A firewall is a security system that protects a computer network or an individual computer from unwanted network access. More broadly, a firewall is also a sub-aspect of a security concept. Every firewall security system is based on a software component. Firewall software is designed to restrict network access based on the sender or destination and services used. It monitors the traffic passing through the firewall and decides whether or not to let certain network packets through based on set rules. In this way, it tries to prevent unauthorized network access.
Depending on where the firewall software is installed, a distinction is made between a personal firewall (also known as a desktop firewall) and an external firewall (also known as a network or hardware firewall). In contrast to the personal firewall, the software of an external firewall does not work on the system to be protected, but on a separate device that connects networks or network segments with each other and, thanks to the firewall software, simultaneously restricts access between the networks. In this case, “firewall” can also be used as a designation for the entire system (a device with the described function). Due to the design, there are major conceptual differences between the two types. The function of a firewall is not to detect attacks. It is only intended to implement rules for network communication. So-called IDS modules are responsible for detecting attacks, which are based on a firewall and can be part of the product. However, they are not part of the firewall module.
A firewall is used to prevent unwanted access to network services. It is based on the addresses of the communication partners (i.e. “who is allowed to access what”). As a rule, a firewall cannot prevent the exploitation of a vulnerability in the network service if the communication partner is allowed to access it.
When exploiting the return route, a firewall cannot protect against access to browser vulnerabilities if the communication partner can access the vulnerable areas of the program. Therefore, programs intended for network access should be kept up-to-date in order to close known security vulnerabilities there. Some firewalls offer filters that further restrict remote access to the network service being used, for example by filtering vulnerable ActiveX objects from web pages. The browser will then no longer be able to access (it will not display) such objects embedded in a web page, which at the same time means that it cannot be attacked via these objects. Alternatively, this behavior can also be achieved by configuring the browser you are using.
Depending on the type of firewall, a firewall can, in the best case, draw attention to the network access of secretly installed malware and sometimes even prevent its network access. However, such success is strongly dependent on the skill of the respective malware (see the limits of the personal firewall and the external firewall). Exploiting flaws in the operating system’s network implementation can fend off a firewall at its best.
The limitations of a firewall compared to its usefulness can be compared to the seat belt of an automobile, for which there are also scenarios in which it is unable to protect the driver. It makes sense to fasten the harness and at the same time drive carefully with the knowledge of your limits. An exception could be a seat belt that endangers the driver at the same time (in this case with reference to the Personal Firewall), which may lead to alternative solutions offering greater safety.
Only when it is known against which scenarios a certain level of security is to be achieved can one think about the way in which this is implemented. The creation of a security concept helps with this. Larger organizations usually have their own security policy in place for this purpose.
The firewall is one aspect of the security concept. Just as “fire protection” is a bundle of measures (and not just the smoke detector in the stairwell), this aspect can be a bundle of several measures, depending on the safety concept. The firewall can consist of several components, some of which power a DMZ, for example. Likewise, maintenance can be an integral part of the sub-aspect, as well as the evaluation of the logging of firewall components. Filtering techniques:
- Packet filter
- Stateful Packet Inspection
- Content filter
- Deep Packet Inspection