A Firewall is a foundational network security system—available as physical hardware or software—that actively monitors and controls incoming and outgoing network traffic based on strict, predefined security rules.
Think of a firewall as a digital security guard standing between your trusted internal network (LAN) and the untrusted outside world (the Internet/WAN). When data packets try to cross this barrier, the firewall filters them and takes one of three actions:
Accept: Allows the safe traffic to pass through into the network.
Reject: Blocks the traffic and actively sends an "unreachable" error response back to the source.
Drop: Blocks the traffic silently without sending any response (making your system appear completely invisible to attackers).
Firewall: The Barrier Between LAN and WAN
Why Are Firewalls Important?
Prevents Unauthorized Access: Like a locked door with a guard, only trusted users and verified traffic are allowed through.
Blocks Malicious Traffic: Harmful data such as viruses, phishing attempts, or Denial-of-Service (DoS) attacks are stopped at the perimeter before reaching the internal system.
Protects Sensitive Information: Safeguards personal and corporate business data from external theft or accidental internal leaks.
Controls Network Usage: Enforces corporate policies such as parental controls, workplace website restrictions, or government filtering.
Mitigates Insider Risks: Detects suspicious applications or data exfiltration (data theft) attempts originating from within the network.
How Does a Firewall Work?
A firewall operates by constantly inspecting all incoming and outgoing traffic to decide whether to allow or block it. The general workflow is:
All data packets entering or leaving the network must first pass through the firewall.
The firewall deeply examines each packet against a strict set of predefined security rules set by the organization.
If the packet matches the "safe" rules, it is allowed in. If it is suspicious, blacklisted, or contains malicious content, it is instantly blocked.
Blocked or highly unusual traffic is recorded in digital logs, and real-time alerts may be generated for the security team to investigate.
The Default Policy: Because it is impossible for an administrator to write a specific rule for every single type of traffic on the internet, the firewall applies a Default Policy (accept, reject, or drop) for any traffic that is not explicitly covered by existing rules. To prevent unauthorized access, security best practices dictate that the default policy should always be set to Drop or Reject.
Types of Firewalls
Firewalls have evolved significantly over the years and can be categorized based on their data filtering methods, network placement, and form factor.
1. By Data Filtering Method
Packet Filtering Firewall: Inspects basic packet info (IP addresses and ports) without looking at the actual data payload.
Stateful Inspection Firewall: Tracks the active state of network connections, making smarter decisions based on ongoing traffic context.
Proxy Firewall (Application Level): Acts as an intermediary, inspecting the deep application-level data before passing it along.
Circuit-Level Gateway: Quickly verifies the TCP handshake to ensure the session is legitimate without inspecting the packet contents.
Web Application Firewall (WAF): Specifically designed to protect web applications by filtering HTTP/HTTPS traffic.
Next-Generation Firewall (NGFW): Combines traditional firewall features with advanced intrusion prevention (IPS) and deep packet inspection.
2. By Network Placement
Perimeter Firewall: Placed at the very edge of the network, standing between the internal LAN and the external WAN.
Internal Firewall: Placed deep inside the network to segment different departments (e.g., separating the HR network from the Guest Wi-Fi).
Distributed Firewall: Software-based firewalls applied across multiple endpoints and servers, managed centrally.
3. By Systems Protected
Network Firewall: Protects an entire network of computers and devices simultaneously.
Host-Based Firewall: Installed on a single individual computer (host) to protect that specific machine (e.g., Windows Defender Firewall).
4. By Form Factor
Hardware Firewall: A dedicated physical appliance (like a specialized router) that handles massive amounts of network traffic processing.
Software Firewall: A program installed on an operating system that filters traffic locally.
Knowledge Check
?
According to security best practices, what should the "Default Policy" of a firewall be set to for any traffic that doesn't match an existing rule?