Understanding Firewalls: Types, Uses, and Best Practices

/understanding-firewalls

Estimated reading time: 5 minutes

Firewalls Compared | Firewall Solutions | Security

Over the years, our security gurus at Web Experts have deployed various firewall solutions tailored to our client’s specific infrastructure, technology stack, traffic levels, and security needs. This experience has given us valuable insight into the pros, cons, and ideal use cases of different firewall products. Our goal is to demystify firewalls for you – exploring their functions, the main types, and best practices for implementation. Ready to lift the veil on firewalls? Let’s get started!

Understanding Firewalls – The Basics

A firewall is a network security tool that monitors incoming and outgoing traffic based on a set of configurable rules. Firewalls act as a gatekeeper between internal and external networks, evaluating traffic against pre-defined policies to filter out bad traffic while allowing good traffic to pass through.

• Filtering traffic – Firewalls allow or block traffic based on source, destination, protocol, application, and more. This helps prevent unwanted or malicious traffic from entering or exiting a network.
• Obscuring internal networks – Firewalls hide the IP addresses and other details of private networks to make it harder for attackers to directly target resources.
• Blocking unwanted content – Many firewalls offer web filtering to block access to inappropriate, dangerous, or productivity-draining websites and applications.

At a high level, a firewall acts as a gatekeeper between your internal network and external networks like the Internet. It analyzes traffic against your ruleset and takes appropriate actions to allow safe communication while blocking questionable traffic. Firewalls can be hardware devices, software firewalls built into operating systems, or cloud-based firewall services offered by hosting providers. They use inspection methods like stateful packet inspection to distinguish valid traffic from suspicious patterns.

Major Types of Firewalls

An important step in understanding firewalls is knowing the type or category of firewall. There are several major categories of firewalls, each with their own strengths and use cases:

• Packet Filtering Firewalls – Packet filtering firewalls examine the header of network packets to make allow/deny decisions based on source IP address, destination IP address, protocol, and more. They operate at the network layer (layer 3 of the OSI model). Packet filtering firewalls are fast and simple to configure, making them a popular choice for basic filtering tasks. However, they cannot inspect packet contents at the application layer.
• Stateful Inspection Firewalls – They maintain records of all connections passing through them and use this context to make more informed allow/deny decisions. For example, if a packet is part of an existing authorized connection, it is allowed through rather than evaluated against rules again. Stateful firewalls provide a major security advantage by adding connection context. However, the tradeoff is added complexity and reduced performance compared to basic packet filters.
• Proxy Firewalls – A proxy firewall acts as an intermediary for network traffic, accepting connections on behalf of the recipient. The proxy evaluates traffic before passing it on to the inside network. Because all traffic must pass through the proxy, advanced analysis and policy enforcement can be applied. However, proxies can impact performance, especially for protocols not optimized for proxies.
• Next-Generation Firewalls (NGFWs) -NGFWs combine traditional firewall capabilities with other advanced features like application awareness, deep packet inspection, intrusion detection/prevention, and more. This provides a single integrated security solution rather than chaining multiple products. NGFWs aim to address the limitations of traditional firewall approaches. However, they are more complex and can be expensive solutions.

Understanding Firewall Uses

The next step in understanding firewalls, after we know the type of firewall we want to implement, is to know the how we intend to use the firewall. Let’s go over some of the more commonly used and some best practices to follow:

Firewalls for Web Applications -Web applications have unique firewall needs, especially if accessible from the public internet. Web application firewalls (WAFs) provide advanced features tailored to HTTP/HTTPS traffic. For public web apps, always use a WAF to protect against injection attacks, cross-site scripting, DDoS, bot traffic, and application exploits. Disable unused HTTP methods. Use whitelisting of allowed sources/countries where possible.

Firewalls for Mobile Apps -Mobile apps can benefit from IP whitelisting to only allow traffic from your API servers. Ensure your mobile backend uses appropriate firewalls too. The IP addresses of mobile devices frequently change, so take care when whitelisting mobile IP ranges. Some firewalls can integrate with mobile device management.

Firewalls for WordPress Sites – WordPress sites are common targets for exploits. At minimum use a WAF. Limit incoming traffic to required ports only (HTTP/HTTPS). Block traffic from known malicious IP ranges. For best protection, also use a CDN with a WAF, implement IP whitelisting, and install a WordPress firewall plugin for added layers of security.

Firewalls for Kentico CMS Sites – Kentico itself offers some built-in firewall modules, but pair this with a dedicated WAF for enhanced security. Use Kentico’s web farms module to configure IP whitelisting and blacklisting. Enable Kentico’s Brute Force Attack Protection feature. Regularly update the CMS and installed modules/themes to avoid exploits for known vulnerabilities.

Final Thoughts on Firewalls

Firewalls remain a critical first line of defense for securing infrastructure. However, it’s important to remember that firewalls are just one piece of an effective security strategy.When implementing firewalls, be sure to take time to thoroughly review your network traffic patterns, data flows, and risk landscape. Choose firewall solutions that align to the specific needs of your infrastructure, technology stack, traffic volumes, and threat models.

Properly configuring firewall policies takes effort as well – rules should be calibrated to maximize protection while avoiding business disruption. Leverage features like intrusion detection and IP whitelisting as warranted. Also, combine firewalls with other complementary security tools as part of a defense-in-depth approach. Intrusion prevention systems, sandboxing, distributed denial of service (DDoS) mitigation, web application scanners, and more work hand-in-hand with firewalls to provide layered protection.

At Web Experts, our experienced security team takes a comprehensive approach to securing infrastructure. We assess risks, architect layered defenses tailored to client needs, and provide ongoing monitoring and management. Please reach out if you have any other questions or need assistance in securing your online product!