The H.A.C.K.E.R. Project

A firewall may sound like something that is dangerous, but in reality, a firewall is a useful tool that can help to keep you safe. Generally, when “your computer is accessible through an internet connection or Wi-Fi network, it is susceptible to attack” (CISA). It is important to note, however, that just because you are connected to the Internet does not mean you will be attacked; it simply increases risks of attack. For example, if you buy a house and never go back outside, you are unlikely to get sick; going outside won’t make you get sick, but it increases your risk of becoming ill. Luckily, there is a useful solution to keep yourself safe when connecting to the internet: “you can restrict outside access to your computer—and the information on it—with a firewall” (CISA).

This video, produced by Kaspersky Labs, provides a great overview of what a firewall is and how it works.

What is a Firewall?

Firewalls are, essentially, “a first line of defense in network security” (Cisco). They can be either a physical device or a software application installed onto your computer. Generally, a firewall can “be viewed as gated borders or gateways that manage the travel of permitted and prohibited web activity in a private network” (Kaspersky). This may seem a bit confusing. Luckily, there is a useful analogy that can help you to better understand what firewalls do.

Imagine that your computer or device is a kingdom. The firewall would be, essentially, the castle walls that surround the kingdom, keeping the kingdom safe from outside threats. However, it is necessary to be able to enter and exit the kingdom, which is where the drawbridge and moat come into play: people who are permitted to enter or leave your kingdom are able to pass over the drawbridge, while those who are forbidden are not allowed to cross over the drawbridge. In computer terms, your device likely needs to be able to send and receive communications across networks or the Internet. “Good” communications are allowed to pass through the “drawbridge” of the firewall, while “bad communications” are not allowed to enter. Essentially, they work “by filtering out the good from the bad, or the trusted from the untrusted” (Kaspersky).

Why is it called a firewall instead of a castle wall or drawbridge? The name “firewall” is actually based on “the concept of physical walls being barriers to slow the spread of fire until emergency services can extinguish it” (Kaspersky). This is because firewalls are not perfect. Using the kingdom analogy again, it is possible that enemy forces can breach the castle walls and invade the kingdom. The castle walls and drawbridge, however, will definitely slow them down. The same can be said about a firewall. It is still possible that unwanted or bad communications can pass through the firewall, but the firewall will most likely slow them down, just like how the walls of a building can help to contain a fire and prevent it from spreading too rapidly.

Firewalls work by “monitor[ing] incoming and outgoing network traffic and decid[ing] whether to allow or block specific traffic based on a defined set of security rules” (Cisco). Essentially, the firewall will scan the traffic for malicious data, and if it finds any, it will block it. The firewall will “create ‘choke points’ to funnel web traffic, at which … [the traffic is] then reviewed on a set of programmed parameters and acted upon accordingly” (Kasperksy). Firewalls are configurable, which is an extremely useful feature: you can set specific rules or exceptions in order to further filter the type of traffic or data that will reach your computer or device. For example, say you share a computer with many people. You can configure your firewall to block all traffic to certain websites to prevent anyone from viewing those sites. Similarly, you can set your firewall to block all incoming traffic from specific sources. If you know that a particular website is known for trying to send malicious code to users, you can block all traffic from that website to prevent it from reaching your device.

Why Should I Use a Firewall?

Firewalls are extremely useful and important network security tools to consider using. They help to “establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet”, enabling you to have better control over the type of traffic or communications your devices can make (Cisco). As advised by Kaspersky Labs, whether it is “harmful or not, network traffic should always be vetted” to ensure that it is safe (Kaspersky).

Not only will it keep your individual device safe, but a firewall will also help protect your entire network. Kaspersky Labs states that “instead of every host on a network being directly exposed to the greater internet, all traffic must first contact the firewall”. By forcing all inbound or outbound network traffic through the firewall, it ensures that any data sent is evaluated and scanned before transmission, making the entire network more secure. In addition, a firewall “can also prevent malicious software from accessing a computer or network via the internet” (CISA). Some types of malware, once installed on a machine, will try to send a signal back to the threat actor or hacker using that malware; a firewall can block that signal, preventing a hacker from knowing whether a given machine or network was infected.

Kaspersky Labs has identified three of the most popular uses for firewalls:

• Infiltration from malicious actors: Undesired connections from an oddly behaving source can be blocked. This can prevent eavesdropping and advanced persistent threats (APTs).
• Parental controls: Parents can block their children from viewing explicit web content.
• Workplace web browsing restrictions: Employers can prevent employees from using company networks to access unproductive services and content, such as social media.

Kaspersky Labs

However, it is important to note that the use of a firewall does not “guarantee that your computer will not be attacked. Firewalls primarily help protect against malicious traffic, not against malicious programs (i.e., malware), and may not protect you if you accidentally install or run malware on your computer” (CISA). Thus, while a firewall is a great start to network security, it should not be the only measure. Installing antivirus software on the devices connected to your network is recommended to help fight off malware or unwanted programs.

What to Keep in Mind When Purchasing a Firewall

There are many different types of firewalls available for purchase, and there are various styles of firewalls available that each work in different ways. In addition, a firewall “can be hardware, software, software-as-a service (SaaS), public cloud, or private cloud (virtual)” (Cisco). It may be overwhelming when deciding what type of firewall to use. However, it is important to note that “the decision to use a firewall is more important than deciding which type you use” (CISA). Having a firewall is much better than not having one, regardless of what type of firewall it is. In addition, some firewalls are better suited for larger businesses than for home use, and vice versa.

If you are familiar with networks, you will likely be able to evaluate various firewalls based on their abilities to determine what it is you need. However, this may be more difficult if you are not as familiar with computer networking. Cisco is a well-known technology company that sells hardware-style firewalls. Their products can be viewed here: https://www.cisco.com/site/us/en/products/security/firewalls/index.html. On the flipside, a popular, free firewall software is pfSense, which can be downloaded here: https://www.pfsense.org/download/. If you are unfamiliar with setting up a firewall, it may be worthwhile to have a trained technician install it for you.

Beyond buying a firewall, you may be concerned about needing to set all sorts of rules and exceptions for it to enforce. Luckily, “most commercially available firewall products, both hardware and software based, come preconfigured and ready to use”, and thus have a baseline of security they already provide (CISA). Once you have gotten used to working with a firewall- or if you have a good idea of what you want to do, your firewall “can be configured to block data from certain locations (i.e., computer network addresses), applications, or ports while allowing relevant and necessary data through” (CISA). After that, your network will be one huge step forward in security.

Resources & Further Reading

CISA. “Understanding Firewalls for Home and Small Office Use | CISA.” Cybersecurity and Infrastructure Security Agency CISA, U.S. Department of Homeland Security, 23 Feb. 2023, www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use.

Cisco. “What Is a Firewall?” Cisco, Cisco Systems, Inc., 2023, www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html.

Kaspersky. “What Is a Firewall? – Definition & Explanation.” Usa.kaspersky.com, AO Kaspersky Labs, 5 Feb. 2021, usa.kaspersky.com/resource-center/definitions/firewall.