Firewall

A firewall is a computer tool (hardware and/or software) designed to protect the data on a network. It will monitor and filter incoming and outgoing network traffic based on security policies previously established by the company.

A firewall represents the barrier between a private internal network and the public Internet. Its purpose is to filter dangerous traffic.

Firewall - copyright @ wikipedia

General operation

The firewall is until the last few years considered as one of the cornerstones of the security of a computer network. It allows to apply an access policy to network resources. Generally, the trusted areas include the Internet and at least one internal network.

The filtering is done according to various criteria. The most common ones are :

• the origin or destination of the packets (IP address, TCP or UDP ports, network interface, etc.);
• the options contained in the data (fragmentation, validity, etc.);
• the data itself (size, pattern matching, etc.);
• users for the most recent ones.

A firewall often acts as a router and thus makes it possible to isolate the network into several security zones called demilitarized zones or DMZs.

Router firewall, with a DMZ - copyright @ wikipedia

The different types of firewall

• the status-free firewall is falling into disuse: it is complex to implement and not very effective,
• the stateful firewall tests the validity of packets, so it is more reliable,
• the application firewall opens dynamic ports and checks if the packet is suitable for the expected protocol,
• the firewall identifier identifies connections that pass through the IP filter,
• the personal firewall effectively fights spyware and computer viruses by determining the identity of the program behind the data,
• the captive portal is most often used for Wi-Fi,
• the virtual firewall operates in a virtual framework.

New features

Recent firewalls include more and more features:

• Artificial intelligence to detect abnormal traffic,
• IPsec, PPTP, L2TP tunnels,
• Connection protocol servers (telnet, SSH), file transfer protocol servers (SCP),
• Web server to provide a pleasant configuration interface,
• Proxy server,
• Intrusion detection system (IDS)
• Intrusion Prevention System (IPS)
• ...

The limits of the firewall

Firewalls are not an absolute protection against cyber attacks. In fact, their effectiveness only comes from their configuration and their role as an intermediary between communications.