What is a Firewall?
A firewall is a network security system that monitors incoming and outgoing traffic based on pre-established rules. It blocks unsolicited incoming network connections, checks for malware and viruses, and filters outgoing network data packets to prevent unwanted information leaks. Without a firewall, your computers, devices and personal data are vulnerable to attack from cybercriminals.
Originally, firewalls were hardware appliances, but today most are software-based (also called FWaaS) or cloud-hosted. Many operating systems come with a built-in firewall feature, and you can buy firewall software from your local computer store or from an online vendor.
Firewalls are categorized by how they filter network traffic, based on the OSI model of communications. The first generation of firewalls operated at the network layer (layer 3), allowing or blocking individual data packets based on their source IP address, destination IP address and port, and protocol. They also checked the contents of a data packet and whether the packet was part of an existing connection. This prevented illegitimate traffic from entering the network and stopped many types of malware attacks.
A more sophisticated approach to filtering is used by stateful inspection firewalls, which operate at the transport layer (layer 4). These firewalls keep a list of open connections and evaluate new data packets based on how well they match the established connection records. This is designed to minimize the number of established connections and reduce performance overhead, but it leaves the door open for denial-of-service (DoS) attacks that exploit ongoing, unmonitored connections.