Firewalls Explained - Packet Filtering to NGFW
About 2 min read
A firewall is a security mechanism placed at the boundary of a network to block unauthorized access and communication. It monitors traffic between external and internal networks and decides whether to allow or deny it based on predefined rules. Firewalls are built not only into corporate networks but also into personal PCs and home routers.
Types of Firewalls
Packet-filtering firewalls are the most basic type, controlling traffic based on IP addresses and port numbers. Stateful inspection firewalls track the state of connections and make more sophisticated decisions, such as allowing only packets that belong to established connections. Next-generation firewalls (NGFW) inspect all the way up to the application layer and can detect malware and malicious content. Since 2024, NGFWs equipped with threat-detection features powered by AI/ML have been becoming the mainstream, improving the accuracy of detecting unknown attack patterns. Web application firewalls (WAF) specialize in HTTP/HTTPS traffic and defend against web attacks such as SQL injection and XSS.firewall and network security books on Amazon will help you learn the fundamentals.
Real-World Use Cases
"Through log analysis on our next-generation firewall, we detected suspicious outbound communication originating from inside the company. The investigation revealed it was malware C2 traffic, and we immediately isolated the infected device."
Filtering Concept Diagram
Allow / deny based on rules
Concrete Usage Scenarios
In a home environment, the router's built-in firewall blocks unauthorized access from the outside and protects IoT devices from attacks. In a corporate environment, firewalls separate networks between departments, preventing the spread of damage in the event of an intrusion. In a cloud environment, security groups and network ACLs serve the role of firewalls, controlling access to instances. In a remote-work environment, combining a VPN with a firewall enables secure access to internal resources.
Practical Considerations
A firewall provides defense at the network layer, but password strength is also essential for protecting accounts. Even if the firewall is breached, a strong random password serves as the last line of defense. A common pitfall is setting firewall rules to "allow everything for now." Based on the principle of least privilege, it is important to configure rules that permit only the necessary communication. In line with the concept of defense in depth, be thorough with both network defense and password management.security architecture books (Amazon) are also a helpful reference.
Was this article helpful?