BotNet News

Your source for Online Security News

A firewall is a network security device that monitors data packets based on a set of rules to detect and block malicious traffic from entering your computer network. It is the first line of defense against threats like viruses and hackers who attempt to gain entry to your computer network by establishing an unmonitored connection with it from the outside.

Firewalls typically have multiple features to protect against various security threats. Depending on your organization’s needs, you can choose which features to enable on your firewall.

Static packet filtering firewalls, also known as stateless inspection firewalls, work at the OSI network layer (layer 3). They examine each individual data packet that comes into and goes out of a network by comparing it to a list of preconfigured requirements such as source and destination IP addresses, port number, and packet protocols. These firewalls do not memorize previous connections and so each new connection must be approved with each new data packet.

Circuit-level gateway firewalls work at the transport layer of the TCP/IP protocol stack (layer 4). They examine TCP handshakes and other information from a network to another network to ensure the ongoing unmonitored connection is legitimate.

Content filtering firewalls are the ones you may have encountered at home or work to prevent you from accessing certain types of websites and programs that are deemed dangerous. This is usually a simple block by a pop-up window asking you to approve the connection. Using threat intelligence, some firewalls can identify command and control infrastructure used by malware in order to intercept and transmit commands to large groups of computers, also known as botnets.