What is a firewall, how does it work and why is it important?
Have you ever traveled by plane? It’s certainly an incredible experience, though you certainly will recall one of the more classic moments of the entire process: security screening. Before making it into the tranquility of the boarding lounge, all passengers first pass through a check. Scanners are used to make sure you’re not carrying any dangerous items and your baggage is scrutinized to check for products prohibited on board flights. Ok, the whole process may be a little annoying, but it is crucial to ensuring everyone’s safety!
And don’t be fooled; there is nothing random about these checks. They are regulated by a series of rules established by international aviation bodies and, in the case of Brazil, the body in charge of deciding what you “may or may not” is ANAC, the National Civil Aviation Agency. And the same is true for your trip back home, when you’re subjected to another check.
By now, you must be wondering what any of this has to do with information security. Here’s the thing. Using a really simple analogy, we’ve just pretty much explained what a firewall is, how it works and what it’s for! Basically, this security tool analyzes all the traffic coming in and out of your computer, allowing or blocking the exchange of information based on a set of predefined rules.
It’s an old defense mechanism that continues evolving and which has remained highly relevant in protecting end-user computers (which, in IT terms, we would call the endpoint) from external threats online.
Those on the outside want in, but those on the inside...
A firewall is a software or appliance (a combination of hardware with its own software built with a specific purpose in mind) that prevents malicious packages from trafficking in your network or computer. The comparison to an inspector or guard is certainly not an exaggeration, as a firewall decides what may or may not pass according to a set of rules defined in advance by an administrator.
Remember that browsing the internet involves little else than connecting to other computers spread across the world wide web. By establishing a connection, you begin to download and send data. Some inbound data may be malicious and some outbound data (through spyware, for example) should never have left your device. A good firewall ensures strict control of this traffic, blocking any dangerous files and preventing sensitive data from leaving your computer and being stolen by someone.
To give you an idea, the first firewalls were created back in the 1980s, when the idea of the Internet still sounded a little crazy and computer networks were really only popular for military use or academic purposes. Since then, things have certainly changed, as this type of solution has been accompanied by new trends in cybercrime while continuing to evolve to fulfill its purpose with the same efficiency.
Old, but always up to date!
There are loads of firewalls out there, with several methods for filtering this traffic. An old favorite is packet filtering, whereby the solution analyzes outgoing and incoming packets via the internet, including the IP address, type of service and size, among other data. According to a configured policy, it may halt or allow packets to pass. Firewalls are often also used to prevent staff from accessing unsuitable websites in the workplace; all it requires is a simple setting.
Nowadays, we’re already seeing the likes of next-generation firewalls (NGFW). As the name suggests, we’re talking about solutions that employ advanced resources and also inspect the application layer, while also capable of employing TLS/SSL encrypted traffic inspection, website filtering, detecting threats thanks to an embedded antivirus, creating automated browsing and risk detection logs, and so on.
For end-users, it’s worth remembering that most current operating systems come factory-equipped with a simple, yet effective, firewall. When it comes to application in the corporate environment, it’s up to the cyber security or IT department to set and maintain a firewall, in accordance with the requirements of the configured policy laid out in the Information Security Policy.