BotNet News

Firewall is a hardware device or software application that monitors traffic going in and out of your network, scanning for suspicious data patterns and blocking anything that looks like a threat. Firewall benefits include preventing unauthorized access, blocking malware and phishing, controlling data exfiltration, and mitigating insider threats.

Basic firewalls look at (sniff) each packet of information to determine where it is coming from and where it’s going — or both – and then based on pre-defined rules allows or denies the connection. For example, a simple firewall policy might state that traffic to a specific port or computer is allowed, but that it must come from an internal IP address or a trusted source. This protects against hackers who could gain entry by identifying a specific printer share port and then sending offensive print jobs to that computer over the Internet.

A more advanced technology is the circuit-level gateway, which examines the data transfer protocol to verify that ongoing connections are valid. This is done by examining handshake flags, which are unique to each protocol. More advanced firewalls can also evaluate the contents of each packet and apply more sophisticated rules to filter and authorize data.

These types of firewalls are typically called proxy-based or stateful inspection firewalls. A proxy firewall acts as an intermediary between a client and a server, fetching the data for the client from the internet and relaying it to the client. This prevents direct communication between the client and the server, ensuring that only the firewall can access the system’s resources.