BotNet News

Your source for Online Security News


Firewalls are programmable filters that block information from the outside world from entering your computer or network. They do this by inspecting packets (small chunks of data) from the internet and comparing them to the criteria you set up. If the data isn’t allowed in, your firewall blocks it and prevents the attacker from spreading to other computers in your agency or organization.

Firewall types differ in how they inspect incoming and outgoing data. Packet filtering examines each packet at a low level of the TCP/IP protocol stack, looking for IP addresses, port numbers, packet contents and other data that identify the source and destination of each packet. Firewalls that use this method of inspection are referred to as network layer firewalls and have a lower performance impact than other types of firewalls.

Circuit-level gateways are another type of firewall that verifies traffic by verifying the transmission control protocol (TCP) handshake, ensuring the request is legitimate before allowing it into the network. This firewall type is very resource-efficient, but it can be vulnerable to attacks that exploit existing connections.

Stateful inspection firewalls are a more complex type of firewall that checks for the existence of existing connection information when a new packet arrives. This firewall uses a database that keeps track of open connections and examines each new packet against this list of established connections to determine whether it should be allowed in. This firewall type is more effective at preventing malware from spreading than the other two, but it can also slow down performance.