What is a Firewall?
Firewall is a network security device that monitors incoming and outgoing data packets and permits or blocks them based on a set of rules. A firewall is a sort of gatekeeper that filters and verifies what gets into your home or business computer network. Think of it like a security guard at the doorway that only lets people and objects in if they are safe to be there.
There are multiple kinds of firewalls, each with its own capabilities. For example, older types of firewalls filtered based only on IP addresses, destination ports and basic packet protocols (UDP and ICMP). Next generation firewalls (NGFW) added stateful inspection capabilities and then next-generation NGFWs included filtering at the application layer.
The best firewalls are often a combination of technologies that provide the best protection. For example, some firewalls use deep packet inspection to detect malware that has been hidden or encrypted within a packet of information. Others may rely on heuristics and other rules to detect anomalous behavior that is not typical for the system.
A common mistake with firewalls is not properly configuring and maintaining them. For instance, it is important to keep the firewall updated with the latest firmware patches. In addition, it’s critical to have processes in place to regularly check for updates and install them on systems that are behind the firewall.
A firewall that is not kept up-to-date is vulnerable to attacks that take advantage of established connections, such as denial of service (DoS) attacks. This is one reason why we recommend having an automated process to regularly review and update the firewall rule set on every system in your agency.