Firewalls or firewalls can be divided into two groups: the software firewall and the hardware firewall. Software firewall is a security software that is installed on a computer or server.
What is a firewall or firewall?
A firewall or firewall is software or hardware that encloses a network, such as a security fence, or computer systems and protects them from certain cyber threats. Firewall can be considered the first security barrier at the network entrance. Therefore, any data must first pass through the firewall before it can access your network from the Internet or other networks.
Figure 1. A firewall is a security barrier that protects the local network against cyber threats, widespread networks, and so on.
But how does a firewall detect what should and should not cross the network? For this purpose, the firewall checks the data packets, including the origin and destination of the packets, matches them with the set of rules defined for the network, and then determines whether the packet is allowed to pass.
Setting up a firewall can block harmful sites and prevent unauthorized access or viruses and other malware from accessing the network.
Firewalls (firewalls) are either software or hardware.
What is a software firewall?
Software firewall is software that is installed on a computer or server. One of the most popular software firewalls is the dedicated Windows operating system firewall, accessible from the Windows Security Settings page.
In addition, security software companies (Kaspersky, Panda, etc.) also produce their own firewalls, which usually have different versions.
Some are dedicate to PCs and others are design to be install on network servers and enterprise environments so that only one installation per server goes under the umbrella of security, otherwise they will be requiring for each computer connect to the network.
, Buying and installing a separate firewall will obviously be costly and costly to install on dozens or hundreds of computers.
Figure 2. The firewall of the Windows operating system is one of the most familiar software firewalls.
Some software firewalls can also monitor network outbound traffic in addition to monitoring network incoming traffic. In addition, software firewalls usually have more security options and settings and are more flexible.
The benefits of software firewalls
- Home software firewalls are usually cheap and some are even free. Professional and enterprise versions also have multi-user licenses, so they can cover all systems of a network.
- Installing and configuring regular versions of software firewalls is simple, and with just a few clicks you can set the required level of protection. But enterprise versions require more knowledge and expertise.
- Some software firewalls can monitor and refine network traffic, in addition to inbound traffic, and are superior to hardware firewalls.
- Software firewalls are more flexible. For example, using them can restrict access to certain applications on the network and thereby reduce the likelihood of some malware being compromised.
- Software firewalls, especially single-user versions, since they are install on a computer, are more portable, meaning the computer comes with a firewall wherever it goes. This feature is important for those who travel frequently with laptops.
Disadvantages of software firewall
- The software firewall uses resources (processors, memory, etc.) of the host system and may reduce its speed or performance.
- The more computers and systems available on the network, the higher the cost of purchasing software firewalls, since the use of single-firewall software firewalls in such networks is not financially or economically feasible, so a version that supports all systems must be purchased. While inexpensive or free firewalls usually don’t work well in sensitive, enterprise environments.
What is a hardware firewall?
A firewall is a standalone device hardware that has a dedicated processor, memory and operating system. Because many medium and large networks, servers and other network equipment are installed in a rack, some standalone hardware firewalls are designed to be installed in server racks and therefore have a standard size. Some hardware firewalls are also part of a network router rather than a standalone device.
In other words, some routers or network routers also have built-in hardware firewalls.
The hardware firewall sits at the network boundary between the router and the outside world (Internet or other networks) and is therefore the first defense barrier at the network entrance.
Any data must pass through the hardware firewall before it reaches the router and then the computers on the network.
Another advantage of the hardware firewall is that it hides the computer or the local area network from the outside world,
so that the external observer sees only one hardware device, rather than the network, that has an unfamiliar operating system (because the firewall operating system is saying to be proprietary).
This method of secrecy is called network address translation (NAT). Of course, this arrangement does not work against the entry of email viruses.
Figure 3. A sample of Cisco hardware firewalls
The advantages of a firewall
- The hardware firewall is one step ahead of the software firewall to defend the network because the software firewall is install on a computer or network server, but the hardware firewall is locating just before the router and right on the network boundary.
- A hardware firewall device can cover an entire network. This capability is very valuable and financially viable in centers with large computers.
- A standalone hardware firewall, such as a dedicate processor, memory and operating system and not install on another computer, is more efficient and faster than a software firewall.
- The hardware firewall is more resistant to malware, because its operating system differs from popular operating systems such as Windows, which is the target of hackers.
Disadvantages of Firewall (Hardware) Firewall
- It is difficult for newcomers to configure enterprise hardware firewalls.
- Hardware firewalls are not suitable for monitoring outgoing traffic.
Figure 4. An example of the Sophos hardware firewall
Important differences between the hardware firewall and the software firewall
The hardware firewall is the first defense barrier at the network entrance, and is superior to the software firewall because it monitors incoming traffic before it even reaches the network router. But the software firewall is installed on the computer or network server, and as a result, the incoming traffic is forwarded to the computer or network server before it is monitored.
In contrast, hardware firewalls are not suitable for monitoring outgoing network traffic, while some software firewalls also monitor outgoing traffic.
Of course, monitoring outbound traffic is not very common because it sometimes comes with challenges. For example, monitoring the outgoing traffic may disrupt the application software used in the network and disrupt the organization’s workflow. So the firewall configuration should be such that the workflow is not interrupted.
Inbound firewall and outbound firewall
The firewall setting to monitor incoming traffic is call the inbound firewall, and the firewall place to monitor outbound traffic is call the outbound firewall. Some firewalls can monitor both types of traffic.
By default, firewalls only monitor and refine network incoming traffic by default, as it is often assumed that the network is threatened from the outside and that cyber threats are externally inward.
If that is the case, monitoring the incoming traffic is enough to ensure network security. But sometimes in some networks (such as important enterprise networks) it is also necessary to monitor and refine the outgoing network traffic.
Imagine, a user knowingly or unknowingly requesting something from outside the network (outgoing traffic) in response to which malware or malicious software was sent to the network (incoming traffic);
(Inbound traffic) and now wants to send out organization data while outbound (outbound traffic).
So sometimes monitoring and refining outbound traffic is as important as monitoring incoming traffic.
As mentioned, software firewalls are commonly used to monitor network outgoing traffic. Software firewalls usually have a ready list of secure applications.
If an application not list on the firewall’s whitelist is allow, the firewall will ask you whether you want to allow that application to connect to the Internet or not.
Given what has been said, it is sometimes advisable to use both a software firewall and a hardware firewall to cover each of the other shortcomings.
Different firewall configurations
After the firewall is install, different configurations can usually be make. The firewall can be configured to monitor and refine network traffic based on a variety of criteria, including:
- IP Address Monitoring: A 32-bit IP address assigned to each web address. This 32-bit number is divided into four sections and each section is separated by a dot, eg: 18.104.22.168
- Content-base monitoring: The firewall can be place to only open certain websites on the network or block specific websites (eg social networks).
- Domain Name Monitoring: The firewall can be place to allow websites base on their domain names to be allow or not allow.
- Protocol-based monitoring: The firewall can determine how a user accesses an online service.
- Port-based monitoring: Network servers make their services available through ports that each have a specific number. For example, a web server might be set to port 80.
- Word-or-phrase monitoring: You can make the firewall sensitive to certain words or phrases to block websites containing those words and phrases.
- Behavior monitoring and changes: Firewalls can detect and prevent suspicious behavior. Sudden erasure of data or hacking attacks are suspicious behaviors.
The firewall is configure in various ways. Consulting an IT expert can help you decide which method is most effective. For example, one approach is to temporarily block everything and then allow permissions to be set one at a time.
The firewall is not enough
Despite their capabilities, firewalls are not always effective against any threat. Sometimes some security software and human considerations are needed to further enhance the security of the collection.
Firewalls cannot always protect the user from social engineering or spoofing attacks. For example, a hacker may act as a customer and gain company information by deceiving users. In such cases, firewalls usually do not work and email scanner software is more efficient.
firewalls cannot always prevent malware, viruses and worms from entering. Antivirus programs should also be helped to counteract antivirus software if malware can break through the firewall.
But even with these measures, network security cannot be fully guaranteed. So network users should be able to increase their knowledge of cyber security, as trained people are sometimes the best security barrier and the least knowledgeable are the biggest threats to their network.