You may have heard the term “firewall” before and know that it is something to do with IT security, but what exactly are they and how do they work? With IT security now the responsibility of business owners, partners, directors or charity trustees, it is now important that these people understand what types of firewall exist and how they help protect client data.
At it’s most basic, a firewall is a type of filter which ensures that data following between two networks (such as your company network and the Internet) is the type you want to allow. Simple firewalls allow basic controls, such as allowing web traffic but not allowing people on the internet to access your internal documents. More advanced firewalls can check each type of traffic to ensure that it doesn’t include undesirable content, such as web traffic which contains viruses.
Types of firewall
You may have heard that your organisation has a firewall, and it’s likely that it has several, but they vary wildly in terms of the roles they perform and the type of protection they can provide. If the wrong type is used in the wrong location or configured incorrectly, they are next to useless. The most common types of firewall are:
Packet filtering firewall
This is the most common type of firewall, and is often built into operating systems (such as Windows) or broadband routers and they work by limiting which services (such as web browsing or email) can be access from different parts of a computer network.
Although they provide some basic protection, current cyber attacks can bypass them with ease by hiding data in with allowed data. They are also unable to handle encrypted data (such as HTTPS web traffic) which is fast becoming used widely on the web, not just on secure web sites (such as banking web sites)
Deep packet inspection firewalls
While packet filtering firewalls, allow or deny data based on what type of traffic it is (such as email or web traffic), deep packet inspection firewalls not only block data based on it’s type but also read every bit of data to make sure it doesn’t contain anything undesirable. This allows deep packet inspection firewalls to spot and remove viruses and spam email, identify and block hackers, monitor which programs should be allowed through and also prevent valuable data from leaving the organisation (such as personal records or credit card numbers).
Most deep packet inspection firewalls are able to inspect encrypted data and check it’s content. This is vitally important as most Internet data is now encrypted. This feature is unique to deep packet inspection firewalls, making them an essential part of any network security plan.
Some of the latest deep packet inspection firewalls now feature software which can deployed to computers on the internal network. This software allows the firewall and computers to work together to identify and stop security threats such as ransomware, crypto locker malware and phishing attacks.
There are two types of deep packet inspection firewalls, Next Generation Firewalls (NGFW) and Unified Threat Management (UTM) firewalls. Although they both provide similar levels of protection, NGFWs must be configured manually while UTM firewalls use software subscriptions to provide the most up to threat protection data.
Deep packet inspection firewalls are dedicated devices (they are not built into another type of device) and are usually available as physical and virtual appliances.
Web Application Firewalls
Web Application Firewalls (WAFs) are a specialist type of firewall which are designed to protect web servers (and web application servers) from attacks which could cause them to be compromised. They work in a similar way to NGFW and UTM firewalls but only provide protections for web traffic. They are available as physical and virtual appliances and, for low traffic sites, modules built into the web server software.
Understanding firewall security
A firewall is an essential part of any IT security strategy but it simply installing one and then ignoring it isn’t enough to ensure security. To ensure that your firewall is effectively protecting your network ensure that:
- Use a dedicated NGFW or UTM firewall from a reputable vendor. Firewalls built into broadband routers or operating systems do not meet regulatory requirements and offer scant protection.
- You monitor your firewall so that you can take positive steps against attackers rather than hoping your firewall will keep them out.
- You ensure that your firewall and it’s security definitions are kept up to date. If your firewall isn’t aware of the latest security threats, it can’t provide protection against them.
- Replace your firewall regularly. Security threats change daily, meaning firewall technology changes just as fast. If your firewall is older than three years old, it should be replaced immediately. Fortunately, most firewall vendors offer competitive trade in deals and hardware firewalls can be depreciated against Corporation Tax.
- You regularly check and validate your firewall rules. Check that rules which allow data to pass through the firewall are still relevant.
- Your documentation is kept up to date. You should always document all configuration decisions about your firewall as this will be used by audit or security response teams.
- You train your staff. A firewall is not a replacement for training your staff in basic IT security.
- You control who has physical access to your networking equipment and servers. Incorrectly installed equipment can bypass firewalls and, sometimes, staff will deliberately bypass security rather than have to request firewall changes.
- Know and understand the legal data security requirements your organisation must follow.
- Work with a Managed Security Service Provider (MSSP). These are specialist companies who can help provide the security services and advice you need to meet your organisation’s legal requirements.
- Accept that a firewall isn’t the only security solution you need. A firewall protects against network threats, but you will still need antivirus/antimalware software, an antispam solution, a robust backup solution, monitoring and regular training to meet your legal requirements.
A good quality firewall is a key part of a robust data security but it doesn’t guarantee security on it’s own and you are strongly advised to seek professional help in identifying the right solution for your organisation. For many industries, a dedicated firewall appliance is a legal requirement, and for those where it isn’t, a good NGFW or UTM firewall can provide the majority of the required data protection in a single package.