The term “firewall” originally referred to a structure that was supposed to confine the fire in a closed space, thus hindering its spread and mitigating its harmful effects on humans and property.
By analogy, in network security, a firewall is a software or hardware system that functions as a gatekeeper between trusted or untrusted networks or even a part of them. It does this by filtering out harmful or potentially unwanted content and communication.
Network firewalls typically perform this function for internal systems with multiple devices or subnets. This type of firewall runs on network hardware and can easily be adapted for businesses of all sizes.
Host-based firewalls run directly on users' computers (or endpoints) and can therefore offer much more personalized filter rules.
Most operating systems provide their own built-in, host-based firewall. However, these tend to feature only basic functionality and, as prevalent as they have been, have likely been studied extensively by would-be attackers.
The first commercial firewalls designed for computer networks were developed in the late 1980s by Digital Equipment Corporation (DEC). The technology rose to prominence and spread over the next decade due to the rapid growth of the global Internet.
How do firewalls work?
There are several types of firewalls, each using a different approach to filtering traffic. First generation firewalls functioned as packet filters , comparing basic information such as the original source and destination of the packet, the port used, or the protocol against a predefined list of rules.
The second generation included so-called
“stateful” firewalls , which added another parameter to the filter configuration, namely the connection state . Based on this information, the technology could determine whether the packet was initiating the connection, was part of an existing connection, or was not involved at all.
Third generation firewalls were built to filter information across all layers of the OSI model - including the application layer - allowing them to recognize and understand applications as well as some widely used protocols such as FTP (File Transfer Protocol) and Hypertext Transfer Protocol (HTTP). Based on this information, the firewall can detect attacks that attempt to bypass it through an authorized port or the abuse of a protocol.
The most recent firewalls still belong to the third generation, but they are often described as "next-generation" (or NGFW). They combine all the previously used approaches with a more in-depth inspection of the filtered content, eg linking it to a detection database to identify potentially dangerous traffic.
For more information about: Network security firewall