What is a Firewall? A Plain English Explanation For Non-Geeks

A network firewall is the first line of defense to protect your organization’s data, network, and critical assets from outside intruders and threats.  But in everyday terms, what does it really mean and why is it important to your business?

Think of your house as your business network.  The walkway from the street to the front door is your data connection (bandwidth) to the Internet, making your front door the connection to the world.  In networking, we call this “front door” the WAN interface.

There used to be a time when we left our front doors unlocked or even left wide open.  We didn’t get too many visitors, so we would just open and close the front door to let them in or deny their entry.  Unfortunately, those days are over.  If we leave our front door open, there will be unwanted visitors.  On a typical network, there can be tens of thousands of visitors every second.  In the networking world, these visitors are called packets.  We certainly don’t want all these packets coming in and out of our network without knowing what they are, but we can’t be opening and closing the door that often.

So what do we do?  We get a very fast security guard to stand at that front door, and we tell him who and what to let in and what to block.  That security guard is the firewall.  Without that security guard/firewall there, we are letting in pretty much any visitor, and some of those visitors will be criminals who are coming to rob us.

On a basic level, the security guard can look at where a visitor comes from.  If they come from our local book club, we are going to let them in. If it’s a salesperson, we won’t even open the door.  One way a firewall does this is by looking at the source IP. If it’s an IP for Google, we will probably let it in. If it’s an IP from the Dark Web, we won’t allow it.

We might let visitors in the front door at home, but that doesn’t necessarily mean we give them access to the entire house.  We’ll let them use the guest bedroom and bathroom, but our master bedroom and bathroom are off limits.  A firewall typically accomplishes this by looking at port numbers.  You want to access my web server on port 80?  Yup, go ahead… but you aren’t going to get to see my FTP server on port 21. And we might decide that only certain IPs can access the web server.  This helps to block unsolicited traffic into our network.

When you browse the Internet, you are basically shouting out from your window into the street (Internet) and saying “Hey, I want to see the brochure about ABC Widgets.”  So your browser connects to ABCWidgets.com, and that company starts sending you information (in the form of web traffic and packets) back to you.  We need to make sure we are letting that traffic in. A firewall does that because it knows who you called out to and lets them back in.

Everything we’ve talked about so far describes the old type of firewall.  Now we have what’s called a Next Generation Firewall (NGFW).  The problem with the old firewall is that the criminals knew they could get into a house, but not necessarily into the master bedroom where the safe full of valuables was hiding.  So they started hiding saws and lock picks in their pockets or in the boxes they were carrying into the house.  Once inside the house, they might go to the guest bathroom because we said they could go there.  But once inside the guest bathroom, they unload the saw to cut a hole in the wall which leads into the master bedroom, where they use the pick to unlock the jewelry drawer.  These saws and picks are the viruses, malware, crypto lockers, and other cybersecurity threats that you hear so much about.

The NGFW tells the security guard, “Hey, make sure you look at what is in these guests’ pockets and the boxes they might bring in” – meaning data, attachments, and files. That means the firewall is no longer just looking at where the packets come from and where they are going. The NGFW is looking at the information contained in the packet, so we can try to identify if there is anything malicious and block it if necessary.  These new firewalls also tend to keep very good records of who and what is going through the front door.  That walkway to the front door (bandwidth) is only so big, so we want to know who is inviting in all those Netflix streaming packets that are congesting the walkway and maxing out the bandwidth.

Now that you know what a network firewall is and what it does, learn about the costs associated with security breaches – and then you will understand why having perimeter security with a firewall is so important.

Interested in protecting your business with a Next Gen Firewall?  Request a free, no-obligation consultation with TPx’s security specialists today.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.