A Closer Look at Firewall Types and Implementation Options
The firewall is an essential first line of network defense, filtering traffic and blocking malicious outsiders from gaining access to your critical systems. Businesses today commonly use multiple firewalls to create a system of protected network segments with varying security needs. In this post, we’ll take a brief look at five primary types of firewalls and the three main implementation models.
- Software firewalls run on computers or servers, providing granular protection for individual devices within the network. They are inexpensive, easy to install and can be configured to meet the user’s specific needs. However, they may not be effective against sophisticated attacks or network-wide threats.
- Hardware firewalls are dedicated appliances that sit between the local network and the public Internet, providing network-wide protection. Hardware firewalls are typically more powerful than software firewalls and can handle higher volumes of network traffic.
- Cloud firewalls are virtual firewalls that filter traffic moving between private networks, cloud platforms, virtual networks and remote users. This model is increasingly important as organizations shift to more cloud-based applications and services. Because they are managed through a web-based interface, they are relatively easy to configure and deploy.
Any of the following types of firewalls can be deployed as either hardware, software or in the cloud.
- Packet filters are the simplest and most popular form of firewall. They analyze data packets and either allow or block them based on predefined rules such as the source or destination IP address, the protocol being used or the port number. Packet filters are fast, flexible and inexpensive, but they cannot understand the context of a packet and are therefore more easily fooled by hackers.
- Proxy firewalls, also known as application gateways or application firewalls, reside at the application layer of the network. They sit between users and Internet services, relaying communications back and forth. A proxy gives the user an illusion of dealing directly with the server, while giving the server an illusion of dealing directly with the user. The purpose is to mask a network’s IP addresses from intruders.
- Stateful-inspection firewalls combine the strengths of packet filtering and proxy servers, with the ability to monitor network connections as well as filter individual data packets. This allows the firewall to block packets that don’t belong to an established connection or violate the rules of an existing connection. Stateful inspection firewalls are more secure than packet-filtering firewalls.
- Circuit-level gateways verify the transmission control protocol (TCP) handshake, which is the process for establishing a connection between two devices and setting up the rules for how they will communicate. The firewall monitors communications, examining packets as they travel through the circuit.
- Next-generation firewalls combine the features of traditional firewalls with advanced threat protection capabilities, such as intrusion prevention, antivirus, and application control. They are application-aware, meaning they can distinguish one application from another and enforce granular security policies at the application layer.
Firewalls are not plug-and-play solutions — they must be upgraded and patched regularly. However, firewall interfaces tend to be complex, which increases the likelihood of mistakes. Gartner analysts say up to 99 percent of all firewall breaches are caused by misconfiguration rather than flaws with the technology itself.
Businesses today commonly use multiple firewalls to create a system of protected network segments with varying security needs.
Organizations without the expertise or manpower for dedicated firewall management should strongly consider a managed firewall service to reduce their risk. A managed firewall service provides updates, tuning and around-the-clock monitoring by security experts with specific expertise in firewall configuration and policy development.
Firewall management is a leading component of our Advanced Infrastructure Security suite. Contact us to learn more about how we can help you select, implement and manage a robust firewall solution.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.