BotNet News

The firewall, which is a foundational piece of network security, must be properly configured and regularly updated to align with the organization’s changing needs and threat landscape. Misconfigurations, including overly permissive rules, can lead to performance bottlenecks or block legitimate traffic. Rules also often get bloated over time as new policies are added, which can slow performance and cause conflicts or alert fatigue.

Firewalls are either network-based or host-based, with the former acting as a barrier between networks and the latter deployed directly on hosts to control access to other computing resources. Network-based solutions are available as software or hardware appliances and can be virtual or bare metal.

Packet Filtering

Like a guard at the doorway, a basic firewall looks at each packet of data and decides whether to allow it through based on pre-set rules. These rules can include evaluating where the packet is coming from and where it is going, or examining specific traits like IP addresses, ports, or basic packet protocols. A more advanced firewall might examine the content of a data packet, looking for certain words or phrases to identify malicious activity.

Stateful Inspection

Unlike a basic firewall, which checks incoming data based on where it is coming from or where it is going, a more sophisticated firewall can track the history of a particular packet. This allows for more in-depth evaluations and provides a better context around threats. This can allow administrators to craft more granular rules, based on user identity instead of fixed source or destination addresses, which improves security.