If the main entry to your house is protected by your front door, your computer network is protected by a firewall — a term that originally hails from the automotive industry. In a car, a firewall is a metal barrier that separates the engine compartment from passengers, thus protecting us if a fire ignites in the engine. In the same manner, an electronic firewall is placed between the internet and your network to protect / shield your system infrastructure from the conflagration an intrusion could produce.
There are 2 types of firewalls; Hardware and Software. Well speak to hardware firewalls first.
To understand how a firewall works, we first need to understand how information moves across the internet. When something gets sent from one place to another on the internet, it first gets broken into small pieces called packets. These packets are numbered so they can be put back together at the receiving station.
Packet size can vary from 500 bytes, to 64 kb. To put that into perspective, lets call an MP3 song 4.5 Mb in size and the average packet size 1500 bytes. That means the song you downloaded was broken into roughly 3,000 packets which were sent individually across the internet, each being sent on the fastest route at the moment it was sent, received by your device and numerically put back together in about 30 seconds.
Your firewall fits into this picture by examining every single packet that tries to enter your network and verifies that something INSIDE the network (your PC / Smartphone / Tablet) requested that packet. That process is called Stateful Packet Inspection, often referred to as stateful inspection.
Every photo, video, music, or data file you requested from an internet source is logged by the firewall. When the information is retrieved, the firewall checks the logs to make sure it was requested and then lets the information in. If the packet was NOT requested, the firewall simply destroys or drops the packet. In this manner, you are protected from nefarious characters trying to gain access to your network.
I’ve Already Got One, Do I Have the Other?
A router, on the other hand, is your systems data manager that sends packets to their intended destination on the internet. Firewalls and routers can be integrated into the same piece of equipment, which might conflate a users understanding of what device serves what function.
Your network cant function without a router to direct packets / internet traffic, but it can operate without a firewall. Just not safely. The strength and size of firewall recommended for your network depends upon the size (traffic) of the network and the likelihood of it being targeted.
A small office/home office (soho) can usually get away with a relatively inexpensive firewall / router combo with little management requirements. A larger business with sensitive information (corporate information, client data, financial data) flowing through its network would have a dedicated rack-mounted firewall. Firewalls of this size and complexity require personnel that are well versed in firewall management to setup and maintain.
A Clear Case of Need
As security experts, every time we check into a clients network for troubleshooting, maintenance, or assessment, we examine the firewall logs. In every single case, there is evidence that someone has conducted a vulnerability scan on that device in the past week. While the vast majority of these are automated scans (that scour the entire internet for weak points to exploit), sometimes these are direct attacks on that network.
There are individuals out there whose only job is to find networks to exploit. There are others that focus on high potential payoff targets. In all cases, your best first line of defense is your hardware firewall.
To end, a discussion about software firewalls — a function present in Windows OS as well as in many antivirus programs; the latter able to take over software firewall management as well. In either case, for most users, default settings are sufficient unless the software firewall is protecting a large network (and where IT professionals will most likely manage both the hardware and the software firewalls).
The term defense-in-depth is often used in the field of network security. Its premise is to deploy a series of security controls to make an attacker see / believe that it isn’t worth their while to try to penetrate your network.
Software firewalls work on the application layer and are thus considered a secondary line of defense. As such, while we highly recommend using software firewalls to augment your overall security, they are not a suitable first line of defense.
Use a hardware firewall to lock the door on your network! There is no substitute.