How would you live in a house without doors?
It might not feel as extreme, but that’s how exposed your computers are to thieves and vandals.
Firewalls are essential for safety at the most basic level. Without them, you’re risking the exposure of private client and employee information. You could lose your own data, too—including credit card information and mission-critical files.
What exactly is a firewall?
It’s easier to picture a person instead of a wall. Think of it as the guard at your gates. Your firewall IDs every visitor, pats them down like airport security, and decides who’s allowed to come in. It monitors incoming and outgoing network traffic all day long, blocking threats that could compromise your security.
Firewalls work alongside your anti-virus software and virtual private networks (VPN). You can’t rely on one of these alone.
We know you want the best protection possible, but the information out there on network security can be tough to process (IT language can be heavy on the jargon).
Let us break down the five main types of firewalls for you.
1. Packet Filtering Firewalls
The oldest trick in the book, this firewall is incredibly simple.
When a “packet” of data shows up at the gate, the firewall inspects it. Your network administrator will create a specific set of rules for the firewall to follow when it screens incoming data. If the data packet doesn’t meet this predetermined safety criteria, your firewall won’t let it in.
In essence, it’s a sorting algorithm.
Packet filtering firewalls are some of the cheapest, and they work great for small networks. The main downside: you’re limited to only a few parameters and you can’t do complex, rule-based filtering.
2. Proxy Firewalls
These firewalls provide a more sophisticated level of protection. When a data packet arrives, it’ll be met by an extra layer of security. The “proxy” here is a separate application that the firewall uses to help screen the safety of incoming data packets.
These are crucial if you’re downloading applications. Sometimes, .exe files that look harmless—and come from sources you trust—can contain malware. Trojan horses can stump anyone, but proxy firewalls can sniff them out pretty easily.
Proxy firewalls are slower and clunkier than packet filters, but they’re versatile and provide tight, reliable security.
3. Deep Packet Inspection (DPI)
The heavy-duty version of packet filter firewalls. While regular packet filtering inspects more easily visible “header” information, like IP addresses and port numbers, DPI firewalls do intense background checks on incoming data. They’ll tell you what should be blocked, redirected, or safely accepted.
These firewalls simply have more processing power than the traditional packet filters. And they do more than just intercept viruses. They can track and protect you from denial-of-service attacks and more subtle activities like eavesdropping.
A DPI firewall might not be enough, however, because they’re also susceptible to manipulation. Without other security measures in place, this firewall might backfire.
4. Circuit Level Gateway Firewalls
Familiar with the three-way handshake? Every time you use the Internet, a three-step conversation (the Transmission Control Protocol) happens between your computer and the web. This ensures data is going to and from the right destinations.
When a data packet reaches your network, it examines the TCP handshake closely to decide if the protocol was performed properly. Unlike the others, the circuit level gateway firewall doesn’t examine the contents of packets.
5. Next Generation Firewall (NGFW)
The latest generation of firewall technology, NGFWs use the same packet inspection measures as deep packet inspection at a more advanced level. Unlike their predecessors, these firewalls can block malware. That’s an indispensable feature in the age of cybersecurity.
They’re powerful enough to use application-level inspection, intrusion prevention—and they can collect intelligence from outside your network. In other words: security, law enforcement, and espionage rolled into one. Pretty rad, right?
Of course, they’re more robust and complex, meaning they’ll be on the pricier. If you’re running a small business, you should consider starting with packet filtering firewalls and add on what you need as your business grows.
It’s great to have options—and you don’t have to settle for just one. Each one of these firewalls has gaps that another can fill.
Consider the size of your network, how robust your cybersecurity infrastructure needs to be, and how much you value your data security. We hope you value it deeply.
CBM helps businesses choose and implement the security they need. Instead of getting firewalls off the shelf, ask us for help to create a customized solution that works for your budget and business needs. That’s just one of many benefits of managed IT services. Click here to find out more.