Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
A firewall is a network security device or software that acts as a barrier between a trusted internal network and untrusted external networks (like the Internet). It monitors and controls incoming and outgoing network traffic based on a predefined set of security rules. Firewalls operate at various network layers, primarily the network and transport layers (Layers 3 and 4 of the OSI model), but modern firewalls can also inspect application layer data (Layer 7). Packet filtering firewalls examine individual data packets and allow or deny them based on source/destination IP addresses, ports, and protocols. Stateful inspection firewalls track the state of active network connections and make decisions based on the context of traffic, offering enhanced security over simple packet filters. Proxy firewalls act as intermediaries between internal clients and external servers, inspecting traffic at the application layer. Next-Generation Firewalls (NGFWs) integrate traditional firewall capabilities with additional security features like intrusion prevention systems (IPS), deep packet inspection (DPI), and application awareness. The primary goal is to prevent unauthorized access, block malicious traffic (e.g., malware, DoS attacks), and enforce network access policies. Trade-offs include potential performance bottlenecks, complexity in configuration and management, and the possibility of blocking legitimate traffic if rules are misconfigured.
graph LR
Center["Firewall"]:::main
Pre_osi_model["osi-model"]:::pre --> Center
click Pre_osi_model "/terms/osi-model"
Rel_proxy_server["proxy-server"]:::related -.-> Center
click Rel_proxy_server "/terms/proxy-server"
Rel_zero_trust["zero-trust"]:::related -.-> Center
click Rel_zero_trust "/terms/zero-trust"
Rel_cybersecurity["cybersecurity"]:::related -.-> Center
click Rel_cybersecurity "/terms/cybersecurity"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
🧱 A digital wall that checks every piece of data entering or leaving your network, blocking anything that looks suspicious or isn't on the 'allowed' list.
🤓 Expert Deep Dive
Firewalls implement access control policies, typically enforced through rule sets defined by administrators. Packet filtering firewalls utilize Access Control Lists (ACLs) to permit or deny traffic based on header information (IP addresses, ports, protocol numbers). Stateful firewalls maintain a connection state table, correlating incoming packets with established outgoing connections, significantly reducing the attack surface compared to stateless filters by implicitly denying unsolicited inbound traffic. Application-layer firewalls (or proxies) terminate connections and initiate new ones, allowing for deep inspection of application protocols (e.g., HTTP, FTP) and content filtering, but introduce latency and potential single points of failure. NGFWs combine stateful inspection with IPS capabilities, application identification (often via DPI), and threat intelligence feeds. Unified Threat Management (UTM) devices integrate multiple security functions. Architectural choices involve hardware appliances (offering high throughput) versus software implementations (more flexible). Challenges include maintaining accurate and up-to-date rule sets, managing performance impacts, and defending against sophisticated evasion techniques that exploit protocol ambiguities or application vulnerabilities.