Firewalls are systems designed to prevent unauthorised access from third parties (eg. hackers or malicious software -malware, that may try to cause harm) into private networks, which works by filtering information. A firewall basically blocks unwanted traffic and allows wanted traffic.
Firewalls are especially important to organisations with several devices, machinery, and other systems connected to the internet. Managers do not want all those devices to be accessible to anyone that can disrupt processes, steal information and cause harm. Therefore, firewalls constitute basic systems that need to be considered in every Cyber security implementation project for any organization.
We can compare the way firewalls used in computer networks work analogically to those of a physical building. A firewall in a building structure provides a barrier so that in the event of an actual fire on either side of a building, the firewall keeps it contained and from spreading over to the other side. A network firewall stops the harmful activity and contains it before it can spread into private networks.
For this to happen, firewalls filter the incoming data and determine by a set of pre-established rules and algorithms if it is safe to let that access request enter a network. In basic firewall systems, these rules are also known as access control lists (ACLs), which are customizable and determined by network administrators. ACLs alone are used mainly in packet filtering firewalls, which are quick and convenient. However, this firewall type is superficial in nature and can be manipulated by hackers who can make packet headers look safe, thus deceiving the filter.
Some rules this type of firewalls use include types of ports, domain names, communication protocols, programs, IP addresses and keywords. As a very simple example, in the diagram below we show some rules in the ACL of a stateless-type firewall, determined by Port types that allow or deny access. As seen, traffic incoming from Port 25 is not allowed to enter the network, but traffic from Port 80 has been granted.
Source: Lanner
Stateless firewalls are very old and obsolete. One of their flaws is that malware has evolved to be able to look for other entrances to private networks, which make this type of blocking systems ineffective. Nowadays, specific firewalls offer at least some basic level of stateful monitoring (context-aware filtering).
Other sorts of firewalls and cyber security architectures are as shown below. These have diverse uses, which depend on your production processes and security policies. Four main types are:
Proxy-based firewalls
These act as a gateway between end-users who demand data and its source. Host devices connect to the proxy, and the proxy connects separately to the source. In reaction, source devices connect to the proxy, and the proxy connects separately to the host device. Before granting packets access, the proxy filters them to apply policies rules and mask the location of the recipient’s device, protecting the recipient’s network and device.
A big downside of proxy-based firewalls is that the internal processes cause delays that can reduce communication performance.
Stateful firewalls
This type of firewall traces the information about connections and make it unnecessary for the firewall to examine every packet, reducing the delay significantly. These firewalls can forego inspecting inbound packets identified as responses to legitimate outbound connections already checked.
Web application firewalls
These sit between web applications servers and the internet, defending them from HTML attacks such as SQL injection, cross-site scripting, and others. They can be cloud-based or on-premise (hardware-based), or they can be implemented into applications themselves.
Next-generation firewalls (NGFW)
NGFWs can filter Packets by using more than the source and state of connections, and the destination addresses. They include rules for what users and individual apps can do. These also mix in data gathered from other sources to make better-informed decisions about traffic filtering.
To learn more about Firewalls go to https://www.paloaltonetworks.com/resources
This article will be further expanded with more information on Industrial Networks. Subscribe to our IIoT Newsletter and keep up to date!