If you’ve been using the Internet for a while now, you must have probably heard of the term “firewall” a lot of times. But many of you might not be aware of what exactly is a hardware firewall and the role it plays.
In this article, we will start with the basics of the hardware firewall, how it works, its benefits and more.
“Firewall” as the name suggests, is a guard that resists fire. A wall designed to stop spreading of fire once it’s started, generally used in huge buildings or between connected structures. Similarly, in the computing environment, a firewall is designed to restrict illegitimate users from accessing the network.
Hardware Firewall – Introduction
A hardware firewall is a physical device between your computer and the Internet that protects all the computers from any unauthorized Internet users from accessing private networks connected to the Internet. It blocks harmful pieces of data from reaching the system and protects your network against viruses and malware. This means whenever you are accessing the Internet, you have to go through the firewall. A hardware firewall is also known as a network or a gateway firewall.
A firewall’s main objective is to block access to or from a private network. All the incoming and outgoing data packets from the web have to go through the firewall which inspects each packet and obstructs the packet that does not meet the firewall rules. These rules generally include factors like the ports in IP packets, a destination address and a source address.
In short, a firewall screens each packet of data to evaluate where it came from and where it is going and then it takes a decision whether the packet should be accepted or denied.
The router that is generally used for Internet connection is called “network layer firewall”.
However, it does not keep a watch about what a packet is, where it came from and where it goes.
Related: What Is A Web Application Firewall?
How Does a Hardware Firewall Work?
Depending upon your existing network configuration the firewall setup varies. The firewall is directly connected to your uplink and is placed outside your server.
Once the connection to the server is established, the complete traffic coming in or going out from the server will pass through the firewall, making it pass tests. This lets you have full command over the kind of traffic you are receiving and that is extremely important.
There are four mechanisms that the firewall uses to restrict traffic. To provide complete protection one device or application can use more than one of these mechanisms. Let’s take a glimpse of these mechanisms:
A packet filter blocks all the inbound and outbound traffic of the network and tests it as per the rules you define. Generally, the packet filter can measure the source and destination IP address, source port and destination port. Based on these criteria you can filter to approve or deny traffic from specific ports or IP addresses. A Packet filter works in the network layer of the OSI model.
Security threats to Packet Filters:
IP address Spoofing:
An external intruder tries to send packets inside the network by using IP address as that of an internal user.
By discarding all the packets coming into the network that has source IP equal to one of the internal IPs, this attack can be blocked.
Source Routing Attacks:
The attacker tries to trick the firewall by sending packets to your network and obtain information about the route it uses by scanning the responses.
By using a path addressing, a firewall can block this attack by discarding all the packets that use source routing.
Tiny Fragment Attacks:
Larger packets are usually broken into smaller ones because of the size limit permitted by the Ethernet. An attacker takes advantage of this feature by creating Internet Protocol (IP) datagram fragments of the original packet.
This type of attack can be prevented by blocking all the packets that use the TCP protocol and are divided. A dynamic packet filter only permits the TCP packets if they are responses to the outgoing TCP packets.
A circuit-level gateway prevents all inbound traffic to itself. Software is then run on the client’s machine to install a connection with the circuit-level gateway machine. For the external network, it looks like all the communication from the inside network is emerging from the circuit level gateway.
A proxy server is often used to enhance the performance of the network, but it also works as a firewall. It hides your actual IP addresses so that all communications seem to start from the proxy server itself. This type of server caches pages that are requested. For example, if user A goes to Google.com the request is sent from the proxy server and the webpage is retrieved.
Now, if User B wants to access Google.com the proxy server transmits the information it already retrieved for User A. Thus, the webpage gets loaded quickly as the information is sent from the proxy server and not Google’s server. With the help of a proxy server, you can block access to specific websites and filter particular port traffic to safeguard your internal network.
An application gateway is another type of proxy server. A connection is first established with the application gateway, then the application gateway decides if the connection should be permitted or not and then set-up the connection with the target computer. Each communication goes through two connections- client to application gateway and application gateway to the destination.
The application gateway scans all traffic as per the rules before taking a call of passing it ahead. With the other proxy server types, only the address of the application gateway will be seen by the external network, so that the inside network remains safe.
Firewall Policy and Firewall Rules
A firewall is responsible for making the decision whether the packets should be allowed, denied or discarded based on its rules. A packet is rarely denied, most of the times it is either allowed or discarded. The denied packet is usually skipped because a denied packet uses more bandwidth on its way back and the source assumes that if there is no response from the destination, the packet is dropped and further action needs to be taken (retry or abandon).
If you decide to implement a software or hardware firewall you must have a good understanding of what it does. For instance, the traffic should be allowed to the web server while denying all the other traffic. This is known as the firewall policy and the person implementing this policy is known as the firewall administrator.
The administrator then converts this policy into a combination of technical statements known as ruleset that instructs the software or hardware what needs to be done.
The default setting of the firewall is to deny all the traffic. This is how the Windows firewall works. If you are a Windows user, you must be getting a pop up asking if you want to allow the application to approve the connection of the network. If you click ‘allow’ it will add a ruleset to that particular application that it needs to be allowed. These rules of Windows Firewall can be modified from control panel settings.
Actions that can be taken by the Firewall rules:
- Allow: Allows traffic that matches precisely to the rule and passes it, simply denies the rest of the things.
- Bypass: Permits traffic to go through both- intrusion prevention analysis and firewall. This setting is generally used for media-intensive protocols or traffic starting from trusted sources. This type of rule can be based on traffic direction, IP, protocol and port, etc.
- Deny: Completely blocks the traffic that meets the specified rule.
- Force Allow: Compulsively authorizes traffic that gets blocked by other rules. This traffic allowed by Force Allow rule will have to go through the intrusion prevention module.
- Log only: Only the logs of traffic will be maintained. Action will not be taken.
Benefits of Hardware Firewall
1. Port Access
You get complete control to modify rules with options such as allowing all traffic to your website or keeping SSH access only to the developer and yourself.
2. Traffic Control
You get the ability to decide what kind of traffic shall reach your server and which type of traffic to block.
3. Managed Equals Control
Have access to adjust controls, configure and troubleshoot for the complete staffed networking team.
4. Default Rules
List of fully configurable default rules that can be applied to all traffic.
5. Additional Server Resources
Get complete control of additional server resources that can be made use of. Even the software firewall can be disabled from your server and you can fully depend upon the hardware firewall for complete protection.
Wait…Before You Choose Your Firewall
Purchasing a firewall is similar to buying a car. Not one car fits all family sizes and needs. There are different factors that you need to consider before buying a car. A family of 6 won’t be comfortable in a basic 5 seater car and it will not make any sense to buy a minibus. In the same way, buying a firewall requires detailed research before deciding on your purchase.
Here are some basic questions that you should go through before buying a firewall:
1. What is the Size of Your Business?
Depending upon the number of users in your network, the size of the firewall will vary. This means, the more the number of users in your network, the larger the firewall. Most firewalls cannot be upgraded so it’s better to consider a quite larger one than you need.
2. What Type of Business Do You Run?
If you run a business that requires single-handed based working and doesn’t contain any sensitive information then a software firewall will be adequate. But say, if your company is a financial firm then a powerful firewall will be required.
3. What Type of Firewall Do You Need?
Each firewall has its pros and cons. Do a proper research and take help from experts before making your decision. The types of firewalls are already explained above.
4. Will You Need Any Anti-Virus Software?
Yes. Even after installing a firewall you will need anti-virus for your system. Because, malicious threats like viruses, trojan horses, worms can only be detected with the help of a firewall. These viruses can enter from external sources like SD cards, DVD’s, emails, USB, etc.
5. Do You Need Virtual Private Networking (VPN)?
A VPN lets you log in to a secure network remotely. It can be IPsec for a site to site Internet Protocol Security that lets you connect to remote company locations or third parties. An SSL VPN may be required to allow a secure connection to your resources for your local and roaming workers. The number of workers in your remote network will impact the type of firewall you may need and its price.
6. Do You Need Identity Management (IDM)?
IDM is the process of identifying, authenticating and authorizing the identity of an individual user or a group of users on a network. A standard firewall usually can only implement policies and record traffic against IP addresses while the advanced firewalls such as UTMs and NGFWs can integrate with directory services so that the rules or policies can be applied and traffic recorded for users and user groups.