BotNet News

Firewalls monitor and control data that moves through network connections based on a set of security rules. These rules can determine whether or not to allow or block a specific type of data. Firewalls are used to protect internal network hosts and devices that communicate with external public networks, like the internet or various extranets.

Firewall capabilities have grown over the years to meet the needs of a changing threat landscape. Today’s firewalls can be found in a variety of formats – hardware appliances, software solutions and cloud-based systems.

Initially, firewalls were simple hardware boxes that funneled all data passing in and out of a network through a single device. This method of protection became inefficient as business processes began to move to the cloud, and newer technologies developed that required more advanced inspection and filtering.

Packet filters – These are a basic type of firewall capability that evaluates the header information of each incoming and outgoing packet, looking for patterns of suspicious activity to identify potential threats. They usually check for things like message content, media, and destination addresses as well as port numbers or ICMP type codes.

Stateful inspection – This is a more complex process where each incoming and outgoing packet is compared against a database of predetermined criteria. This enables more in-depth analysis of traffic and blocks certain types of malicious data that would otherwise be missed by standard packet filtering.

Web application firewall – Similar to a proxy, this type of firewall inspects HTTP requests sent to an application and checks for various data traits that can indicate malicious activity. This includes URLs, headers and query strings.