Firewall

A firewall is a software and/or hardware-based security mechanism that monitors and controls incoming and outgoing network traffic according to a defined security policy. Its primary purpose is to protect a private network from unauthorized access, malicious software, and network attacks originating from the external world, such as the internet.

Working Principles and Approaches

Firewalls operate by filtering data packets based on specific rules. These rules are configured according to characteristics such as the source IP address, destination IP address, port number, and protocol type. These controls are grounded in two fundamental security approaches:

• Loose Approach (Default Allow): Only known threats are blocked; all other traffic is permitted.
• Strict Approach (Default Deny): Only explicitly defined and authorized traffic is allowed; everything else is blocked.

In enterprise networks, these two approaches are often implemented in combination. Strict rules are applied to areas such as DMZ (Demilitarized Zone), while user internet access may be governed by more lenient rules.

Components and Types

Firewalls are classified according to the following technical architectures:

Static Packet Filtering (Stateless Packet Filtering)

Filtering is performed solely based on header information such as IP address, port, and protocol. Previous connection states are not considered. It is simple and fast but weak in detecting attacks.

Dynamic Packet Filtering (Stateful Packet Filtering)

Decisions are made based on connection states. The firewall tracks whether a connection has been initiated and whether a session is still active. It is more secure but consumes more processor and memory resources.

Application Layer Gateways (Application Proxy Firewalls)

Acts as an intermediary between client and server, inspecting traffic at the application level. Used for protocols such as HTTP, FTP, and SMTP. Provides content filtering and user authentication. Can operate in transparent or non-transparent modes.

Circuit-Level Gateways

Monitors TCP sessions without examining packet contents. SOCKS protocol is an example. Operates at the connection layer and provides low-level filtering.

NAT (Network Address Translation)

Enhances privacy by preventing private IP addresses from being visible externally. Although primarily used for address management, it also contributes to security.

Integrated Services

Modern firewalls are integrated with the following services:

• Antivirus Scanning: Analyzes HTTP, FTP, and SMTP traffic to block malicious software.
• Content Filtering: Filters web pages, emails, and application traffic based on categories.
• VPN Support: Enables secure remote access through encrypted tunnel connections.
• IDS/IPS: Integrates with intrusion detection and prevention systems to identify threats.
• Logging and Reporting: Maintains traffic logs to enable security analysis and auditing.

Effectiveness and Performance Measurement

The performance of firewalls should not be assessed solely by network parameters such as bandwidth or number of sessions, but also by their effectiveness in blocking malicious traffic. Filter coverage can be measured by integrating with independent blacklisting providers’ IP data. Additionally, effectiveness can be evaluated by deploying firewalls alongside multi-port IDS systems.

Alignment with Security Policies

Firewalls must be configured in accordance with an organization’s access control policy. It must be clearly defined who can access which services, when, and in which direction. This is achieved through access control lists (ACLs), time-based rules, and user authentication mechanisms. Network security policies must be documented in writing and integrated with all system components.

Limitations

Although firewalls form a strong defense line, they have certain limitations:

• They do not protect against internal threats, such as attacks originating from within the network.
• They cannot monitor traffic that does not pass through them.
• They cannot directly analyze the contents of virus-infected files or applications.
• Poor configurations can create serious vulnerabilities.

Firewalls are one of the fundamental security components in modern computer networks. These systems, which operate at different levels and through various methods, are indispensable for filtering network traffic, enforcing access control, and preserving system integrity. However, mere installation is insufficient for effective use; they must be supported by robust security policies, up-to-date threat intelligence, and continuous monitoring processes.