What is a firewall?
A firewall is a network security device which monitors and controls incoming and outgoing network traffic. They behave as a digital gatekeeper, determining which data packets are allowed through and which are blocked, based on a defined set of security rules.
Firewalls provide a protective barrier between trusted internal networks and untrusted external networks, such as the internet. This makes them a crucial first line of defence against cyber threats, helping to prevent unauthorised access, data breaches, and malicious activity.
How do firewalls work?
Firewalls work by analysing network traffic and applying security rules to determine whether to allow or block specific data packets. These rules can be based on factors such as IP addresses, domain name, port number, or application type.
For example, a firewall can be configured to block all inbound traffic except for certain ports used by authorised services, such as HTTPS. Modern firewalls also use threat intelligence and behavioural analysis to detect and stop sophisticated attacks in real time.
By segmenting networks and controlling data flow, firewalls limit the potential attack surface and reduce the risk of cyber intrusions spreading through your organisation’s system.
Physical/virtual appliance vs operating systems
Physical/virtual appliance firewalls
These firewalls are physical or virtual systems placed between your internal network and the internet. They filter all network traffic entering and leaving your organisation, blocking unwanted connections before they reach individual devices or networks. These firewalls can protect an entire office network, making it a cost-effective and efficient way to manage network-wide security.
Operating system firewalls
Operating system firewalls are installed directly on individual devices. They provide protection at the device level, preventing unauthorised applications or external connections from accessing the system. Operating system firewalls are particularly effective for remote workers or mobile devices which operate outside of the corporate network.
Types of firewalls
Firewalls operate on different layers of the OSI model, from basic packet inspection to advanced traffic analysis. Each type offers varying levels of security, visibility, and performance.
Packet-filtering firewalls
Packet-filtering firewalls are the simplest type, inspecting network packets based on information such as IP addresses, ports, and protocols. They enforce basic rules to allow or block traffic but do not analyse packet contents. This makes them fast and efficient, though limited in their ability to detect complex or application-level threats. They are best when used in smaller networks or as part of a multi-layered defence strategy.
Circuit-level gateways
Circuit-level gateways operate at the session layer of the OSI model, verifying how legitimate the connections are before data is exchanged. Instead of inspecting individual packets, they establish and monitor TCP handshakes – which ensure that sessions are valid and secure. Once a trusted session is established, the firewall allows ongoing communication without further inspection of packets. This approach offers improved performance over deeper inspection methods, as fewer resources are required once a connection is approved. On the other hand, as circuit-level gateways do not analyse packet content, they cannot detect malicious payloads within established sessions. They are commonly used alongside other firewall types to give efficient session-level security.
Stateful inspection firewalls
Stateful firewalls improve on basic firewalls by tracking active connections and verifying that packets form part of a legitimate session. This awareness provides stronger protection against unauthorised traffic and common network attacks. However, as they mainly operate at the network and transport layers, they still lack deep visibility into application data. Stateful inspection is still a standard in most environments due its balance of security and performance.
Application-level gateways (proxy firewalls)
Operating at the application layer, proxy firewalls act as intermediaries between users and the services they access. They inspect both packet headers and payloads, allowing granular control over specific applications, commands, or content. This deep inspection enhances security but can increase latency and requires more processing power. Proxy firewalls are often deployed in environments handling sensitive data, where detailed control over application traffic is essential.
Next-generation firewalls (NGFWs)
Next-generation firewalls combine stateful inspection with advanced features such as deep packet inspection (DPI), intrusion prevention (IPS), SSL/TLS decryption, and application awareness. They can identify and control traffic by user, application, or content, even when encrypted or using non-standard ports. NGFWs integrate threat intelligence and real-time analytics, providing protection against modern cyber threats. They are now considered the industry standard for enterprise and cloud network security.
Web application firewalls (WAFs)
Web application firewalls are specialised tools which protect websites and web applications from application-layer attacks such as SQL injection, cross-site scripting (XSS), and file inclusion. They monitor and filter HTTP and HTTPS traffic, ensuring only legitimate requests reach the server. WAFs are vital for organisations delivering online services, helping prevent data breaches and downtime, although they must be carefully configured to balance security and usability.
Firewalls as part of managed infrastructure
As cyber threats become increasingly sophisticated, managing firewalls effectively requires continuous monitoring, regular updates, and expert configuration. Working with a managed service provider (MSP) ensures your firewalls are optimised for performance and protection.
A managed firewall service provides:
- 24/7/365 monitoring and threat detection
- Ongoing policy updates and maintenance
- Performance tuning for network efficiency
- Rapid response to potential incidents
These qualities provide your business with best-in-class protection without the necessity of internal day-to-day management, helping you maintain a secure, reliable, and compliant IT environment.
At Hyve, we design and manage secure network solutions which include advanced firewalls tailored to your business requirements. Our experts help you build a resilient infrastructure which protects your data and ensures you meet and exceed your goals.
If you would like to speak to one of our experts, get in touch through our contact form.
