A firewall is a computer security tool that protects computer networks by stopping unauthorized access to the network and its resources. A firewall can be either software or hardware-based, and it can be installed on a single computer or across an entire network.
A firewall’s job is to identify and block all unauthorized access to a network. It does this by allowing authorized users access to the network while blocking unauthorized users and their traffic.
A firewall can be divided into two main categories: network-based firewalls and host-based firewalls.
Network-based firewalls are installed on a network router and use network address translation (NAT) and port forwarding to allow authorized users access to the network while blocking unauthorized users.
Host-based firewalls are installed on individual computers and use the same techniques as network-based firewalls to allow authorized users access to the computer while blocking unauthorized users.
A firewall can also be classified by its protection mechanism:
A packet filter firewall uses packet filtering to identify and block unauthorized traffic.
An application layer firewall uses application-level security features to protect against attacks that originate from outside the network.
A layer two firewall uses network layer security features to protect against attacks that originate from inside the network.
A firewall can also be classified by its functionality:
A security appliance firewall provides comprehensive security features, such as anti-virus, intrusion detection, and firewalling.
A network security appliance is a hardware-based firewall that integrates with existing network devices, such as routers and switches, to provide comprehensive security features.
A virtual private network (VPN) firewall uses virtual private network (VPN) technology to connect to a remote network and protect the computer network from unauthorized access.
A firewall can also be classified by the type of security it provides:
A host-based intrusion detection system (HIDS) firewall uses host-based intrusion detection (HIDS) to detect and block unauthorized activity on the computer.
A network-based intrusion detection system (NIDS) firewall uses network-based intrusion detection (NIDS) to detect and block unauthorized activity on the network.
A content filtering firewall uses content filtering to block unauthorized access to the computer’s resources.
A managed firewall deployment is a cloud-based firewall deployment that uses a managed service to manage the firewall and security features.
A firewall can also be classified by its deployment:
A perimeter firewall blocks unauthorized access to the network from the outside.
A gateway firewall Allows authorized users access to the network from the outside while blocking unauthorized users from the inside.
A router-firewall Allows authorized users access to the network from the inside while blocking unauthorized users from the outside.
A network-level firewall blocks unauthorized access to the network from all directions.