Choosing the Right Firewall
Firewalls act as barriers between private and external networks, examining data packets that enter or leave a network to determine whether they should be allowed in or blocked. They granularly check each packet against pre-set security rules, and can be in either hardware or software form, or a combination of both. Blocked or suspicious traffic is recorded in logs and real-time alerts are generated to provide a quick response to emerging threats.
Firewall technology has evolved over time to keep up with ever-changing attack strategies. Choosing the right firewall depends on factors like network performance, security needs, and scalability.
Typically positioned at the edge of the network, or in a data center, network firewalls have an excellent view of everything attempting to enter or leave the network. This gives them a unique position to granularly inspect every packet of information as it passes through, and to compare that against pre-set security rules to decide what action to take.
For example, a simple rule may be to block all traffic that is trying to communicate with a specific IP address on the network. More advanced systems use a method called deep packet inspection, which examines more facets of each packet to identify malicious activity that would be missed by a simple rule.
Other more sophisticated firewall systems such as stateful inspection firewalls track the state of active connections, and can use context to detect malicious behavior that may not be immediately obvious when looking at each packet on a standalone basis. Additionally, some firewall systems integrate with directory services such as LDAP or RADIUS to link user login information with their security policies. This allows organizations to impose policies based on user groups, roles or even individual users rather than just the network topology.