What Firewalls Do and Don’t Do

what-firewalls-do

by Ian Kilpatrick

Over the last few years, security threats to companies have grown and altered dramatically and so have the defences. Traditional firewalls, installed over three years ago, are often not best suited for current threats and don’t protect against a number of newer threats.

What firewalls do

A firewall is a system designed to prevent unauthorised access to or from a private computer network. Firewalls are frequently used to prevent unauthorised Internet users from accessing private networks connected to the Internet (often described as intranets). All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

You need a firewall to protect your confidential information from those not authorised to access it and to protect against malicious users and accidents that originate outside your network. One of the most important elements of a firewall is its access control features, which distinguish between good and bad traffic.

There are various types of firewall. In ascending order, they are

  • Packet layer
    This analyses network traffic at the transport protocol layer.
  • Circuit level
    This validates that packets are either connection or data packets.
  • Application layer
    This ensures valid data at the application level before connecting.
  • Proxy server
    This intercepts all messages entering or leaving the network.

In the real world, threats have evolved over the years and firewalls have evolved to deal with them. While it is still possible to buy packet only firewalls, they are not adequate for business use. Protection against combination threats is best provided by firewalls which combine all of the above elements.

Specific functions performed by firewalls include:

  • Gateway defence
  • Carrying out defined security policies
  • Segregating activity between your trusted network, the Internet and your DMZ (a protected zone midway between your network and the Internet, where you would perhaps have your web or email server).
  • Hiding and protecting your internal network addresses (NAT)
  • Reporting on threats and activity.