What is a firewall? How does it work? Which Type of Firewall Should SMEs Use?

Firewall are firewall systems produced for computer systems. Firewall devices, on the other hand, are physical products that are produced by combining these software with appropriate hardware.

What is Firewall

Firewalls, that is, firewall systems, aim to control all incoming and outgoing network traffic, pass it through certain filters, and stop harmful actions in network traffic. This ensures network security . It is a security mechanism that protects your devices and computers on the in-house network or networks against future attacks over other networks (internet), and controls the internal and external network traffic (network) according to certain rules.

Basically, the firewall decides whether the packets coming to it on the network can go to the places they need to reach (with predefined rules). Protection is provided by blocking traffic that does not comply with the rule specified on the firewall. In addition, many firewalls may have a Proxy server or work with a Proxy where users will receive the request packets before they go to the network.

Firewall systems are divided into hardware and software based. Software-based Firewall applications are usually installed on operating systems on clients or servers. Hardware-based firewall devices are systems that run on special hardware.

In today's technology world, firewall devices are developed and presented as a complicated solution. Security devices that we call "Unified Threat Management" , called UTM (Unified Threat Management), have become popular firewalls of the last period. Now these firewalls come with features such as IPS, IDS, Web Filtering, Application Filtering, Hotspot, VPN, 5651 Log Management.

How Firewall Works

Firewall devices or software basically aim to protect your network against malicious traffic and attackers that may come from untrusted (external) networks such as the Internet.

While providing this protection, they control your internet traffic by processing the special rules specified on it. If the firewall detects network traffic against your security policy, it provides a secure layer by preventing it from accessing your network and blocks this traffic. Firewall devices create a special layer through which only allowed traffic can pass. They work by controlling the level of communication between the Internet and your corporate or home network.

It is easy to maintain or position a small mesh. However, in today's technology world, we use many devices and applications even in domestic networks. At this point, we are exposed to a new cyber attack every day. Especially now that attackers are starting to use brand new attack types and mechanisms to infiltrate our internal network. It has become mandatory to use software or hardware firewall devices to protect against these attacks.

Large companies have been using firewall devices to protect their internal networks for over 25 years . At the point we have reached today, it has started to be used even in small networks such as restaurants, homes, hospitals, cafes, shops and so on. Protecting a medium-sized cafe or restaurant has become a challenge when we think about today's cyber attacks. Cyber attacks, which used to be specific and of several types, have now become more complex, compromising our network and devices. Naturally, we have to use a firewall against these attacks to determine which services are allowed on your firewall and block all the remaining services that you do not use.

Basically, white list logic is carried out in firewall devices. Permission is achieved by creating a kind of trusted list for the services, ports and processes used. All activities outside this list are blocked, creating a secure network connection. Easier protection is provided by allowing secure communication methods over the firewall, rather than limiting users in your internal network - which is a laborious task.

Let's give an example by identifying it with real life!

Let's consider the safety of your home. To protect your home from outside dangers, you lock your door, you can put bars on the windows, we monitor the outside door with a camera system and use a strong steel door. What if these security measures are not enough? At this point, we provide 24/7 monitoring and follow-up by hiring a security guard.

You can think of your firewall devices as a kind of security guard protecting your home 24/7. Imagine that when a person comes from outside, he confirms whether it is safe by calling you, if it is safe, he escorts him to your door, and if he makes a suspicious move until he comes to your door, he neutralizes him! This is how firewall devices basically work. The connection request you allow will come to your home, all the connections you do not allow will be rejected.

What are Firewall Types and Types?

First Generation Firewall (Packet Filter Firewalls)

The first known article on firewall technology emerged in 1988, when Jeff Mogul from DEC (Digital Equipment Corporation) developed the packet filter firewall and became widespread. This system, which is quite simple, is the first generation example of internet security systems that will develop and become quite complex over the years.

Bill Cheswick and Steve Bellovin of AT&T have also created a working filter on this first-generation architecture for use in their organization. Thanks to this filter, unwanted packets were blocked and correctly transmitted packets were allowed.

Second Generation Firewall (Pull Level Firewalls)

First generation firewalls, namely packet filtering; became inadequate with the development of technology. Between the 1980s and 1990s, the second generation firewall, known as the Dave Presetto and Howard Trickey circuit-level firewall, was developed at AT&T's Bell labs. It is based on controlling the network traffic, which is more complicated than the first generation.

Third Generation Firewall (Application Level Firewalls)

Application-level firewalls, known as third-generation firewalls, were first described by publications by Gene Spafford, Bill Cheswick, and Marcus Ranum. Thanks to these publications, we met with third generation firewall devices. These firewalls are also known as application level (OSI Layers) firewalls or proxy based firewalls. Marcus Ranum's work on this technology led to its emergence as the first commercial product.

The first third generation firewall was released by DEC as SEAL Product. The first major sale of DEC was made to an American chemical company on June 13, 1991. With the third generation firewall devices, application level filtering is now possible and security is taken to a higher level by providing better filtering.

Next Generation Firewalls

In 1992, Bob Braden and Annette DeSchon developed the fourth generation packet filters. In this way, we came across the first systems with a colorful and visual interface. In 1994, an Israeli company CPST (Check Point Software Technologies) released this technology, called visas, into a useful software and named this security software "Firewall-1". Firewalls that developed after this date began to be called fourth, fifth and new generation firewalls.

Cisco, one of the internet giants, launched its product called "PIX" in 1997. The current new generation firewalls actually strengthen their power; They take from the engine called Deep Packet Inspection (Deep Packet Inspection) they contain . At the same time, they combined with the technologies we call IPS (Intrusion Prevent System). At this point, we came across Firewall devices that we call UTM (Unified Threat Management).

UTM (Unified Threat Management) Firewalls

Viruses, trojans, spam and similar attacks have become increasingly complex. With the widespread use of the Internet, these malicious applications increase. On the other hand, the use of employees' networks outside of work showed parallelism. Users within the company connect to networks outside of work and are exposed to harmful activities through networks such as Whatsapp and Facebook.

For this reason, SMEs and large companies have started to use firewall devices that we call UTM for their security . Unknown threat management has become imperative for security as it becomes more difficult to control users and the variety of cyber attacks increases.

Today, many solutions are offered in various brands and technologies. But in general, we have to turn to integrated devices that block all threats. Integrated Security Appliances is a developing trend in the firewall market. For this purpose, many brands have started to release "Integrated Security Systems" (UTM) products that can block all threats on a single device .

In this way, both central and easy control is provided and the license costs have become more affordable compared to buying different technologies piecemeal. UTM is advanced devices that not only perform traditional firewalls and VPN (virtual private network) service protecting against attacks, but also content filtering, spam mail filtering, intrusion detection system, spyware blocking and anti virus tasks used by multiple systems. On the other hand, UTM devices provide integrated management, control and logging services.

UTM products and Next Generation Firewall devices have been able to keep up with the inherent complexity and growth of internet threats. At this point, it is aimed for system administrators and security experts to provide security more easily by eliminating the need to use multiple security programs.

Cyber attackers were successful until yesterday at bypassing standard firewalls. As viruses became widespread, institutions used web content filtering and later spam filtering. This situation forced managers to use complex systems with high cost. However, security has become more manageable thanks to UTM and Next Generation Firewall devices.

Features of UTM Security Devices

UTM security devices basically work as firewalls. By controlling the incoming and outgoing network traffic, you can prevent unwanted situations with UTM devices. On the other hand, they have the feature of preventing harmful activities as an IPS (Intrusion Prevention System), that is, an intrusion prevention system.

By doing web filtering, you can impose certain restrictions on the efficient use of your Internet connection. You can limit and ban your users without making any settings on the clients. For example, websites such as Whatsapp, Youtube and Facebook can be banned during working hours; but you can release it during lunch.

For your employees, such as your sales team, who work outside the company, they can be accessed securely by connecting to the company network remotely with VPN. In addition, the antivirus feature has made it possible to prevent malicious software from entering the company network. With the application filter, which is another feature, employees can be prevented from using Whatsapp by connecting to the company wireless network from their mobile phones.

In today's business world, our employees can use public Wifi connections for company business in places such as shopping malls, cafes or restaurants. Especially in open Wifi areas, this poses a great risk for companies.

Thanks to the UTM devices, such risks can also be avoided. By opening secure Hotspot networks, you can log 5651 compatible.

Next Generation (NGFW) Firewalls (Next Generation Firewall)

Previous generation firewalls came with Antivirus and DLP (Deep Packet Inspection) applications. They started to gather NGFW devices and integrated security systems (DLP, IPS, IDS, Content Filtering, AV Control) under one roof.

One of the most important features of New Generation Firewalls (NGFW) is that they come with the "Identity Control" capability. Even if the ip address of a user in the system has changed, it is ensured that he can reach your network with the authorizations given by the authentication technology. In this way, it is ensured that the user is controllable and keeps up with the new generation network technologies.

You can think of this feature as the developed IPS and IDS management. At this point, it has been revealed that NGFW devices have shown a significant improvement in the field of security.

When NGFW is mentioned, the integrated security mechanism comes to mind. Port-based access authorization was done very simply in firewall devices. However, it can use the port you have allowed in other applications. Thus, even if you are aware of it, you leave a forced gap. Along with NGFW devices, the control of applications running on a port will also be handled. In this way, a secure layer is created by providing the ability to control the application running on the relevant port.

We Can Classify Firewall Types In Two Ways

Firewall types are basically divided into two.

1. Firewalls according to their structure

  • Hardware Firewall
  • Software Firewall

2. Firewalls according to their architecture

  • Static Packet Filter Firewalls
  • Circuit Level Firewalls
  • Dynamic Packet (Stateful) Filter Firewalls
  • Proxy Supported Firewalls
  • Hybrid (Hybrid) Firewalls

Hardware Firewall Products

Hardware firewall devices are security devices integrated into routers and similar hardware. They typically use packet filtering and analyze inbound and outbound traffic by creating a bridge between your internal network and the external network (internet).

Since they work as separate hardware without being installed on existing servers or systems, they do not affect the performance of your system or the speed of your servers. It is an efficient option for all institutions using broadband. They also cannot be easily disabled like software firewalls. Since you will secure your entire network with one device, it significantly reduces costs. However, their prices may increase significantly depending on their usage areas and features. For new non-professional users, setting up hardware firewalls can be quite difficult. However, at this point, new generation Firewall devices and UTM devices eliminate this disadvantage with their management panels with easy interfaces.

Software Firewall Products

Software firewall products can work on operating systems at the application layer. This kind of firewalls can be easily installed on any computer as software. They check whether the data coming to the computer is the requested data and can often be adjusted so that the data coming out of the computer can also be checked. Compared to hardware firewall products, their costs are quite affordable. It is an ideal choice in places with few computer networks. While they are simple to setup and use, they allow you to set your security level with a few simple clicks. However, since they work on operating systems, they become a burden on the server. On the other hand, they are easy to disable and can pose security risks if managed by users.

Firewall Products by Architecture

1- Static Packet Filter Firewalls

These firewalls read the header part of the data flowing in traffic and work by analyzing the information in this part. When we look at the working principles, as a result of analysis such as the source address of the data in the traffic, the destination address, the port that the packet wants to access, the protocol it will use, it allows the packet to pass or the packet is blocked in the light of predefined authorizations. The biggest disadvantage of this architecture is that the system that sent the packet first, that is, the system that logs in, cannot be detected in some cases. Although this architecture is obsolete, it still continues to be used in some systems. Such firewall devices operate at the Network layer in the OSI model.

2- Circuit Level Firewalls

Circuit-level firewalls (Circuit-Level Firewalls) show very high performance as they carry packets with little control as soon as the connection is established. In this type of firewall, no direct connection is established between the source and the destination.

They use a technique called NAT (Network Address Translation) where the network address is converted to a different address. The gateway hides the IP address of the system in the local network from external sources. In this way, a secure layer is created. This technique allows circuit-level firewalls to have a flexible structure. The disadvantage of this type of firewall is that they cannot analyze the packets between the source and the destination. 

3- Dynamic Packet (Stateful) Filter Firewalls

This architecture (Stateful Inspection) was designed on the inadequacy of static packet filter firewalls. For health checking, packets are filtered at the network layer, as in static packet filter firewalls for high performance. Then all the layers from which the data comes are accessed and these layers are audited to ensure high security. In other words, security is provided by tracking data from source to destination.

In this firewall architecture, not only the header of the packet is examined, but also the contents of the packet are checked to obtain more information about the packet. As an additional security measure, this type of firewall keeps all ports closed (against port scanning vulnerability) and only opens the port when there is a request for the port if it authorizes the request. The port remains closed when the request is not authorized.

4- Proxy Supported Firewalls

This firewall architecture (Proxy Based Firewalls) is built on the application layer. The most important feature of the proxy supported firewall is that it starts the session itself. In other words, when the source system wants to log in, it sends this request to the firewall, and the firewall forwards this request to the source. After logging in, the process continues the same. Proxy-backed firewalls act as isolation between the target and the source. This ensures network security.

The most important feature of these firewalls is that they can control the packet content. They do not monitor the session like dynamic packet filter firewalls. Because the firewall is already starting the session.

Since it enters between the target and the source and transmits the packets to the relevant client, it causes performance losses, especially in areas with high data traffic. For this reason, they are not preferred to be used in networks with heavy traffic, as there will be serious performance losses.

5- Hybrid (Hybrid) Firewalls

Firewalls containing two or more of these four types of architectures that we have mentioned above on network security and computer security have been produced. Such firewalls with two or more architectures are called Hybrid systems.

Basically, firewalls are a shield that protects your computers, servers, network, tablet or phones, in short, your devices that provide internet access, and your internal network against attacks and malicious software that may come from the internet. Thanks to this shield, it is aimed to provide a safer use by blocking harmful activities in your internet traffic.

During your Internet access, data is exchanged between network devices such as computers, servers, and routers. Firewall, on the other hand, detects whether it is safe by checking this data and provides protection with network security by cleaning your connection against unsafe situations. Even if we do not use a separate firewall software for our computers in today's technology world, many modern operating systems have a firewall with basic features. Windows' firewall application, Mac OSX's firewall application and Ubuntu's firewall application are bundled with the operating system during initial setup. But it is not enough and some of them have a complex structure for the end user. At this point, a separate firewall software may be preferred to protect your computer against attacks.

Even SMEs, medium-sized companies and large institutions have to position a firewall. Companies have to ensure the security of data in their internal networks. The most important step in this starts with using a firewall. While large companies generally use Next Generation Firewall devices, medium-sized and small companies may prefer UTM devices.

Especially when public enterprises such as cafes and restaurants offer Wifi service, they can definitely prefer UTM devices. You can choose models that are very low in cost and easy to install, according to your internal network and the service you provide. At this point, domestic UTM devices such as 5651 come to the fore with their logging and legal logging features.

Firewall Devices Protect Your Network and Devices Against Unauthorized Access

Cyber security has become an important issue day by day. Especially in recent years, ransomware attacks have become a nuisance for companies. Both global companies and SMEs are going through tough times by being affected by this attack. Compared to the past, companies are now having a hard time maintaining network security and integrity.

Our users and employees are faced with different types of attacks in the internet world. One of the scariest scenarios that can happen to you over the Internet is when someone else gets into your computer without your permission. At this point, it should be underlined that new generation attack types and viruses serve this purpose.

Keep in mind that a properly configured UTM device, when used with a modern operating system with full security updates, can significantly eliminate such dangers.

We have to protect our businesses against cyber attacks and attackers. The first step to protect our business against cyber attacks is to position a UTM device. Remember, the safer and cleaner your network has, the more efficient and active you can work. Otherwise, encountering ransomware, cyber attacks and data loss will be a natural consequence in today's internet world.