What is a Firewall?

A firewall is a type of cybersecurity tool that is used to filter traffic on a network.

Firewalls can be used to separate network nodes from external traffic sources,
internal traffic sources, or even specific applications. Firewalls can be software,
hardware, or cloud-based, with each type of firewall having its own unique pros
and cons.

The primary goal of a firewall is to block malicious traffic requests and data
packets while allowing legitimate traffic through.

8 Types of Firewalls

vv

Firewall types can be divided into several different categories based on their
general structure and method of operation. Here are eight types of firewalls:

 Packet-filtering firewalls
  Circuit-level gateways
 Stateful inspection firewalls
 Application-level gateways (a.k.a. proxy firewalls)
 Next-gen firewalls
 Software firewalls
 Hardware firewalls
 Cloud firewalls
Note: The last three bullets list methods of delivering firewall functionality, rather than being types of firewall
architectures in and of themselves.

How do these firewalls work? And, which ones are the best for your business’
cybersecurity needs?

Here are a few brief explainers:

Packet-Filtering Firewalls
As the most “basic” and oldest type of firewall architecture, packet-filtering
firewalls basically create a checkpoint at a traffic router or switch. The firewall
performs a simple check of the data packets coming through the router—
inspecting information such as the destination and origination IP address, packet
type, port number, and other surface-level information without opening up the
packet to inspect its contents.

If the information packet doesn’t pass the inspection, it is dropped.

The good thing about these firewalls is that they aren’t very resource-intensive.
This means they don’t have a huge impact on system performance and are
relatively simple. However, they’re also relatively easy to bypass compared to
firewalls with more robust inspection capabilities.

Circuit-Level Gateways

As another simplistic firewall type that is meant to quickly and easily approve or
deny traffic without consuming significant computing resources, circuit-level
gateways work by verifying the transmission control protocol (TCP) handshake.
This TCP handshake check is designed to make sure that the session the packet
is from is legitimate.

While extremely resource-efficient, these firewalls do not check the packet itself.
So, if a packet held malware, but had the right TCP handshake, it would pass
right through. This is why circuit-level gateways are not enough to protect your
business by themselves.

Stateful Inspection Firewalls

These firewalls combine both packet inspection technology and TCP handshake
verification to create a level of protection greater than either of the previous two
architectures could provide alone.

However, these firewalls do put more of a strain on computing resources as well.

This may slow down the transfer of legitimate packets compared to the other
solutions.

Proxy Firewalls (Application-Level Gateways/Cloud Firewalls)

Proxy firewalls operate at the application layer to filter incoming traffic between
your network and the traffic source—hence, the name “application-level
gateway.” These firewalls are delivered via a cloud-based solution or another
proxy device. Rather than letting traffic connect directly, the proxy firewall first
establishes a connection to the source of the traffic and inspects the incoming
data packet.

This check is similar to the stateful inspection firewall in that it looks at both the
packet and at the TCP handshake protocol. However, proxy firewalls may also
perform deep-layer packet inspections, checking the actual contents of the
information packet to verify that it contains no malware.

Once the check is complete, and the packet is approved to connect to the
destination, the proxy sends it off. This creates an extra layer of separation
between the “client” (the system where the packet originated) and the individual
devices on your network—obscuring them to create additional anonymity and
protection for your network.

If there’s one drawback to proxy firewalls, it’s that they can create significant
slowdown because of the extra steps in the data packet transferal process.

Next-Generation Firewalls

Many of the most recently-released firewall products are being touted as “next-
generation” architectures. However, there is not as much consensus on what
makes a firewall truly next-gen.

Some common features of next-generation firewall architectures include deep-

packet inspection (checking the actual contents of the data packet), TCP
handshake checks, and surface-level packet inspection. Next-generation
firewalls may include other technologies as well, such as intrusion prevention
systems (IPSs) that work to automatically stop attacks against your network.

The issue is that there is no one definition of a next-generation firewall, so it’s

important to verify what specific capabilities such firewalls have before investing
in one.

Software Firewalls

Software firewalls include any type of firewall that is installed on a local device
rather than a separate piece of hardware (or a cloud server). The big benefit of a
software firewall is that it's highly useful for creating defense in depth by isolating
individual network endpoints from one another.

However, maintaining individual software firewalls on different devices can be

difficult and time-consuming. Furthermore, not every device on a network may be
compatible with a single software firewall, which may mean having to use several
different software firewalls to cover every asset.

Hardware Firewalls

Hardware firewalls use a physical appliance that acts in a manner similar to a

traffic router to intercept data packets and traffic requests before they're
connected to the network's servers. Physical appliance-based firewalls like this
excel at perimeter security by making sure malicious traffic from outside the
network is intercepted before the company's network endpoints are exposed to
risk.

The major weakness of a hardware-based firewall, however, is that it is often

easy for insider attacks to bypass them. Also, the actual capabilities of a
hardware firewall may vary depending on the manufacturer—some may have a
more limited capacity to handle simultaneous connections than others, for
example.

Cloud Firewalls

Whenever a cloud solution is used to deliver a firewall, it can be called a cloud

firewall, or firewall-as-a-service (FaaS). Cloud firewalls are considered
synonymous with proxy firewalls by many, since a cloud server is often used in a
proxy firewall setup (though the proxy doesn't necessarily have to be on the
cloud, it frequently is).

The big benefit of having cloud-based firewalls is that they are very easy to scale
with your organization. As your needs grow, you can add additional capacity to
the cloud server to filter larger traffic loads. Cloud firewalls, like hardware
firewalls, excel at perimeter security.
What is Cybercrime?
Cybercrime is defined as a crime where a computer is the object of the crime or is used
as a tool to commit an offense. A cybercriminal may use a device to access a user’s
personal information, confidential business information, government information, or
disable a device. It is also a cybercrime to sell or elicit the above information online.

Categories of Cybercrime
There are three major categories that cybercrime falls into: individual, property and
government. The types of methods used and difficulty levels vary depending on the
category.

 Property: This is similar to a real-life instance of a criminal illegally possessing an

individual’s bank or credit card details. The hacker steals a person’s bank details to gain
access to funds, make purchases online or run phishing scams to get people to give
away their information. They could also use a malicious software to gain access to a
web page with confidential information.
 Individual: This category of cybercrime involves one individual distributing malicious or
illegal information online. This can include cyberstalking, distributing pornography and
trafficking.

 Government: This is the least common cybercrime, but is the most serious offense. A
crime against the government is also known as cyber terrorism. Government cybercrime
includes hacking government websites, military websites or distributing propaganda.
These criminals are usually terrorists or enemy governments of other nations.

Types of Cybercrime
DDoS Attacks
These are used to make an online service unavailable and take the network down by
overwhelming the site with traffic from a variety of sources. Large networks of infected
devices known as Botnets are created by depositing malware on users’ computers. The
hacker then hacks into the system once the network is down.

Botnets
Botnets are networks from compromised computers that are controlled externally by
remote hackers. The remote hackers then send spam or attack other computers
through these botnets. Botnets can also be used to act as malware and perform
malicious tasks.
Identity Theft
This cybercrime occurs when a criminal gains access to a user’s personal information to
steal funds, access confidential information, or participate in tax or health insurance
fraud. They can also open a phone/internet account in your name, use your name to
plan a criminal activity and claim government benefits in your name. They may do this
by finding out user’s passwords through hacking, retrieving personal information from
social media, or sending phishing emails.

Cyberstalking
This kind of cybercrime involves online harassment where the user is subjected to a
plethora of online messages and emails. Typically cyberstalkers use social media,
websites and search engines to intimidate a user and instill fear. Usually, the
cyberstalker knows their victim and makes the person feel afraid or concerned for their
safety.

Social Engineering
Social engineering involves criminals making direct contact with you usually by phone or
email. They want to gain your confidence and usually pose as a customer service agent
so you’ll give the necessary information needed. This is typically a password, the
company you work for, or bank information. Cybercriminals will find out what they can
about you on the internet and then attempt to add you as a friend on social accounts.
Once they gain access to an account, they can sell your information or secure accounts
in your name.

PUPs
PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes,
but are a type of malware. They uninstall necessary software in your system including
search engines and pre-downloaded apps. They can include spyware or adware, so it’s
a good idea to install an antivirus software to avoid the malicious download.

Phishing
This type of attack involves hackers sending malicious email attachments or URLs to
users to gain access to their accounts or computer. Cybercriminals are becoming more
established and many of these emails are not flagged as spam. Users are tricked into
emails claiming they need to change their password or update their billing information,
giving criminals access.

Prohibited/Illegal Content
This cybercrime involves criminals sharing and distributing inappropriate content that
can be considered highly distressing and offensive. Offensive content can include, but is
not limited to, sexual activity between adults, videos with intense violent and videos of
criminal activity. Illegal content includes materials advocating terrorism-related acts and
child exploitation material. This type of content exists both on the everyday internet and
on the dark web, an anonymous network.
Online Scams
These are usually in the form of ads or spam emails that include promises of rewards or
offers of unrealistic amounts of money. Online scams include enticing offers that are
“too good to be true” and when clicked on can cause malware to interfere and
compromise information.

Exploit Kits
Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of
a user’s computer. They are readymade tools criminals can buy online and use against
anyone with a computer. The exploit kits are upgraded regularly similar to normal
software and are available on dark web hacking forums.

History of Cybercrime
The malicious tie to hacking was first documented in the 1970s when early
computerized phones were becoming a target. Tech-savvy people known as
“phreakers” found a way around paying for long distance calls through a series of
codes. They were the first hackers, learning how to exploit the system by modifying
hardware and software to steal long distance phone time. This made people realize that
computer systems were vulnerable to criminal activity and the more complex systems
became, the more susceptible they were to cybercrime.

Fast Forward to 1990, where a large project named Operation Sundevil was exposed.
FBI agents confiscated 42 computers and over 20,000 floppy disks that were used by
criminals for illegal credit card use and telephone services. This operation involved over
100 FBI agents and took two years to track down only a few of the suspects. However,
it was seen as a great public relations effort, because it was a way to show hackers that
they will be watched and prosecuted.

The Electronic Frontier Foundation was form