A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. It serves as the primary defense line between a secure internal network and untrusted external networks like the Internet.
Operation Mechanism
Firewalls function at different layers of the OSI model. Basic packet filters operate at the network layer, while Next-Generation Firewalls (NGFW) provide application-layer visibility and Deep Packet Inspection (DPI). This allows the system to distinguish between legitimate business traffic and malicious activity hidden within standard protocols like HTTP or DNS.
- Packet Filtering: Checks source and destination IP/ports.
- Stateful Inspection: Ensures incoming packets belong to an established, legitimate session.
- Circuit-Level Gateway: Verifies TCP handshakes without consuming significant resources.
Firewalls are deployed to create DMZs (Demilitarized Zones) and segment internal networks to prevent lateral movement of attackers. For example, a standard configuration might allow SSH access only from specific administrative IP addresses while blocking all traffic on port 21 (FTP). Statistics show that over 95% of enterprise security architectures rely on multi-layered firewalling to mitigate automated scanning and brute-force attacks.