What is a Firewall?

A firewall is a security software and/or hardware system that monitors the incoming and outgoing traffic from your computer or network, and either allows or blocks those connections based on security rules. Most computers have a basic firewall system in place, such as Windows Defender Firewall, but for real network security, you should have a dedicated firewall device.

How Does a Firewall Work?

Firewalls monitor and analyze different types of incoming and outgoing connections on your network. The firewall will then filter this traffic based on the rules that have been set. For example, most properly-enabled firewalls will drop an incoming connection for Port 3389 from the Internet; this port is used for Windows Remote Desktop Protocol, and it should never be easily accessible from the public Internet!

A firewall may also be enabled to block certain IP addresses, IP ranges, or even entire countries. At DragonTech IT Services, we drop all connections from countries that we not do business in by default, and we also maintain a list of known malicious IP addresses that are blocked by default. This allows us to secure our customer websites and networks against many of the most common forms of cyber attacks.

Why Do I Need A Firewall?

If you do anything on the Internet, you need a firewall! Cyber attacks are on the rise, and cyber criminals will use any method they can to get a foothold into your systems, your computers, your network to steal or ransom your data. If you have a small business, a firewall is critical to the security of your business and your clients.

Untangle’s 2020 SMB IT Security Report reveals that while 75% of respondents said IT security is a priority, small businesses are particularly vulnerable to cyberattacks. To begin, the fact that they are a smaller business means they don’t have the same IT staff in place as large companies, or the large budgets required to shield them from the ever-increasing number of attacks. For example, in Untangle’s survey, 38% of SMBs have $1,000 or less allocated to their IT Security budget. Simply not having the resources available, and therefore less robust security, puts SMBs at a disadvantage to prevent and mitigate a cyberattack.

Small businesses are also often quick to downplay the risks of cyberattacks and adopt the “it can’t happen to me” mentality. According to a survey, 66% of small and medium business leaders don’t believe they are vulnerable to cyberattacks. This tendency to downplay threats happens even as small businesses increase their attack surfaces with the addition of remote and hybrid workers, using more apps and online systems, and adding more and more IoT devices to the network. This attitude also leads to lax security practices among them being weak passwords, ineffective mobile device policies, and not keeping up with cybersecurity threats.

Isn’t My Antivirus Enough?

Most consumer-grade antiviruses on the market do not protect against new threats. Antivirus software works on a signature basis, identifying files as malicious by checking them against known malware signatures. Even Advanced Endpoint Detection & Response software, such as Malwarebytes EDR or Sentinel One, primarily protect you from threats that are on your computer already. This software can fail in various ways, such as being misconfigured, not checking for the precise type of vulnerability, or just simply miss the threat detection altogether. In addition to that, devices on your network are usually trusted devices, and not all of them can be protected by antivirus or EDR.

A firewall stands as your first line of defense into your entire network, preventing hackers from gaining access or reporting unusual activity that will allow your IT Security team to find them and eliminate the threat. Without a properly configured firewall, it is possible for external users to gain access to your internal networks through a variety of ways, from taking advantage of services such as TeamViewer that may be running on your devices, to utilizing known vulnerabilities in popular applications or operating systems to gain network access. From that point, hackers can sit on your network and monitor your network traffic undetected.

Good firewalls can also protect your computers from utilizing malicious code that may have been missed by your antivirus or EDR software by inspecting the traffic coming out of your network. If it looks suspicious, the firewall will either flag it as unusual or drop the connection altogether! Having good network security is all about having multiple layers so that no single point of failure puts your business at risk. This applies to every aspect of Managed IT Services, not just having a firewall. At DragonTech IT Services, Inc, we create redundant systems for our clients that encompass both cybersecurity resilience and business continuity/disaster recovery.

Is That All A Firewall Does?

Not at all! Firewalls have many purposes, depending on what type of firewall you’re using:

Proxy Firewalls filter network traffic at the Application Layer. Unlike basic firewalls, a proxy firewall acts as a middleman between two other systems. The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and FTP, and use both stateful and deep packet inspection to detect malicious traffic.

Network Address Translation (NAT) firewalls allow multiple devices with independent network addresses to connect to the internet using a single IP address, keeping individual IP addresses hidden. As a result, attackers scanning a network for IP addresses can’t capture specific details, providing greater security against attacks. NAT firewalls are similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.

Stateful Multilayer Inspection (SMLI) firewalls filter packets at the network, transport, and application layers, comparing them against known trusted packets. Like the Next Generation Firewalls below, SMLI firewalls also examine the entire packet and only allow them to pass if they pass each layer individually. These firewalls examine packets to determine the state of the communication (hence the name) to ensure all initiated communication is only taking place with trusted sources.

Next Generation Firewalls (NGFW) combine traditional firewall technology with additional functionality, such as encrypted traffic inspection, intrusion prevention systems, anti-virus, web content filtering, and more. Most importantly, they include a service called deep packet inspection (DPI). While basic firewalls only look at packet headers, deep packet inspection examines the data within the packet itself, enabling users to more effectively identify, categorize, or stop packets with malicious data.

Next Generation Firewalls can also provide VPN services, either as server or client, which is important to keep your networks segmented and secured from unknown/unapproved traffic, and can allow remote users to connect to company networks & resources securely where ever they may be.