A firewall (FW) is a network component that protects corporate resources from threats, manipulation or deletion from the Internet. To prevent the intrusion of malware or other attacks, a firewall filters unwanted network traffic.
The task of firewalls is to increase security in the corporate network through various mechanisms. These include ensuring that access to the public network is as undisturbed as possible, preventing unauthorized access to the company's own network, restricting services that can be used externally, restricting access to a limited number of front-end processors, authentication and identification, and encryption.
A firewall therefore represents the only access of the own network to the public network. It usually consists of several hardware and software components that are individually configured according to user requirements for services and security. By concentrating access on a single component, security management is greatly simplified, as are monitoring and control functions. Firewall systems operate at layers 2 to 7 of the OSI reference model. When used in MAC layer bridges, for example, they can filter out any broadcast and multicast packets from the data stream via packet filters, thus preventing the network-wide propagation of broadcast storms. Other filtering techniques include content filters and proxy filters. Next-generation firewalls, NGFW firewalls, have higher security capabilities against attacks, intrusions, and for identification.
The different firewall concepts
In principle, there are three firewall concepts: packet filtering, proxy firewalls and stateful inspection firewalls( SIF). Packet filtering involves checking and filtering out data packets. For example, when used in MAC layer bridges, they can filter out any broadcast and multicast packets from the data stream via packet filters, thus preventing the network-wide propagation of broadcast storms.
On the Internet, this technology is used in the form of security firewalls, to protect a company's own network, an intranet, against unauthorized access. Possible access can be provided by the company in question by means of a proxy firewall.