What is a Firewall and Why It's Important

The digitization of the world is inevitable, and with it, the evolution of cyberattacks. Attacks on corporate networks can take many forms, and in this context, firewalls continue to play a fundamental role in securing networks and devices.

If you want to increase your network's security, a firewall is one of the first lines of defense you can use. In addition to limiting access attempts to certain networks, modern firewalls have evolved to restrict attackers' capabilities, especially as new smart devices connect massively through the Internet of Things (IoT). But what is a firewall?

Firewall Definition 

A firewall is a network security device that acts as a barrier between an internal network and an external network. Its primary objective is to control, monitor, and filter incoming and outgoing network traffic based on a set of predefined criteria that can be tailored to the specific needs of each individual or company. It examines data packets and determines whether they should be allowed or blocked according to these rules.

Firewalls can be hardware, software, or a combination of both, and there are both paid and free versions. Free firewalls are more commonly used in home environments since the filtering they allow is not as advanced as paid versions and may overlook important aspects of security. Nonetheless, they are useful and provide basic protection.

How Does a Network Firewall Work? 

A network firewall is configured to regulate and monitor all incoming and outgoing traffic constantly. Essentially, it separates good traffic from bad, or safe from unreliable traffic. In the era of remote work and long-distance information protection, having a firewall is even more important. However, before delving into details, it’s useful to understand the structure of web-based networks.

Firewalls aim to protect private networks and endpoint devices within them, known as network hosts. Network hosts are devices that "communicate" with other hosts on the network. They send and receive traffic between internal networks and also send and receive traffic from external networks.

Computers and other endpoint devices use networks to access the internet and communicate with each other. However, the internet is segmented into subnets for security and privacy reasons. The basic subnet segments are as follows:

• External public networks usually refer to the public or global internet or various extranets.

• Internal private networks are home networks, corporate intranets, and other "closed" networks.

• Perimeter networks refer to boundary networks composed of bastion hosts—dedicated host computers with enhanced security designed to withstand external attacks.

Types of Firewalls: Hardware and Software 

Firewalls can be classified into two main categories: those embedded in specific devices, known as hardware firewalls, and those installed on various electronic devices, known as software firewalls.

Hardware Firewalls 

A hardware firewall is installed on a device, such as a router or, in some cases, a dedicated physical firewall so that all the computers connected to it are protected.

This is extremely useful if you need to protect multiple devices that must interconnect with each other. The complexity of these systems varies. In-home systems are provided by an internet service provider, the firewall is located within the “modem” and, in most cases, does not require modifications to function.

More complex systems, such as industrial or corporate networks, can be very robust and expensive equipment that requires qualified personnel to operate, manage, and configure them.

Software Firewalls 

This type of firewall comes included with a computer's operating system or can be installed later. It does not protect a computer network but rather a single device.

It is invaluable as a complement to a hardware firewall since it acts as a second layer of protection if the first fails or an attack comes from another device. It also offers protection when connecting to networks that are unknown or beyond your control.

Types of Firewalls Based on Traffic Filtering Methods 

There are different ways to filter network traffic and achieve the protection that firewalls offer. In this sense, firewalls can be classified as proxy systems, inspection systems, or next-generation firewalls (NGFW).

Proxy Firewall 

This type of firewall acts as a true physical barrier or intermediary that prevents direct connections between external and private networks. Proxy firewalls perform full packet filtering. This means they review the network packet rather than focusing on surface details like port numbers or IP addresses.

Stateful Inspection Firewall (Active Inspection) 

This type of firewall is a nearly ubiquitous protection system since it filters network traffic based on a series of technical properties of the data, such as the state, port, or specific protocols.

The decision to allow or block data flow depends on rules defined by the person configuring the firewall. Uniquely, this type of firewall can make decisions based on previous interactions. For instance, it might block traffic that previously caused problems.

Next-Generation Firewall (NGFW) 

Next-generation firewalls (NGFW) combine the classic functions of firewalls with the prevention of other threats. These firewalls examine network traffic at deeper layers than conventional firewalls, looking in detail for advanced malware, application-layer attacks, and other cyber threats.

Firewall Limitations 

A properly configured firewall can protect a computer or private computer network from attacks originating from an external network, achieving a high level of effectiveness in this task.

Although it is useful as a first line of defense, it is not enough to protect an individual or company's digital assets since not all cyberattacks need to cross the firewall to reach their target. Its main limitation is that it does not protect against vulnerabilities not originating from network traffic, such as a contaminated USB device.

In this sense, it can generate a false sense of security. Having a firewall, even one that is well-configured does not guarantee absolute security for an individual’s or company’s devices. It’s always necessary to have more than one line of protection so they complement each other and can respond if one of the lines is compromised.

A Necessary First Line of Defense 

Firewalls are an old security technology, but they remain crucial for protecting your device. By acting as a defensive barrier, they help safeguard the integrity of information against the most common cyberattacks. However, on their own, they do not guarantee absolute protection. To strengthen an organization’s cybersecurity, it is essential to accompany the use of a firewall with other protection measures.

Remember, there is no "best firewall." Its effectiveness will be defined by your specific goals and what you wish to protect. Keep in mind that if you plan to install one for a company, it is always advisable to purchase a paid version that offers more efficient protection and greater peace of mind.