Before computer networks were born, by firewalls we simply referred to those areas of rural land devoid of trees and bushes that, in the event of a forest fire, prevented the threat of fire from advancing.
Since 1987 (when the term was adopted by Steven M. Bellovin of AT&T), firewalls have also been purported to be border crossings that provide security against threats. Only, when we talk about technological firewalls, such threats are in the form of potentially malicious connections to / from your computer or your internal network.
Consider the case of a PC infected by some kind of malware, capable of receiving instructions and / or sending personal information to a remote server. The task of detecting and suppressing it belongs to our antivirus, but that of preventing malware and server from coming into contact is a firewall attribution.
What is a firewall?
A quick definition of firewall (or ‘firewall’) would be the following: a technological system whose mission is to allow or prohibit connections between computer equipment, based on a series of pre-established rules.
Said system can be in the form of both hardware (or physical) and software (or logic), or a combination of both:
- Physical: They can be integrated into the routers or be independent devices located between the Internet access point and the switch that is responsible for distributing the connection between the computers on the same intranet. Widely used in institutions and large companies.
- Logical: The alternative most used by users on foot; they only protect the computer on which they are installed, and in many cases they are integrated into the operating system itself (as is the case with the latest versions of Windows, Mac and Linux), without this preventing them from being replaced by third-party firewalls.
How do they work?
In both cases, the firewall task ‘be on the lookout’ for what information packages try to get out of or into our team. Blocking can be done based on various criteria, such as the IP to which they are destined, the type of port used to send them or the application of origin of the same.
One of the most complex aspects of using firewalls is their setting, in deciding what types of connections are blocked and which are not. So, a configuration too restrictive may block legitimate connections and cause our software to malfunction, but too much permissive it can make the firewall irrelevant.
What do next-generation firewalls offer
There are already what are known as NGFW (Next Generation Firewalls) or ‘next generation firewall’, which complement the functions of current firewalls with the ability to intelligently monitor information packets based on the information they contain.
In other words, these firewalls are able to understand the traffic they filter and the type of content or application to which it is linked, thus allowing to detect -for example- that the result of assembling several packets sent in response by an HTTP server does not conform to the format of an HTML file.