Different Types of Firewalls
Firewalls protect computers and networks by acting like a 24/7 security guard that monitors the data that attempts to enter your system. They look at everything that goes in and out of your computer, preventing malicious data from entering the network based on a defined set of rules. These rules can be in the form of either software or hardware. Depending on the level of protection your business requires, there are several different types of firewalls available including packet filtering, a proxy service and stateful inspection.
A packet-filtering firewall examines data packets – pieces of information for internet transfer that contain unique information such as the source and destination addresses of the sending and receiving computer as well as port numbers that identify specific applications (e.g., TCP ports 80 for web servers). The firewall looks at these packets and compares them to filters that define what type of data is safe to allow into the system. It then blocks or discards packets that don’t meet the criteria.
Circuit-level gateway firewalls control network traffic at the OSI session layer, looking at the TCP handshake between a trusted client or server and an untrusted host to determine if a connection is legitimate before allowing it. However, because they do not examine the actual content of the packets, this type of firewall can be easily evaded by dedicated attackers.
Application-level firewalls, also called deep packet inspection (DPI), read the actual contents of each packet of data and use it to detect potential threats. They can recognize the specific characteristics of common programs used on a network such as Hypertext Transfer Protocol, Domain Name System and File Transfer Protocol, which is why they are considered one of the most effective forms of firewalls. Then there are NGFWs (Next-Generation Firewall) which often combine the best features of these other firewalls such as packet filtering, DPI and stateful inspection. They can be either hardware or software and offer a complete set of security protections that are designed to work together.