You may have a basic idea that firewalls act as protective gateways, helping to ensure the security of internet traffic. But what they really do — and how — might still be a mystery. This article will walk you through the specifics of how firewalls shield networks, why they’re used, and the different types available. Then, get award-winning security software with a powerful built-in firewall to help stop malicious traffic, block hacking attempts, and protect your device.
A firewall is a hardware- or software-based network security device that monitors, scans, and filters incoming and outgoing web traffic based on a set of established security rules and protocols. Firewalls act as gateways between internal and external networks, helping to prevent the spread of malware, block hacking attempts, and protect against other online threats.
The term “firewall” comes from the kinds of walls in buildings that contain and prevent fires from spreading. Likewise, as the first line of network cybersecurity defense, internet firewalls are barriers or choke points that help funnel and inspect web traffic using a specific set of programmed parameters before allowing it to proceed into a network.
Here are the different ways firewalls are used and managed within networks:
Hardware-based firewallsHardware-based firewalls are physical devices that act like guards for your network. They inspect all incoming internet traffic by checking the IP addresses involved. If the firewall detects traffic coming from or going to known dangerous or suspicious web addresses, they block it. That can help stop different types of hackers from gaining unauthorized access.
These types of firewalls contain special software that creates a protective barrier between your local network and the wider internet. Some hardware-based firewalls can even block unused USB ports to help prevent misuse, like data being copied off your system without you knowing.
Software-based firewallsSoftware-based firewalls work much like their hardware-based counterparts, but they don't require any dedicated physical equipment. Instead, they are programs that run digitally on network devices or computers.
Many devices running Microsoft Windows or macOS come with pre-installed firewalls. You can also install software-based firewalls across servers, offering online protection for an entire network.
Cloud-based firewalls (FWaaS)Cloud-based firewalls, or Firewall-as-a-Service (FWaaS), are software-based firewalls hosted on the cloud rather than local devices. This setup lets them provide cloud security for cloud-based assets by filtering and restricting harmful internet traffic. Cloud-based firewalls are more scalable than hardware and traditional software-based firewalls, making it easy to add or remove users and servers.
In addition to protecting cloud assets, cloud-based firewalls can safeguard servers and remote work devices. They do this by using cloud-based applications to monitor traffic and block attacks, providing protection across various environments.
Firewalls are vital for safeguarding network infrastructure because they provide a first line of defense against online threats. By monitoring and controlling incoming and outgoing network traffic, firewalls help shield devices and data from malicious internet traffic and hacking attempts.
Without firewall protection, individuals and organizations are more vulnerable to the following threats.
Data breaches: Hackers attempt to steal sensitive data — for example, by using sniffers.
Malware threats: Malicious software (like viruses) designed to cause damage, steal data, or gain unauthorized access.
Identity theft: Theft of sensitive personal information or financial data.
DDoS attacks: Deliberate, malicious attempts to overwhelm servers or networks and disrupt the normal operations of an organization or network.
Computer exploits: Weak points in a computer or network that allow a cybercriminal to gain unauthorized access to steal data, spread malware, or pursue other nefarious ends.
Insider threats: Employees or internal personnel who cause unintentional or intentional insider breaches.
A firewall works by monitoring internet traffic attempting to enter or exit a computer or network through ports, which are the points where data packets are transferred and communication flows. Acting as a gateway, a firewall secures networks and devices by filtering out potentially harmful, suspicious, or questionable traffic while allowing trusted communications to pass through.
Firewalls monitor incoming and outgoing traffic to help keep networks secure.
This process involves checking incoming data packets against predefined security rules. These rules include factors such as the source and destination of the information, packet content, and what type of internet protocols (TCP/IP, ICMP, HTTP, DNS, and UDP) are used.
The firewall uses these rules to check whether incoming or outgoing data meets the established criteria. If the data fails to meet the criteria, the firewall blocks it from entering or leaving the device or network.
Firewalls have unique capabilities and security features and are configured to work within various layers of the Open Systems Interconnection (OSI) model. The OSI model is a standardized framework that outlines how data is transmitted across a network to help different computer systems talk to each other.
The OSI model divides its communication system into seven layers, each stacked on the previous layer. Every layer fulfills a unique role within this communication stack, and each layer communicates with its neighboring layers. Firewalls within the application layer (Layer 7) are considered the most advanced, because they control how information reaches end users.
Here’s a closer look at the seven layers of a firewall:
The Physical Layer: Involves the hardware that transfers data — such as switches, routers, and cables — to convert it into a simple encoding format so all devices can accurately interpret the digital information.
The Data Link Layer: Coordinates data transfer between two devices using the same network. Data packets are dismantled into smaller pieces called frames while handling flow control and error detection and correction.
The Network Layer: Enables data transfer while two different networks are talking to each other — it chooses the most optimal physical data pathway required and is crucial for connecting devices that aren’t on the same local network.
The Transport Layer: Handles end-to-end communication between devices talking to each other. It breaks data into smaller pieces for transmission and is responsible for data reassembly, flow control, and error checking on the receiving end.
The Session Layer: Looks after the opening, maintaining, and closing of network communication between two devices and synchronizes data transfer. In the event of disruption, it uses checkpoints in data transfers to resume sessions from the last point.
The Presentation Layer: Responsible for preparing data for the application layer by translating, encrypting/decrypting, or compressing it. Also known as the translation layer, it ensures data from different systems can be understood and secured.
The Application Layer: Closest to the end-user and in charge of initiating communication between the user and the software applications they're using, like email and web browsers. The data is translated and converted into a syntax the user can read.
The main types of firewalls are packet filtering firewalls, stateful inspection firewalls, application level gateways, circuit-level gateways, unified threat management firewalls, next-generation firewalls, cloud-native firewalls, and network address translation firewalls.
Let's look at the different types of firewalls and where they fit into the OSI layers.
Packet filtering firewalls work at the Network Layer (Layer 3) and examine data packets from a network's entry points. Each packet is assessed using predefined rules, such as TCP/IP, UDP, and ICMP, including the destination port in use, the type of packet, and the destination IP address.
This data signals where the communication came from, who the sender is, and whether it's safe. The packets that meet these protocols can pass through; those that don't are blocked.
Packet filtering firewalls analyze data packets to determine their safety.
Stateful inspection firewalls, also known as dynamic packet filtering firewalls, monitor regular connections and remember them for later use. This type of firewall primarily operates at the Transport Layer (Layer 4). It also permits or blocks traffic based on technical properties, such as specific packet protocols, IP addresses, or ports.
These firewalls are unique in that they track and filter connections based on their state using a state table. They revise filtering rules based on past connection events logged in the state table, letting them make more informed decisions when allowing or blocking traffic.
Application-level gateways, also known as proxy firewalls, monitor and respond to threats to safeguard app and program security. This type of firewall oversees how messages are filtered and how data exchanges flow at the Application Layer (Layer 7).
Proxy firewalls function as gateways between users and programs and the public internet. Incoming and outgoing traffic passes through the gateway and is scanned to determine whether it’s malicious or suspicious.
Circuit-level gateway firewalls operate primarily at the Session Layer (Layer 5), managing and validating TCP/UDP sessions. They establish a connection or “virtual circuit” after confirming that the session initiation adheres to predefined security rules. Once established, these firewalls allow traffic to flow between trusted hosts without each packet needing to be inspected.
This approach is designed to enhance performance but the downside is that circuit-level gateway firewalls leave connections unmonitored, which can present some risk — for example, an open connection could allow a malicious actor to quietly gain unauthorized access.
Unified threat management (UTM) firewalls are security features integrated within a network appliance or security gateway. These devices function across various OSI layers but are mostly associated with the Network Layer (Layer 3). They include several security features, including antivirus, content filtering, email and web filtering, anti-spam, and more.
With UTM firewalls, companies can easily consolidate their IT security services into a single appliance, drastically simplifying their organization's online protection. This feature makes monitoring incoming threats and suspicious activity possible, thanks to a single window that provides simplified visibility into all elements of a security or wireless architecture.
Next-generation firewalls (NGFWs) blend packet inspection with specific security controls provided by stateful firewalls. They then add other unique capabilities, such as encrypted traffic inspection, which allows them to analyze encrypted data and detect hidden malicious activities.
NGFWs work on different levels of network operations — most notably at the Network Layer (Layer 3), the Transport Layer (Layer 4), and the Application Layer (Layer 7). The ability to operate at the Application Layer gives these firewalls greater control, which helps them protect against more modern and sophisticated threats.
A threat-focused NGFW is a more advanced NGFW that boasts enhanced threat intelligence, allowing it to counteract new and previously unencountered threats quickly. Their proactive approach makes them particularly valuable in protecting networks where threats are constantly evolving.
Modern cloud-native firewalls operate from the Network Layer (Layer 3) to the Application Layer (Layer 7). They provide network security for cloud environments and offer flexibility by being available within cloud regions and across a range of zones. They don’t require customer maintenance check-ins as they’re managed by the cloud provider.
Cloud-native firewalls are seen as a solid option for businesses looking to scale their cloud operations rapidly and securely.
Network address translation (NAT) doesn’t solely relate to a firewall but is a method used by routers to translate IP addresses between public (external) and private (internal) networks. NAT includes firewall capabilities that control traffic at the router level and safeguard private networks.
A private network can use internal, non-routable IP addresses that map to one or multiple public IP addresses, all with the help of NAT. That means a single public IP address can represent many computers within a private network at the same time, hiding the internal network configuration from the external world.
For home use, you should choose a router with built-in firewall features or install a software firewall that comes with antivirus protection, like AVG Free AntiVirus. Adding antivirus software into the mix is important to help detect and neutralize malware that might otherwise bypass a firewall, such as those involved in IP spoofing and botnet attacks. And using a VPN gives you an extra layer of privacy and hides your online activity.
Firewalls and antivirus software are separate, unique tools that serve distinct purposes. Although both cybersecurity software tools are complementary, they aren't the same. Antivirus software locates and eliminates viruses and other online threats, while firewalls act as secure gateways that inspect and filter out suspicious internet traffic trying to enter a private network.
But while firewalls and antivirus are two different things, some comprehensive cybersecurity apps such as AVG Free AntiVirus for PC combine both firewall and antivirus technology. AVG blocked an average of 4,500 attacks per minute in 2023 — download AVG Free AntiVirus now to give your device the strong protection it deserves.
As the internet became more accessible and widely used in the late 1980s, firewalls began to appear to address growing concerns around network security. Initially, these network monitoring systems focused on basic packet filtering, but over time they evolved into more sophisticated tools capable of deep packet inspection and advanced threat detection and prevention.
Here’s a brief breakdown of the history of network firewalls:
Late 1980s: The initial firewalls were simple packet filters, developed to combat the increase in network security threats. Circuit-level gateways soon followed, providing session-based filtering.
Early 1990s: With the internet growing rapidly, new firewall technology, like stateful inspection firewalls, was developed to help combat emerging threats. The concept of network address translation was also introduced in the early 90s and started being implemented on routers.
Mid 1990s: Application layer firewalls were created to operate at the Application Layer of the OSI model to help protect against attacks targeting application vulnerabilities.
Early 2000s: Unified threat management firewalls emerged to integrate multiple security functions into one device.
Late 2000s: Next-generation firewalls introduced more security features like deep packet inspection and advanced threat prevention techniques like sandboxing.
Late 2010s/2020s: With the rapid growth of cloud computing, cloud-native firewalls were developed to help secure cloud environments.
Firewalls are essential for protecting networks against online threats, but they’re not catch-all security shields that can defend against the wide range of today’s online threats. To help protect your device, use AVG Free AntiVirus — a comprehensive security suite that combines a firewall, robust antivirus software, and other security features including an email shield and phishing protection.
Privacy | Report vulnerability | Contact security | License agreements | Modern Slavery Statement | Cookies | Accessibility Statement | Do not sell my info | | All third party trademarks are the property of their respective owners.
