Page Content

Tutorials

Load more

What Is A Firewall? History Of Firewalls, Types Of Firewalls

CCNA
Hemavathi
Author: Hemavathi
8 min.read

What is a firewall?

What is a firewall
What is a firewall

A firewall, which serves as a security barrier and monitors and regulates incoming and outgoing network traffic according to customizable security rules, is a basic network security device. Its main goal is to provide a secure border between various VLANs or between trusted internal networks (like a home or business network) and untrusted external networks (like the Internet) in order to stop malicious activity and illegal access. Software applications, hardware devices, or a combination of the two can be used to construct firewalls.

Also Read About What A Network Is And What Are Benefits Of Networking

History of firewalls

History of firewalls
History of firewalls

As the Internet became more widely used and connected, the idea of firewalls changed.

1980s: The word “firewall” was first used to describe physical barriers used to contain flames. In the 1980s, it was used with network technology. Routers with packet filtering capabilities were the forerunners of firewalls. Digital Equipment Corporation (DEC) engineers created packet filter systems in 1987, the first known kind of network firewall.

Late 1980s: The second generation of firewalls, known as circuit-level gateways, were created by AT&T Bell Labs researchers Dave Presotto, Janardan Sharma, and Kshitij Nigam in the late 1980s and early 1990s. Later, Marcus Ranum at DEC created security proxies, which resulted in the Secure External Access Link (SEAL), the first application-layer firewall to be sold commercially, in 1991.

1993–1994: Gil Shwed invented Check Point’s Firewall-1, which included stateful inspection technology and gained widespread use to Nir Zuk’s intuitive graphical user interface.

1994: One of the first firewall and network address translation (NAT) devices to be successfully sold commercially was Network Translation Inc.’s PIX (Private Internet eXchange) Firewall. In 1995, Cisco Systems purchased Network Translation Inc. in order to acquire the PIX technology rights.

From 2008 onwards: Next-Generation Firewalls (NGFWs) gained popularity by fusing advanced capabilities like application awareness, intrusion prevention systems (IPS), and deep packet inspection (DPI) with conventional firewall functions.

Early 2020s: The most recent development combines artificial intelligence (AI) and machine learning (ML) to improve threat identification and response, spotting irregularities and possible dangers instantly.

Core Function and Operation

A firewall essentially serves as your network’s security guard. Data must first pass through the firewall in order to enter or exit the network. Small informational units called data packets are examined by the firewall by looking at their headers (such as source and destination IP addresses, port numbers, and protocols) and, in more complex cases, their content. After that, these packets are examined in light of pre-established security guidelines.

  • Data must first pass through the firewall in order to enter or exit your network. Using pre-established rules, the firewall analyzes the data packets, which are discrete informational units.
  • Firewall rules can be established according to the organization’s security policies and needs.
  • Decisions such as Allow → If the packet matches safe rules are made possible by firewalls. or Block → If the packet contains malicious code, is suspicious, or comes from a source that has been blacklisted.
  • Security teams can examine blocked or anomalous traffic recorded by the firewall.
  • If a significant threat is identified, real-time alerts can be provided.

These guidelines are established by organizations according to their security requirements and policies. Since it is hard to cover every possible rule, it is seen to be best practice to define a default policy of “drop” or “reject” for traffic that does not expressly fit a “allow” rule. Additionally, firewalls report anomalous or stopped traffic in audit logs for security teams to examine.

Types of Firewalls

Firewalls can be categorized based on their location, form factor, or data filtering method.

By System Protected

  • Network-based firewalls are placed between two or more networks, such as a local area network (LAN) and a wide area network (WAN), to control data flow between connected networks. These devices could be software or hardware.
  • In order to control network traffic or other host-specific computing resources, host-based firewalls are installed directly on a single computer or server (host).

By Filtering Method (Generations)

Firewalls with packet filtering of the first generation

  • Analyze individual packets based on source/destination IP addresses, port numbers, and protocol types (such as TCP, UDP, and ICMP).
  • Operate mostly at the network layer, or Layer 3 of the OSI model.
  • Are stateless, meaning they don’t remember past connections or packet context and instead analyze each packet independently.
  • Is vulnerable to IP spoofing attacks and cannot detect malware in a packet’s payload.

Circuit-Level Gateway Firewalls

  • Second-generation development.
  • Monitor the session layer (Layer 5) TCP handshaking between packets from untrusted hosts and trustworthy clients/servers.
  • Since they don’t check packet content after a connection has been established, they are less safe against content-based threats than application layer firewalls.

Stateful Inspection Firewalls (Second-Generation)

  • Track the state of open connections from their opening to their closing and allow or forbid traffic based on protocol, port, and state.
  • Monitor open connections in a state table, making filtering decisions based on packet context and administrator-defined criteria.
  • Able to operate at several layers, including the transport layer (Layer 4) and application layer (Layer 7).
  • They are more secure than packet filtering, but they can still be attacked by denial-of-service (DoS) attacks.

Application Layer Firewalls (Proxy Firewalls / Third-Generation)

  • Operate at the application layer, or Layer 7 of the OSI model.
  • As intermediaries (proxies) between internal and external systems, intercept and examine all incoming and outgoing communications.
  • To learn more about certain protocols and applications, use deep packet inspection (DPI), which looks at the payload (actual content) of packets (e.g., FTP, DNS, HTTP).
  • Able to identify unwanted programs using non-standard ports or detect protocol misuse. This provides more precise control and can prevent risks specific to specific apps.

Next-generation firewalls, also known as fourth-generation firewalls (NGFWs)

  • Combine state-of-the-art security features with standard firewall features (NAT, VPN termination, stateful inspection).
  • Include deep packet inspection (DPI), application awareness and control, user identity management, URL filtering, and intrusion prevention systems (IPS).
  • Supplements deep packet inspection with web filtering, content inspection, web application firewall (WAF), and heuristic analysis.
  • Make an effort to provide a single security policy that addresses all potential threats.
  • Examples include the SonicWall Network Security Appliance Series, Cisco’s ASA and Firepower product lines, Palo Alto Networks’ PA Series, Fortinet FortiGate, and Check Point Quantum.

Unified Threat Management (UTM)-enabled firewalls

Typically combine stateful inspection, antivirus, and intrusion prevention into a single device. They usually include extra services and cloud management, with a focus on ease of use and simplicity.

Virtual firewalls

  • Software-based firewalls running on hypervisors and cloud platforms, among other virtualized infrastructure.
  • They provide the same security and inspection capabilities as hardware firewalls, despite their versatility and ability to be installed in many public or private clouds.

Cloud-native firewalls

  • A type of virtual firewall specifically designed and optimized to operate with cloud-based systems.
  • By interacting with cloud orchestration platforms, they offer automated security policy enforcement across a range of cloud resources.

Web application firewalls, or WAFs

  • Expert firewalls that protect web applications by filtering, monitoring, and blocking dangerous HTTP/HTTPS traffic.
  • They can lower threats that target specific online application vulnerabilities, including SQL injection or cross-site scripting, and they function at the application layer (Layer 7).

AI-powered Firewalls (Fifth-Generation)

  • Make use of machine learning (ML) and artificial intelligence (AI) to improve network security and threat prevention.
  • Examine changing network traffic in real time to spot unusual trends and modify security rules accordingly. Proactive threat detection against dynamic threats, such as zero-day vulnerabilities, is made possible by this.

Also Read About What Are Network Components? And Types Of Network Devices

Hybrid Mesh Firewalls

  • A new class of security technologies that offer centralized and unified management by combining the advantages of several firewall architectures (hardware, virtual, cloud-based, and FWaaS).
  • Made to handle the intricacy of firewall deployments in branch offices, cloud services, data centers, and remote deployments, among other dispersed and hybrid environments.

Firewall Policies and Configuration

The foundation of a firewall’s functioning are its policies, also known as firewall rules, which control how it makes decisions. Which traffic is permitted or prohibited across network boundaries is determined by these rules.

The foundation of firewall rules is the assessment of network packets in relation to preset security standards, such as:

  • Direction: Traffic coming in or going out.
  • Source: The IP address, range, network, or zone from which the traffic is coming.
  • Destination: The IP address, range, network, or zone where the traffic is going.
  • Port: Network ports designated for different services, such as port 21 for FTP and port 80 for HTTP.
  • The type of network protocol, such as TCP, UDP, or ICMP, is known as the protocol.
  • Uses: assembling services or inspecting Layer 7.
  • Action: Whether to permit, reject, abandon, or demand additional traffic inspection.

Key concepts in firewall policy include

  • Zones: logical groups of devices with comparable security needs within a network (e.g., Inside/Trusted, Outside/Untrusted, Demilitarized Zone (DMZ), LAN, WAN, Public, Private, Wireless) that allow administrators to impose policies governing traffic flow between devices. Allowing all traffic from LAN to WAN and dropping all traffic from WAN to LAN are common default settings.
  • Services: Particular operations denoted by a protocol and network port (e.g., FTP on port 21 and HTTP/HTTPS on ports 80/443). Which services are available, to whom, and under what circumstances are determined by firewalls.
  • Applications: Network-based software systems that users interact with, such as email clients and web browsers. By controlling traffic according to the application sending or receiving it, firewall rules can reduce the risk of malicious or susceptible apps.
  • User ID: This feature improves granular control over resource access regardless of location or device by enabling firewall rules to be created based on unique user identities rather than merely IP addresses. Usually, this connects to directory services such as TACACS+, LDAP, RADIUS, or Active Directory. For example, a school may employ User ID to prevent the “Students” user group from accessing social media servers.

A firewall’s configuration is a complicated process, and mistakes might result in security problems. To lessen vulnerability to threats, policies are usually set up according to the type of network (private or public).

Also Read About What Is Public Cloud In Cloud Computing? How Does It Work?

Previous article
What Is Repeater In Networking, How It Works And Advantages
Next article
What is PostgreSQL? & What is the history of PostgreSQL?
Hemavathi
Hemavathihttps://govindhtech.com/
Myself Hemavathi graduated in 2018, working as Content writer at Govindtech Solutions. Passionate at Tech News & latest technologies. Desire to improve skills in Tech writing.

About Us 

Contact Us

Privacy Polacy

Disclaimer

© G Solutions

Index