Firewall

Firewalls act as barriers between trusted internal networks and untrusted external networks, filtering traffic to prevent unauthorized access and attacks.

Types of firewalls

• Packet-filtering: Inspects packets against basic rules (IP, port, protocol).
• Stateful inspection: Tracks connection states for context-aware filtering.
• Application-layer: Deep packet inspection at the application level (Layer 7).
• Next-generation (NGFW): Combines traditional filtering with IPS, malware detection, and application awareness.
• Web application firewall (WAF): Protects web apps from HTTP-based attacks.

Why it matters

• First line of defense against network-based attacks and unauthorized access.
• Reduces attack surface by blocking unused ports and services.
• Provides segmentation between network zones (DMZ, internal, external).
• Required for compliance with PCI DSS, HIPAA, and other frameworks.

Implementation best practices

• Deploy in layers: perimeter firewalls, internal segmentation, host-based firewalls.
• Follow least-privilege principles: deny by default, allow only necessary traffic.
• Regularly review and audit firewall rules to remove outdated entries.
• Enable logging and monitoring for security event correlation.
• Keep firmware updated and test rule changes in staging environments.