 DEFINITIONS INSIGHTS REFERENCE TOPICS

Type to search term  Search

 HOME / DEFINITIONS / FIREWALL

Related Articles
Firewall How Powerline Networking

Last Updated May 28, 2021 9:28 am Works

By Vangie Beal INSIGHTS

How To Match Fonts With

 Share
 Personality? Part 2: Font
Basics
A rewall is a division between a private network and an outer network, often the internet, that manages
INSIGHTS
traf c passing between the two networks. It’s implemented through either hardware or software. Firewalls
allow, limit, and block network traf c based on precon gured rules in the hardware or software, analyzing
JNI
data packets that request entry to the network. In addition to limiting access to computers and networks, a
rewall is also useful for allowing remote access to a private network through secure authentication DEFINITIONS

certi cates and logins.

MAE
Firewalls are both networking and security technology. They are often considered the bare minimum and
DEFINITIONS
standard for network security. However, they are not the only measure an enterprise takes to secure their
network. This rewall analysis describes both the bene ts of rewalls and their weaknesses.

In this de nition...
History of rewalls
Hardware vs. software rewalls
Types of rewalls
The decline of rewalls and the rise of zero trust and XDR
Top next-generation rewall vendors
National rewalls and the Great Firewall of China

History of rewalls
The term “ rewall” initially referred to a physical protective barrier from actual re, in a city, between
buildings, or even in large transportation like trains. The term rst appeared in the 1983 lm War Games in
reference to technology, before it was used on computer networks. Some researchers believe that’s where
the networking term originated.

Firewalls began as a physical, hardware entry point to networks, blocking unauthorized traf c and permitting
data packets that belonged. A rewall’s policy demarcated the rules by which it allowed or denied traf c. As
cybersecurity threats developed in sophistication, rewalls shifted to more careful traf c monitoring. Now,
some rewalls deny or allow entry requests based on previous network traf c patterns.

Hardware vs. software rewalls

Hardware can be implemented as hardware, software, or both. While both are valuable, they serve different
purposes.

A hardware rewall protects your entire network from the external environment with a single physical device.
While a stand-alone product can be purchased, most hardware rewall devices are installed between the
computer network and the internet. This device monitors packets of data as they are transmitted and then
blocks or transfers the data according to prede ned rules. Hardware rewalls require advanced IT knowledge
to install and dedicated management and monitoring afterwards. Because of this hardware rewalls are
typically used by larger businesses where security is a big concern.

A software rewall is installed on a user’s computer and protects that single device. This provides internal
protection to a network. It’s customizable, allowing users some control over its function and protection
features, such as being able to block access to certain websites on the network. Because software rewalls
are easier to install, they are used by many home and small business users.

A rewall can also be a component of a computer’s operating system (OS). For example, any Windows OS
newer than XP includes Windows Firewall, a free software rewall. It noti es users of any suspicious activity
and detects and blocks viruses, worms, and hackers.

Types of rewalls
There are many types of rewalls, and some overlap with others in the ways that they analyze, permit, or
reject network traf c. They range from basic private network protection to enterprise-grade packet inspection
and threat intelligence.

Packet ltering rewalls, one of the original rewalls, are more simple and less expensive than other
rewalls. They perform basic data packet ltering, analyzing IP and port addresses to determine whether the
packets can pass. This ltering is based on user-de ned con guration. Packet ltering is fairly effective and
transparent to users, but it is dif cult to con gure. In addition, it is susceptible to IP spoo ng.

Proxy rewalls serve as the gateway from one network to another for a speci c application. They create a
new network session based on the information on the initial request, almost an imitation. This makes it more
dif cult for attackers to understand data from the transmission. Proxy rewalls only inspect Internet traf c
from speci c protocols. Proxy servers can provide additional functionality by preventing direct connections
from outside the network.

Network address translation (NAT) rewalls allow multiple devices with independent network addresses to
connect to the internet with a single IP address, allowing individuals’ private IP addresses to remain hidden.
NAT rewalls are similar to proxy rewalls in that they act as an intermediary between a group of computers
and outside traf c.

Cloud rewalls (or cloud-based rewalls) are available through the web rather than being installed directly
between two networks on hardware. They’re exible, and users can pass through the rewall and access the
network from any location with internet access. Some cloud rewalls are intended for a small private
network. Enterprise-grade cloud rewalls are often implemented at the network perimeter of cloud
infrastructure.

Stateful inspection rewalls permit or drop packets based on the state of an attempted network connection.
Bits in the packet (or network connection) label its state, and the rewall analyzes details about the
attempted connection, such as the address it comes from or its size. Stateful inspection rewalls perform
more detailed packet inspection than other rewalls, which is useful for better preventing malicious traf c.
But they can also be slower, because the inspection takes more time.

Uni ed threat management (UTM) rewalls are less a type of rewall than a larger security solution.
Firewalls are just one feature of UTM. Uni ed threat management may also include machine learning for
better threat intelligence, endpoint security, and intrusion prevention systems, which recognize attackers’
patterns.

Network segmentation rewalls limit access between areas of one private network. These can also be
understood as sub- rewalls for a sub-network (subnet). They can be a good method of containing network
traf c and limiting breaches, but they’re dif cult to set up and expensive as well.

Next-generation rewalls (NGFW) are currently being used by enterprises to provide better network
security. They are typically a comprehensive perimeter solution, providing additional security and monitoring
features. These features differ by vendor, but they can include deep packet inspection, UTM, IPS, threat
intelligence, and machine learning capabilities. More on next-gen rewalls will come later.

The decline of rewalls and the rise of zero trust and XDR
Firewalls aren’t disappearing anytime soon because they’re still a staple of network security. However,
enterprises are recognizing them as inadequate for protecting an entire network. Even next-generation
rewalls won’t be fully effective if one attacker slips through their uni ed threat management and deep-
packet inspection. Put simply, rewalls no longer compete with a full arsenal of security tools, because they
don’t address every threat that networks face.

This is because legacy security systems don’t allow for threats within the network. Assuming that a rewall
will successfully defend the metaphorical castle doesn’t defend its inner segments once a hacker digs a
tunnel under the moat. This is where zero trust and microsegmentation play a role.

Zero trust architectures simply operate on the assumption that no one within a network should be
automatically trusted. This means that not only does the network have a rewall, but it also has multiple
authentication protocols at the application level within the private network. Users aren’t allowed into just any
network application; they have to provide legitimate credentials, often managed by two-factor
authentication, before they can enter.

Microsegmentation divides the aforementioned network into sections called protect surfaces. Protect
surfaces are simply places, like an application or a database or a high-level account, that need to be protected.
Each protect surface has its own requirements that must be met before a user can access it. This prevents an
attacker from being able to access all company resources after making it through the rewall.

Another approach to network security is extended detection and response (XDR), which centralizes and
combines cybersecurity efforts within a network. Rather than deploying ve different software solutions for
IDPS, SIEM, EDR, rewalls, and encryption, for example, businesses use a uni ed system. Firewalls are less
effective when they don’t have a way to communicate with other security systems. But if all security
solutions are connected, enterprises will be better prepared to protect their databases, applications, and
sensitive data.

Top next-generation rewall vendors

As next-gen rewalls become a necessity for many enterprises, security providers have enhanced their
product offerings. Many vendors offer next-gen rewalls, but these are six of the best, reviewed by technology
analyst Gartner and ranked on their Magic Quadrant:

Palo Alto, widely considered the top of the eld, is a nine-time Magic Quadrant Leader at this time of
writing. Its next-gen rewall emphasizes the cloud, and though the product is expensive, it’s one of the best
available.

Check Point Software, also a MQ Leader, offers intrusion prevention systems and monitoring in its next-gen
rewall, among other features. Check Point has been a consistent player in the security eld, and its rewall
particularly stands out.

Cisco is aware of the need for zero trust, and it’s implemented some true next-generation features in its
rewall. Its NGFW offers network access control and traf c analysis. Cisco’s NGFW was a 2020 Gartner
Challenger in the Magic Quadrant.

Fortinet, the third MQ Leader, implements machine learning in its NGFW. The rewall provides enterprises
with incredibly high security and high performance.

Juniper Networks, ranked a Challenger by Gartner, offers UTM and intrusion prevention systems. Customers
have reported that implementing Juniper’s NGFW is a very easy and smooth process.

Sophos’ XG Firewall is its next-gen offering. Gartner ranked it a Visionary for 2020. Sophos employs XDR
and machine learning in its rewall, providing protection and analysis for cloud environments.

Other rewall vendors

Bitdefender Total Security

Avast Premium Security

Norton 360 Deluxe

Panda Dome Essential

Webroot AntiVirus

ZoneAlarm

GlassWire

Comodo Firewall

TinyWall

Windows Defender

National rewalls and the Great Firewall of China

Firewalls don’t just exist for the protection of internet sessions or sensitive personal or enterprise data. In
highly restrictive nations, they can also block educational or informational content, limiting internet users’
access to IP addresses that aren’t approved by the government. China’s “Great Firewall” is the prime example:
a nation-wide rewall composed of multiple layers and managed by government IT personnel.

The rewall uses IP address blocking as well as DNS cache poisoning to redirect IP requests if they are for
blocked websites or keywords. In China, most VPN providers are also blocked, and citizens must use a
government-approved one, which doesn’t give them much exibility to use the internet. China’s restrictive
network control allows the government to closely monitor and manage the content that its citizens see.

UPDATED: This article was updated April 2, 2021 for Web Webster.

Vangie Beal

Vangie Beal is a freelance business and technology writer covering Internet

technologies and online business since the late '90s.

Related DEFINITIONS DEFINITIONS DEFINITIONS

Articles Bitcoin halving P2P VPN ScalaHosting

What is the Bitcoin halving? The P2P VPN meaning: what’s a ScalaHosting is a leading
Bitcoin halving is an event on peer-to-peer VPN? A P2P VPN is managed hosting provider that
the Bitcoin protocol, in which… a type of Virtual Private Networ… offers secure, scalable, and…

Read more Read more Read more

 

 Menu
Webopedia, your online tech resource, simpli es complex IT
DEFINITIONS
and computer science concepts through easily digestible
de nitions, guides, and reviews. Our goal is to bridge the INSIGHTS
knowledge gap by connecting curious minds with the right
resources, regardless of their technical background. REFERENCE

TOPICS
   SITEMAP

PRIVACY POLICY CONTACT ABOUT US

Property of Find.co
© 2024 Webopedia. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which Webopedia receives compensation. This compensation may impact how and where products appear on
this site including, for example, the order in which they appear. Webopedia does not include all companies or all types of products available in the marketplace.
By using webopedia.com you consent to our privacy & cookie policy. Continue