Table of Contents

What is a firewall?

Firewalls are security systems with routing functionality that control the data or network traffic control, log, block or allow. They are an important element in a network and are used to restrict access to systems or their services.

It consists of hardware and software components. The hardware components of a firewall are systems or computers with network interfaces such as routers, servers or hosts. The software components are, for example, packet filters or proxy server.

A general distinction is made between host-based and network-based firewalls. Host-based firewalls run on host computers and control network traffic to and from those computers. Network firewalls filter data traffic between two or more networks, for example through a VPN connection.

How well is your IT system protected?
Have your IT checked now by a professional vulnerability analysis!
For weak point analysis

How does a firewall work?

A firewall typically works on the network layer (Layer 3) and the transport layer (Layer 4) of the OSI reference model. For this reason, firewalls are also called packet filters. The firewall uses a defined set of rules to filter packets. The rules are created and maintained by a firewall administrator. Every new package is normally checked against all rules. In order from top to bottom. If none of the existing rules can be applied to the package, the so-called “default policy” applies.

This has two possible configurations, “Allow everything” or “Block everything”. The latter is recommended because it increases basic security and only allows network traffic for which a rule exists. The firewall or packet filter is able to filter or manipulate network packets based on various characteristics such as IP sender addresses, IP destination addresses, protocol or port numbers. Packet manipulation is used, for example, in Network Address Translation (NAT).

A further distinction is made between stateful packet inspection and stateless packet inspection. A firewall can use stateful packet inspection to interpret the connection status of network traffic and thus determine whether it is a new or existing connection. This has the advantage that not every single packet from existing connections has to be checked against the entire set of rules. For performance and speed reasons, firewalls usually always work with stateful packet inspection.

The most widely used packet filter is the Linux “netfilter”, which is part of the Linux kernel. This is used in products from well-known manufacturers and can be operated with the well-known “iptables” program.

A classic firewall or packet filter has no ability to perform deep packet inspection. Functions such as IDS (Intrusion Detection System), IPS (Intrusion Prevention System) or WAF (Web application Firewall) are usually part of a Next Generation Firewall (NGFW) or the latter part of an Application Layer Gateway.

We would be happy to advise you on other IT security topics!
Contact us now! By phone or via our contact form.
Contact us now
Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!

By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!

Table of Contents

NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices

By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!