Understanding the Operations of a Firewall

Mesut Oezdil
4 min readJul 31, 2023

In an exciting world, we are in the middle of a war with cyber hackers! Firewalls are our bulwark, protecting our computers and networks. But are you curious about how these digital shields work and how they keep the cyber world safe? Let’s discover together!

Firewalls play a crucial role in safeguarding against cyber threats. Their functionality lies in scrutinizing incoming data, applying predefined regulations, and blocking any dubious or unsecured sources. The primary objective of firewalls is to shield computers and networks from unauthorized entry by restricting access to traffic that adheres to specific criteria.

Picture a firewall as a vigilant sentry stationed at a building’s entrance. The sentry verifies the authorization of each person seeking entry. Likewise, a firewall verifies the source address of incoming data to ascertain its trustworthiness.

For added security, firewalls can also scrutinize data based on destination address and port number. For instance, they may be configured to permit only specific IP addresses to access designated port numbers.

To illustrate further, think of IP addresses as houses and port numbers as rooms within those houses. Only trusted individuals (source addresses) can enter the house (destination address). Once inside, they are filtered, granting access only to certain rooms (destination ports), depending on their privileges. For instance, the owner may access any room (any port), while guests and children are limited to specific rooms (specific ports).

By carefully setting up firewalls to allow authorized traffic only, network administrators can thwart unauthorized access and minimize the risk of cyber attacks.

Varieties of Firewalls

Firewalls can be categorized as software or hardware. Software firewalls are applications installed on individual computers, while hardware firewalls are physical devices positioned between the network and the gateway. Employing both types of firewalls is recommended for maximum protection.

The most prevalent firewall type is the packet-filtering firewall, which evaluates packets and blocks those that do not comply with established security rules. These firewalls inspect the packets’ source and destination IP addresses, permitting only those packets that match “allowed” rules.

Packet-filtering firewalls can be subdivided into two types: stateless and stateful. Stateless firewalls assess packets independently, lacking context and making them susceptible to hacking. In contrast, stateful firewalls retain information about previously processed packets, rendering them more secure.

While packet-filtering firewalls offer fundamental protection, they have limitations. They cannot ascertain whether the content of a request will harm the intended application. For example, if a malicious request from a trusted source could lead to database deletion, the firewall would remain oblivious. Addressing this, next-generation firewalls (NGFW) have been developed.

Next-Generation Firewalls (NGFW) merge traditional firewall technology with additional features like encrypted traffic inspection, intrusion prevention systems, and antivirus capabilities. Notably, NGFW incorporates deep packet inspection (DPI). DPI analyzes the data within each packet, enabling users to effectively identify, categorize, or block packets containing malicious data.

Proxy firewalls filter network traffic at the application level, serving as intermediaries between end systems. Clients submit requests to the firewall, which then evaluates them against security rules before allowing or denying them. Proxy firewalls monitor layer 7 protocols like HTTP and FTP, utilizing stateful and deep packet inspection to detect malicious traffic.

Network address translation (NAT) firewalls facilitate multiple devices with individual network addresses to connect to the internet using a single IP address, concealing individual details. This feature enhances security against network scans, as attackers cannot obtain specific information. NAT firewalls are akin to proxy firewalls, acting as intermediaries between a group of computers and external traffic.

Stateful multilayer inspection (SMLI) firewalls filter packets at the network, transport, and application layers, comparing them with known trusted packets. SMLI firewalls evaluate packets to establish the state of communication, ensuring that all initiated communication occurs only with trusted sources. These firewalls assess packets at each layer, allowing passage only if they meet the respective layer’s requirements.

It’s also essential to acknowledge the limitations of firewalls and their distinctions from antivirus software.

In conclusion, firewalls have become an indispensable part of digital security in the modern world. These intrepid protectors create a shield against cyberattacks by carefully analyzing incoming data. As one of the most effective ways to protect your home, business and personal data from cyber threats, understanding and using firewalls is a key element of ensuring a secure digital experience. It is important to remember that as technology evolves, firewalls are constantly being strengthened and improved. By continuing to increase our knowledge and awareness, we can stay safe in the digital world and stay one step ahead of cyber threats.

As a DevSecOps enthusiast, I hope you enjoy this article. In this column called “Mindful Monday Musings” here every Monday, I will share articles on Dev(Sec)Ops and Cloud. You can support M3 (aka Mindful Monday Musings) by following me and sharing your opinions. Please send me your contributions, criticisms, and comments, it would make me glad.

--

--

Mesut Oezdil

On M3 (Mindful Monday Musings), I publish articles on DevSecOps and Cloud! Talks about #devops, #devsecops, #cybersecurity, #cloudtech, #awsdevops