How it works: Firewalls explained

Tips & tricks
3 mins
Laptop with a brick wall.

In computing, a firewall is software or hardware that separates different parts of a network, isolating them from risk. A firewall has its own rules and can direct and block incoming or outgoing traffic.

Your computer’s firewall will most commonly allow outgoing connections and block all requests from the outside. Anyone wanting to use peer-to-peer software (like file-sharing or a web server) on their personal machine will need to disable or change the firewall rules manually.

What is a firewall?

The functionality of a firewall is to lock down networks, servers, and applications from unauthorized access. Ideally, each application has its own robust authentication scheme, but a firewall makes it easy to limit who can make connection attempts.

Firewalls are security mechanisms that lock intruders out, making your network more secure and improving the availability of resources. However, firewalls are only one puzzle piece within a comprehensive information security framework and do not provide absolute security.

Why do we need firewalls?

Firewalls are designed to protect computers from malicious software such as viruses, malware, and spyware. But that’s not all. Here’s a list of threats firewalls protect computers from:

Backdoor access

Backdoor access is an undocumented way for attackers to gain access to computer systems. Through this, attackers can download files and execute actions remotely, leading to high-security risks. 

Denial of service (DoS) attacks

DoS attacks attempt to shut down a network by flooding it with unwanted traffic. For example, attackers could bombard the servers of a social media company, overwhelming these servers so they’re unable to process legitimate connections or requests from customers.

Macro virus

A macro virus is an attack code hidden in everyday applications such as Microsoft Word, Sticky Notes, and Zoom. The malicious code goes into effect when a victim opens and activates the application. 

Access attacks

In an access attack, hackers try to access another user’s account or network through various means, including password guessing. 

Lost or compromised data

It takes only a few seconds for dedicated hackers to crack common passwords and steal the credentials of their victims. 

How does a firewall work?

Firewalls filter traffic based on rules. The three most important rules are the direction of the traffic, the port number, and the protocol used.

Ports identify the network interface of the software. Likely multiple services are running on a server simultaneously, and the port number identifies them. Generally, any software can claim any port for itself, but some conventions limit that. Typically, SSH is available on port 22, an HTTP connection on port 80 or 8080, and an HTTPS connection on port 443.

A software can claim multiple ports, but each port can only be claimed by one service. By configuring the firewall to block port 22, it becomes impossible to connect to the SSH daemon, and by blocking all ports except 443, only HTTPS connections may be served.

Protocols such as UDP and TCP define how applications communicate with each other. In the context of an OpenVPN app, for example, a connection can be made either over UDP or TCP. UDP allows for faster connections, but TCP connections are more reliable. By limiting the kind of protocols permitted over a port, a firewall can further help lock down a network to intruders.

Types of firewalls

There are many different types of firewalls that exist to stop different threats. They are: 

  • Packet filtering firewall: The most basic type of firewall, packet filtering is used to control the flow of data to and from a network. 
  • Circuit-level gateway: A circuit-level gateway is a type of firewall for User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) connections. 
  • Application-level gateway: As its name suggests, application-level firewalls are a series of policies that control the data flow between an app and the network. 
  • Stateful inspection firewall: Stateful firewalls inspect and monitor traffic on active network connections. This specific firewall looks for potential risks and is normally on layers 3 or 4 of the OSI model. 
  • Next-generation firewall (NGFW): Next-gen firewalls move beyond regular port and protocol inspection and blocking. NGFWs include features like firewalls, application awareness, and integrated intrusion prevention. 
  • Virtual firewalls: A virtual firewall is a service that provides the usual filtering and monitoring virtually instead of through a physical network firewall. 

FAQ: About firewalls

Do I need a firewall?
How do firewalls protect computers?
Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.