Firewalls are critical components of any network’s security.  Acting as the barrier between trusted internal networks, like your home or office network, and untrusted external networks, such as the internet, they monitor and control incoming and outgoing traffic based on predefined security rules.  Firewalls come in various types, each serving specific purposes and operating at different layers of the network.  As with any type of defense, you do not want to rely on a single layer of protection but multiple layers supporting one another.  Firewalls can be primarily divided into two categories: Edge and Host based.

Edge Firewalls

Edge firewalls themselves come in two different categories as well, Traditional and Next-Generation firewalls.  Traditional edge firewalls, also known as network firewalls, are deployed at the perimeter of a network.  In homes this is often referred to as your router which in most cases also has a firewall running on it, in businesses this is often a dedicated device deployed at the edge of your network where the internet from your Internet service provider, or ISP connects to your network.  The primary role is for this device to protect the entire network.  As these are dedicated devices, they primarily operate on the network level meaning they primarily concern themselves with scanning network traffic and look for anomalous attempts at connection and entry.  This would be akin to alerting police when you see someone walking around a parking lot checking door handles.  These devices traditionally have some limitations as they are unable to inspect encrypted traffic and have very limited capabilities to affect the internal network.

Next-Generation Edge firewalls provide the traditional firewall capabilities and combine them with advanced features such as deep pack inspection, intrusion prevention, and application awareness.  They operate at the network and application layers to provide a more robust security posture.  Unlike traditional firewalls specific applications or programs can be targeted and eliminated from operating on your network, intrusion prevention systems can actively identify and shut down anomalous behavior, and encrypted traffic can be examined.  In exchange for higher cost and management complexity the system provides enhanced protection and security.

Host Firewalls

Host based firewalls are installed directly on your individual devices such as laptops, workstations, servers, and even some network-based devices like NAS and even some printers.  They can best be thought of as locked doors inside a building, even if you make it through the front door your system can still be protected by locking internal doors. They provide additional protection to the host device and operate at the network and application layers.  Since they are installed on the host system, they are fully aware of all traffic normal and encrypted traffic, and application actions.  They provide very granular control over what is allowed in and out of the operating system.  Finally, they can be centrally managed with appropriate management software which allows for complex fine-tuned rules to protect your device.

Firewalls are critical to protecting your devices, networks, data, and employees from malicious actors.  In addition to helping to manage and eliminate unauthorized and unnecessary traffic they make your network a hardened target which may persuade potential attackers to look elsewhere.  It is critical to remember that security is a journey not a box that can be checked. Like a chess match, fencing competition or battle it is a consistently flowing stream of move and counter move, attack and counterattack with each side pursuing their objective relentlessly while the other side attempts to defend themselves. This is why it is critical to not only have firewalls in place, but to have them properly managed as well.

Summary

Firewalls are essential for network security, acting as barriers between trusted internal networks and untrusted external ones by monitoring and controlling traffic based on predefined rules. They come in two main types: edge firewalls, which protect entire networks at the perimeter and include traditional models focused on network traffic and next-generation versions offering advanced features like deep packet inspection and intrusion prevention; and host-based firewalls, installed on individual devices to provide granular control over applications and encrypted traffic. A layered approach using both types strengthens defenses, as security is an ongoing process requiring proper management to counter evolving threats.

.