What Is a Firewall?
A firewall is a device or software that monitors network traffic in and out of an organization’s private systems, protecting against malicious attacks. Firewalls also provide logging and audit functions, allowing administrators to review security alerts for troubleshooting or compliance reasons.
Generally, firewalls protect against threats by scanning data sent over the Internet and comparing it to a list of known bad connections. If a piece of information doesn’t match one of the rules, it’s blocked. Firewalls should be updated regularly as new cybersecurity threats emerge, and vendors create patches to address these vulnerabilities.
Firewalls work on the principle of least privilege access, which stipulates that entities should only have the access they need to complete their tasks. Firewalls are able to evaluate connections at various network levels, including application, circuit, and transport layers.
In addition to examining each packet in context, stateful firewalls keep track of past active connections. This allows them to make faster decisions based on previous interaction and event histories rather than inspecting every incoming packet. These types of firewalls can also be used to stop attack patterns that exploit ports that have been left open for too long.
In a home network, a firewall is usually built into the router or included in the operating system. For organizations with multiple firewalls, a managed security service provider can host them in the cloud and handle all the configuration, updates, and monitoring. This is a great option for companies with multiple locations or remote workers as it eliminates the need for additional hardware on each endpoint.