Over the years firewalls have become an integral part of any network looking to properly protect itself from the threats that lurk outside. Firewalls are successful because they sit at the edge of your network, and are the first point of entry for any outside traffic. By standing guard at the edge of your network, firewalls are able to inspect the incoming traffic looking for anything suspicious. Since firewalls are usually based on a rule system, administrators are able to progressively add new rules as time goes on to protect their networks from the latest threats. This ability to constantly update your system in order to handle the ever growing landscape of new vulnerabilities is what makes firewalls irreplaceable in any enterprises stack. Firewalls are commonly categorized into network firewalls, and host-based firewalls. Network firewalls sit at the edge of a network and monitor all of the traffic incoming and outgoing from that network. Host-based firewalls sit on individual machines, and monitor only that particular machines incoming and outgoing traffic. Another distinction in firewall applications is dedicated hardware based firewall systems versus virtualized software based firewall systems. While our goal isn’t to define one is better than the other, but rather to provide information about each to be able to than conclude with is better for your specific objective. Information Security over the years has been ever growing, and with that the technology evolves. When researching security, even outside the realm of computers, and information we find that usually there is no one size fits all solution. And that having proper, and well executed security comes down to being able to identify the specific threats you face in your current environment. Firewalls not only protect us against these threats, but also allow us to gather intelligence to be able to better identify what threats we do face.
Firewalls began to appear in the late 80s as simple packet filtering applications. These firewalls systems would inspect all the incoming and outgoing network packets and apply the predetermined rules to filter out and drop suspicious packets. Before this system administrators would rely on routers as security as ways to protect their networks. But as networks grew, and become more complex a dedicated solution was needed and thus firewalls were born. Firewall technologies continued to improve, with the next generation featuring stateful filtering. This consisted of all the features provided in the previous version, but added a deeper look at the packets, and overall inspection. Stateful firewalls allowed systems to retain all connection information and identifying if the packet is part of the start, middle or end of a connection. This development once again allowed system administrators to gather more intelligence over what was coming in and out of their networks. Thus providing them with a better chance at combating the threats they face. The technology was once again improved around the mid 90s to include what is called application layer filtering. This was an improvement to the way firewall applications handle the connections of various types of applications. And again garnering system administrators with more information to be able to protect their networks from outside attacks. Throughout the generations of firewall applications, and where we are now we have seen the technology improve more and more. One key thing to notice is that with each generation, and improvement we see firewall applications do deeper packet analysis, and provide more information than before about the activities going on inside the network. If you look at any organization trying to provide security to either a network, or a particular person you will find that the man with the most information wins. This makes sense because it’s very logical to see how one isn’t able to protect oneself from the threats they face if they have little information about them to begin with. This is why you have whole agencies in the public, and private sector whose goal is to simply gather information. Sun Tzu is famously quoted as saying “If you know the enemy and know yourself you need not fear the results of a hundred battles.” We can relate to this when thinking about network security in the sense that if we know our own network, and we know the threats we face than we need not worry. Firewalls not only act as a mechanism to protect us, but also yield the crucial information we need to know about our enemy, and how they operate.