As the term "firewall" reminds sort of powerful wizard magic, in computing, a firewall provides strong security to our technology usage. Similar to an actual firewall, it is a system designed to protect devices from unauthorized network requests from the internet. By using a firewall we can apply fundamental security to our device and assign access permissions to software as needed.
In this article, let's take a close look at the basic firewall mechanisms and how to configure a firewall for proper security.
A firewall is a security system that analyzes network communications to determine which access should be allowed or blocked based on the given rules.
Like a building firewall that blocks flames from further damages, it can protect your computer from unauthorized network access and cyber-attacks.
Overall, firewalls provide the following benefits to the users.
- Defend information
- Filter unauthorize access
- Manage network traffic
- Organize access events
- Analyze defense reports
How does Firewall Work?
There are mainly two types of firewalls, which are a personal firewall and a network firewall. We will look into the details of each firewall and key differences.
A firewall used to protect individual computers under personal usage. This type of firewall is usually built-in to the OS or provided as software so that users can install on the computer connected to the internet.
A personal firewall is designed to prevent virus injection and unauthorized network access upon installation. Some firewall also comes with a feature that hides the host computer from the public.
A type of firewall commonly used for network environments with multiple computers such as the organization office. The firewall system is installed between the internet and company LAN.
This firewall specializes in features that block unauthorized data based on the packet contained information while allowing permitted packets. It essentially secures the entire organization by placing an access filter that internal IT has the flexibility to configure.
An advanced network firewall comes as equipment to be installed on routers. There is also a service platform firewall that gets implemented by the network provider.
Types of Firewall Protection
Firewall protection can be categorized mainly in three different styles. Each style comes with features that are compatible with specific scenarios.
Packet Filtering Firewall
The mainstream type of protection that filters access to software and service based on the associated IP address. Any IP that is not registered by the firewall will be shut out.
Although the configuration requires a fair amount of technological understanding, the popularity is quite high as it is used by many devices. One of the most standard protection to apply unauthorized access security measures.
Circuit Level Gateway Firewall
In addition to the packet firewall, the circuit-level gateway allows users to configure the access based on their port numbers.
Commonly used to apply protection based on application and integrate closed network communication between specific software and system.
Application Gateway Firewall
Both packet firewalls and circuit-level gateway firewalls are driven by destination-based filtering to block unauthorized access. These firewalls protect well for straightforward network access, but not against disguised network access that camouflaged as another access.
An application gateway is a known solution to detect fake requests by analyzing the request details on the application layer. While the network bandwidth performance might decrease due to in-depth analysis, it is a promising method to prevent disguised access.
How to Configure a Firewall
The most common firewall is probably the built-in firewall system that comes with the Windows OS. Windows firewall can be opened from the Controller Panel and Select the Security and Maintenance button.
For any other firewall software, it is always recommended to review the manual to understand the basic configurations and features.
Define Application Based Permission Rules
Setting permission rules based on installed applications is an effective method to improve protection. By applying block rules to unfamiliar software, users can proactively reduce security risk.
Assign Permission to Port Numbers
Port numbers are used to assign network access to service and application. With a circuit-level gateway firewall access permission can be applied to port numbers. It is a good practice to block any unused and vulnerable port numbers.
The following table shows port numbers that are considered high risk.
|Port||TCP / UDP||Details|
|21||TCP||FTP (File Transfer Protocol)|
|22||TCP||SSH (Secure Shell)|
|25||TCP||SMTP (Simple Mail Transfer Protocol)|
|53||TCP and UDP||DNS (Domain Name System)|
|110||TCP||POP3 (Post Office Protocol Version 3). Gets disguised email attacks.|
|135||TCP and UDP||Windows RPC (Remote Procedure Call). Vulnerable to computer warm attacks.|
|137 - 139||TCP and UDP||Windows NetBIOS over TCP/IP. Computer name, domain name, and MAC address gets commonly exposed.|
|1433||TCP||Microsoft SQL Server. Used for SQL injection and database hacking.|
|1434||UDP||Microsoft SQL Server|
Combining Port and Application Security
By taking the best out of both port filtering and application permissions, robust and comprehensive security can be implemented. For example, disguised network access cannot be discovered and blocked by port filtering, but application permission will be able to reveal in-depth threats.
How to Choose a Firewall
What can it prevent?
The first thing to consider when choosing a firewall is the reliability of the protection. Cyber-attacks occur in a variety of ways, such as against website information and server system. This is why establishing a security system that properly prevents attacks corresponding to the protection needs becomes essential.
Some firewall specializes in analyzing data to detect threats, while others can apply custom filtering based on authorization profiles. We recommend experimenting with a variety of firewall tools to decide with a comprehensive understanding.
What type of protection does it apply?
Firewall tools can be categorized into two types, packet filtering, and application gateway. If possible, we recommend adopting both types of firewalls to apply for advanced protection with a layered architecture.
Although both packet filtering and application gateway firewalls specialize in blocking unauthorized network access from the internet, the area that each defense focuses differs. While packet filtering applies protections closer to the computer system, the application gateway will defend threats nearer to the internet. Therefore, users can gain stronger security by combining both areas of protection.
Cost of service and software
The price of security obtained by a firewall can vary anywhere from a few hundreds of dollars in low range to several ten thousand dollars for larger service. The price depends on many facts such as the size of the environment, performance and quality of the service, and type of defense strategy against cyber-attack patterns.
Usually, the higher the price result in stronger security measures. With the recent innovated cybersecurity services, corporations can obtain a quality security system with an appropriate price range.
When considering to improve security using firewall tools, it is important to check if the service provides system configuration and security consultant support. Some firewall service will assist by highlighting security issues through network analysis and establish customer support relationship to address problems in case of emergency.
Product reviews and statistics
Although public reviews do not always represent the actual quality of a product, it can be used as one of the measurements to understand other users' satisfaction. Reading through the reviews and comments can help you comprehensively learn the product.
Understanding the product statistics such as sales volume and associated clients can also give perspectives from different viewpoints. We recommend doing in-depth research to compare the overall reliability of multiple firewall tools.