A firewall blocks network communication by looking at the address and protocol information contained within the packets. As the packet arrives at the firewall, the address and protocol information are checked against the rules programmed into the firewall. These rules can either be supplied by the vendor or created by the administrator. If there is a rule that is ‘broken’ then the firewall will discard the packet, disallowing it onto the network.
Personal firewalls are a necessity on all devices, especially for people who use portable computers and connect to many different networks. Some of these networks could be compromised, therefore a personal firewall adds a layer of protection between the personal data and the untrustworthy network. Personal firewalls can only protect the device that it is installed on;
A network firewall is utilised to protect the network from unauthorised access. A network firewall is often incorporated into the router or a dedicated hardware firewall can be used to protect the network. Both a network and software firewall should be utilised to reduce the risk of common threats.
The two main types of firewalls are:
Stateless Inspection: Both incoming and outgoing traffic is analysed and, based on the information in the header (such as source and destination) the firewall allows the packets on the network or blocks them.
Stateful Inspection: Unlike Stateless Inspection, Stateful Inspection will keep records of communication channels, remembering where each packet comes from, ensuring that only packets matching a known active connection can pass through the firewall.
There are benefits and drawbacks to each, Stateless firewalls tend to have better performance than Stateful, especially under heavier load. However, Stateful firewalls tend to be more effective at identifying and blocking unauthorised communications, but sacrifice performance as a result of the more intensive packet analysis that is required.