What Is a Firewall?
Generally, a firewall is an application that blocks or allows specific data packets based on security rules. It uses pre-configured rules to distinguish benign packets from malicious packets.
The firewall is responsible for establishing a barrier between the internal network and the external network. The firewall is also responsible for monitoring network traffic and alerting users of malicious activity.
Firewalls can be hardware-based or software-based. Generally, commercial firewall products come preconfigured. They are available at local computer stores or through your ISP.
Firewalls are designed to protect against attacks by denial-of-service (DoS) attacks, viruses, and malicious software. Security professionals should ensure that firewalls are properly maintained and configured to meet business and technical requirements.
Firewalls also perform important logging functions. They record network events and monitor outgoing and incoming network traffic. Firewalls can also be used to evaluate incoming traffic to determine compliance.
A firewall can be configured to restrict network traffic based on criteria such as source/destination IP addresses, ports, or protocols. Typically, these restrictions adhere to the principle of least privilege. This means that all users must have at least minimal privileges to operate the firewall. Ideally, minimum privilege policies should be as stringent as possible.
In order to configure firewall rules, the firewall administrator should create a list of source IP addresses and destination ports. These IP addresses and ports are used to match packets with common rule components.
The firewall rule should be documented and updated regularly. This documentation will allow the firewall administrator to check that the rules are working as expected.