type control alt delete see  it works and i was able to see everything the government is seeing you know that bagel that was stolen yeah that seeded one well did you know the government used it to feed  the aliens with foil hats. 
Cancel




Margaret,




I feel that both better firewall protection as well as better host protection will be needed; if either is overlooked, the result could be detrimental to an owner or organization. There is also a shared responsibility by the owner of these devices and for organizations that allow bring your own device (BYOD) there are a plethora of issues that are associated with this newfound connectivity that most business must understand.   The mindset then changes from security to convenience and the question for an organization then becomes, which is more important security or the convenience of access with things.




v/r




Dan




Cancel
So, what do you say is a better approach: everything is prohibited by default or everything is allowed unless explicitly prohibited? Should users be able to configure or only administrators?
Cancel
Most kind of attacks are held against web server, nowdays it become common. Firewall is a barrier so it can prevent any kind of malicious or traffic from untrusted network. Great Post. Thanks for sharing this article.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close