A firewall is a firewall system for computer systems. Firewall devices are physical products that consist of combining this software with appropriate hardware.
Firewalls, i.e. firewall systems, control all inbound and outbound network traffic, passing through certain filters and stopping harmful actions within network traffic. This ensures network security. A security mechanism that protects your devices and computers on an on-premises network or networks from attacks over other networks (internet) and controls internal and external network traffic (networks) according to certain rules.
Basically, the firewall decides whether packets that come to it on the network can go where they need to reach (with predefined rules). Protection is provided by blocking traffic that does not comply with the specified rule on the firewall. In addition, many firewalls can have a Proxy server or work with a Proxy, where users can meet their request packets before they go to the network.
Firewall systems are divided into hardware and software-based systems. Software-based Firewall applications are typically installed on operating systems on clients or servers. Hardware-based firewall devices are systems that run on special equipment.
In today’s technology world, firewall devices are developed and presented as a complicated solution. Security devices, which we call “Unified Threat Management”, have become popular firewalls of the last period. These firewalls now include IPS, IDS, Web Filtering, Application Filtering, Hotspot, VPN, 5651 Log Management.
How Does Firewall Work?
Firewall devices or software mainly aim to protect your network against harmful traffic and attackers that may come through untrusted (external) networks such as the Internet.
They control your internet traffic by processing the custom rules specified on them when providing this protection. If the firewall detects network traffic that violates your security policy, it provides a secure layer and blocks it by preventing it from accessing your network. Firewall devices create a special layer where only permitted traffic can pass through. They work by controlling the level of communication between the Internet and your corporate or domestic network.
It is easy to maintain or position a small network. However, in today’s technology world, we use many devices and applications even in domestic networks. At this point, we are subjected to a new cyberattack every day. Especially when attackers are using brand new types of attacks and mechanisms to infiltrate our internal network. It has become mandatory to use software or hardware firewall devices to protect against these attacks.
Large companies have been using firewall devices to protect their internal networks for over 25 years. Today, it has started to be used even in small networks such as restaurants, houses, hospitals, cafes, shops, and so on. Protecting a medium-sized café or a restaurant has become challenging when we think of today’s cyberattacks. Cyberattacks, which used to be specific and of several types, are now complicated, endangering our network and devices. Naturally, we use a firewall to determine which services are allowed on your firewall and block any remaining services that you don’t use.
Firewall devices are primarily whitelisted. It is ensured that permission is granted by creating a kind of reliable list for the services, ports, and processes used. All activities other than this list are blocked and a secure network connection is created. Instead of limiting users on your internal network – which is a laborious task – it is easier to protect by allowing secure communication methods through the firewall.
Let’s give an example by identifying with real life!
Let’s consider the safety of your home. To protect your home from external dangers, you can lock your door, you can put bars on the windows, we monitor the outer door with a camera system and use a strong steel door. What if these security measures aren’t enough? That’s where we hire a security guard to provide 24/7 surveillance and surveillance.
You can also think of your firewall devices as a security guard who protects your home 24/7. Imagine if an outsider phoned you to confirm whether it was safe, accompanied it to your door if it was safe, and neutralized it if it made a suspicious move until it came to your door! This is basically the operating logic of firewall devices. The connection request you allow comes to your home, and any connections you don’t allow will be denied.
What are the Types and Types of Firewalls?
First Generation Firewall
The first known writing on firewall technology appeared in 1988 when Jeff Mogul of dec (Digital Equipment Corporation) developed a filter called a package filter firewall, and it quickly became widespread. This system, which is quite simple, is the first generation example of internet security systems that will develop and become quite complex over the years.
AT&T’s Bill Cheswick and Steve Bellovin have also created a filter on the architecture of this first generation that works for their own institutions. Thanks to this filter, unwanted packages were blocked and properly transmitted packages were allowed.
Second Generation Firewall
First-generation firewalls, i.e. packet filtering; with the development of technology, it became inadequate. Between 1980 and 1990, AT&T’s Bell Labs developed a second-generation firewall known as the Dave Presetto and Howard Trickey circuit-level firewall. It is based on controlling network traffic, which is more complicated than the first generation.
Third Generation Firewalls
Known as a third-generation firewall, the level of application firewalls was first identified by publications by Gene Spafford, Bill Cheswick, and Marcus Ranum. Thanks to these publications, we have met third-generation firewall devices. These firewalls are also known as application-level (OSI Tiers) firewalls or proxy-based firewalls. Marcus Ranum’s work on this technology led to its emergence as the first commercial product.
The third-generation first firewall was released by DEC as SEAL Product. Dec’s first major sale was to an American chemical company on June 13, 1991. With third-generation firewall devices, application-level filtering is now possible and security has been increased to a higher level by providing better filtering.
Next Generation Firewalls
In 1992, Bob Braden and Annette DeSchon developed fourth-generation package filters. In this way, the first systems with a colorful and visual interface came to us. In 1994, an Israeli company, CPST (Check Point Software Technologies), launched this technology, known as Visas, into useful software and called it “Firewall–1”. Since then, the firewalls that have developed have been called the fourth, fifth and new generation firewalls.
Cisco, one of the internet giants, launched its “PIX” in 1997. The next generation of firewalls now actually have their power; they are derived from the “Deep Packet Inspection” engine they contain. They also merged with what we call IPS (Intrusion Prevent System) technologies. At this point, firewall devices called UTM (Unified Threat Management) appeared.
UTM (Unified Threat Management) Firewalls
Viruses, trojans, spam, and similar attacks have become increasingly complicated. The spread of the Internet allows for an increase in these harmful applications. On the other hand, the use of employees’ networks outside of work has also shown parallels. Users within the company are connected to networks other than work and are exposed to harmful activities through networks such as Whatsapp and Facebook.
For this reason, SMEs and large companies have started to use firewall devices called UTM for their security. As users became harder to control and the types of cyberattacks increased, unknown threat management became mandatory for security.
Today, many solutions are offered in various brands and technologies. However, in general, we have to turn to integrated devices that prevent all threats. Integrated Security Devices are a growing trend in the firewall market. For this purpose, many brands have started to issue “Integrated Security Systems” (UTM) products that can block all threats in one device.
In this way, centralized and easy control is provided, and licensing costs have become more suitable compared to taking different technologies piece by piece. UTM is an advanced device that not only handles the traditional firewalls and VPN (virtual private network) service that protects against attacks, but also the content filtering, spam mail filtering, attack detection system, spyware blocking, and anti-virus tasks used by multiple systems. On the other hand, UTM devices provide integrated management, control, and log-keeping services.
UTM products and Next-Generation Firewall devices have been able to keep up with the complexity and growth of internet threats due to their nature. At this point, it is aimed that system administrators and security experts will provide security more easily by eliminating the need to use multiple security programs.
Until yesterday, cyber attackers were successful in circumventing standard firewalls. As viruses became more common, organizations used web content filtering and then spam filtering methods. This forced administrators to use complex systems that cost them. However, security has become easier to manage thanks to UTM and Next-Generation Firewall devices.
Features of UTM Security Devices
UTM security devices basically work as firewalls. You can prevent unwanted situations with UTM devices by controlling inbound and outbound network traffic. On the other hand, they have the ability to prevent harmful activities as IPS (Intrusion Prevention System).
By web filtering, you can impose certain restrictions on the efficient use of your Internet connection. You can set limits and bans on your users without making any adjustments to clients. For example, sites such as Whatsapp, Youtube, and Facebook may be banned during working hours; however, you can release it during lunch.
For your employees who do business outside the company, such as your sales team, a VPN can be accessed securely by connecting remotely to the corporate network. In addition, antivirus feature has been made possible to prevent malware from entering the corporate network. Another feature, the app filter, prevents employees from using Whatsapp by connecting to the company’s wireless network from their mobile phones.
In today’s business world, our employees can use public Wifi connections for company business in places such as cafes or restaurants such as shopping malls. It poses a great risk to these companies, especially in open Wifi areas.
Next Generation Firewall
Previous generation firewalls came with Antivirus and DLP (Deep Packet Inspection) applications. They started to collect security systems (DLP, IPS, IDS, Content Filtering, AV Control) integrated with NGFW devices under one roof.
One of the most important features of the Next-Generation Firewalls (NGFW) is that they come up with the ability to “Identity Control”. Even if a user’s IP address has changed in the system, authentication technology allows them to access your network with the permissions granted. In this way, the user is controllable and keeps up with the next generation of network technologies.
You can think of this feature as ips and IDS management developed. At this point, it has emerged that NGFW devices have made significant progress in the field of safety.
When NGFW is mentioned, the integrated safety mechanism actually comes to mind. Port-based access to firewall devices was done in a very simple way. However, it can use the port you have allowed in other applications. That way, even if you’re aware of it, you’re leaving a mandatory loop by. Along with NGFW devices, control of applications running on a port will also be taken into effect. This creates a secure layer by providing the ability to control the application running on that port.
We Can Classify Firewall Types in Two Ways
Firewall types are basically divided into two.
Firewalls according to their structure
- Hardware Firewall
- Software Firewal
2. Firewalls according to their architecture
- Static Packet Filter Firewalls
- Circuit Level Firewalls
- Dynamic Packet (State Controlled) Filter Firewalls
- Proxy-Assisted Firewalls
- Hybrid Firewalls
Hardware Firewall Products
Hardware firewall devices are security devices integrated into routers and similar hardware. They typically use packet filtering and analyze inbound and outbound traffic by creating a bridge between your internal network and the external network (internet).
They do not affect the performance of your system or the speed of your servers because they work as separate hardware without being installed on existing servers or systems. It is an efficient option for all organizations that use broadband. They can also not be easily disabled, such as software firewalls. It significantly reduces costs because you will have secured your entire network with one device. However, their prices can increase significantly according to their usage areas and characteristics. For new nonprofessional users, setting up a hardware firewall can be quite difficult. Nevertheless, at this point, the next-generation firewall devices and UTM devices eliminate this disadvantage with management panels with easy interfaces.
Software Firewall Products
Software firewall products can run on operating systems at the application layer. Such firewalls can be conveniently installed as software on any computer. They check whether the data coming into the computer is the requested data and can often be adjusted so that the data coming out of the computer can also be checked. The costs are quite affordable compared to hardware firewall products. It is an ideal choice in places with a small number of computer network. While simple to install and use, they allow you to adjust your security level in a few simple clicks. However, because they work on operating systems, they become a load on the server. On the other hand, they are easy to disable and can pose security risks if managed by users.
Firewall Products by Architecture
1- Static Packet Filter Firewalls
These firewalls read the header portion of the data flowing through traffic and work by analyzing the information in this section. When we look at the working principles, the source address of the data in traffic, the destination address, the port that the package wants to access, the protocol it will use, allows the package to pass in light of the predefined authorities or the package is blocked. The biggest minus of this architecture is that the system that first sent the package, that is, the system that logged on, is in some cases undetectable. Although this architecture is obsolete, it is still used in some systems. Such firewall devices work in the Network layer in the OSI model.
2- Circuit Level Firewalls
Circuit Level Firewalls perform very well because they move packages with little control as soon as they are connected. In this type of firewall, there is no direct connection between the source and the target.
They use the technique in which the network address named NAT (Network Address Translation) is converted to a different address. Gateway hides the system’s IP address on the local network from externally connected sources. In this way, a secure layer is created. This technical circuit-level ensures that firewalls have a flexible structure. The disadvantage of such firewalls is that they cannot analyze packages between source and target.
3- Dynamic Pack (Status Controlled) Filter Firewalls
This architecture (Stateful Inspection) is designed to be inadequate for static packet filter firewalls. For health checking, packets are filtered in the network layer, as in high-performance static packet filter firewalls. Then all layers where the data comes from being accessed and checked to ensure high security. In other words, security is ensured by tracking data from source to destination.
In this firewall architecture, not only does it examine the title of the package, but it also checks the contents of the package to obtain more information about the package. As an additional security measure, firewalls of this type keep all ports closed (against port scanning vulnerability) only when a request for the port arrives, if it authorizes the request, it opens the port. The port remains closed when the request is not authorized.
4- Proxy Supported Firewalls
This firewall architecture (Proxy Based Firewalls) is built on application layer operation. The most important feature of a proxy-supported firewall is that it initiates the session itself. This means that when the source system wants to log on, it sends this request to the firewall, and the firewall transmits that request to the resource. After logging on, the operation continues. Proxy-assisted firewalls act as isolation between the target and the resource. This ensures network security.
The most important features of these firewalls are that they can control the contents of the package. They do not follow the session like dynamic packet filter firewalls. Because it is already the firewall that starts the session.
It experiences performance losses, especially in areas with high data traffic, as it is between the target and the source and forwards the packages to the client itself. Therefore, their use is not preferred in networks with heavy traffic as there will be serious performance losses.
5- Hybrid Firewalls
Firewalls containing two or more of these four types of architectures mentioned above on network security and computer security have been built. Such firewalls, which contain two or more architectures, are called Hybrid systems.
Basically, firewalls are a shield that protects computers, servers, networks, tablets, or phones from attacks and malware from internet attacks and internal networks. Thanks to this shield, harmful activities in your internet traffic are blocked and a safer use is aimed.
During your Internet access, data is made between network devices such as computers, servers, and routers. Firewall checks this data to determine if it is secure and cleans your connection to unsafe situations, providing network security and protection. In today’s technology world, even if we do not use separate firewall software for our computers, many modern operating systems have a firewall with basic features. Windows firewall application, Mac OSX’s firewall application, and Ubuntu’s firewall application come with the operating system during initial setup. But it is not enough, and some of them have a complex structure for the end-user. At this point, a separate firewall software may be preferred to protect your computer against attacks.
SMEs, medium-sized companies, and large institutions also have to position a firewall. Companies have to secure data on their internal networks. The most important step of this starts with using a firewall. Large companies typically use Next-Generation Firewall devices, while medium and small companies may prefer UTM devices.
In particular, public businesses such as cafes and restaurants offer Wifi, while they can definitely choose and similar UTM devices. You can choose models that are very low in cost and easy to install based on your internal network and the service you provide. At this point, domestic UTM devices stand out with log retention and law-abiding log storage features such as 5651.
Firewall Devices Protect Your Network and Devices From Unauthorized Access
The phenomenon of cybersecurity is becoming an important issue day by day. In particular, ransomware attacks in recent years have been a nuisance for companies. Both global companies and SMEs are facing difficult times affected by this attack. Compared to before, companies are now having a hard time maintaining network security and integrity.
Our users and employees face different types of attacks in the internet world. One of the scariest scenarios that can happen to you over the Internet is that your computer falls into someone else’s hands without your permission. At this point, it is necessary to underline that the new generation of attack types and viruses serves this purpose.
Keep in mind that such hazards can be significantly eliminated when a properly configured UTM device is used in conjunction with a modern operating system with full security updates.
We have to protect our businesses from cyberattacks and attackers. The first step to protect our business against cyberattacks is to position a UTM device. Remember, the safer and cleaner your network has traffic, the more efficiently and actively you can work. Otherwise, your encounter with ransomware, cyberattacks, and data loss will be a natural result in today’s internet world.