Network Firewall is a device which controls access to secured LAN network to protect it from unauthorized access. Firewall acts as a filter which blocks incoming non-legitimate traffic from entering the LAN network and cause attacks.
The main purpose of a firewall is to separate a secured area (Higher security Zone / Inside Network) from a less secure area (Low security Zone / Outside Network etc.) and to control communications between the two. Firewall also controls inbound and outbound communications across devices.
As a general understanding, where a non-secure Network like Internet terminates at Enterprise premises and Internet would be communicating with secured LAN Network (Like Users accessing Internet for Browsing , Office 365 , cloud Hosted Applications etc.) , Network Firewall becomes a mandatory requirement. Infact IT policy for corporates doesn’t allow such a communication until security posture in place with Firewall being the mainstay requirement.
BENEFITS OF NETWORK FIREWALL –
1. PACKET FILTERING TO PREVENT FROM MALICIOUS ATTACKS –
Network Firewall follows the policy of Authorized and unauthorized traffic. If the Firewall detects authorized traffic as per configured policy, traffic is allowed to pass to access LAN resources. If the firewall detects that the packet is unauthorized, it discards the data. Packet filtering works on the network layer and transport layer of the OSI model.
The packet filtering can be divided into two parts:
- Stateless packet filtering.
- Stateful packet filtering.
Stateful packet filtering keeps track of state of connection flow for all the packets and in both directions. Also, it keeps track of all the IP addresses currently communicating at any time.
Stateless packet filtering does not keep track of state of communication and hence is considered less secure packet filtering technology.
2. TRAFFIC LOGGING –
By recording the information from packets that pass through or that it discards, it can provide you with a clear picture of the kind of traffic experienced.Any hostile activity to take access to resources may be blocked by the firewall. However this unauthorized access attempt will be recorded as log and may be referred to later on for auditing.
3. VIRUS AND TROJAN PROTECTION –
Many Network Firewalls nowadays are equipped with capability to analyse and block unwanted programs and software’s from entering Network Like – Virus and Trojans. This way LAN asset protection is always up-to-date. For instance, it can block emails with viruses from entering your network or employees from visiting undesirable web sites. Many different firewall appliances provide antivirus protection at the perimeter of your network. Most Network firewalls in perimeter are capable to continuously update the list of good and malicious applications.
With advancement in technology, firewall functionality has also been integrated with Routing devices. Some examples include
- Cisco ISR G2 (1900, 2900 and 3900) and G3 (4000 Series) Routers with optional Security License (Firewall Features like ZBF etc.)
- Juniper SRX (300, 550, 650, 1400 etc.) Firewall and Routing integrated devices.
Let’s not also undermine here the features, scalability and performance dedicated Firewall devices provide in comparison to integrated hardware.
However, technical and Business requirement widely governs the decision to adopt Dedicated Firewall on Integrated Firewall solution.