Skip to Content

Cybersecurity Knowledge Base

CyberPedia


Your essential guide to cybersecurity threats, attacks, and defenses. Understand the risks. Protect your business.

Firewall

Overview

firewall is a security device or software that controls what network traffic is allowed in or out of a computer, server, or network. It acts like a security guard at a door, checking each “visitor” (data connection) against a set of rules and deciding whether to let it pass or block it.

In plain terms: a firewall is a digital gatekeeper that helps keep bad traffic out and lets good traffic through.

What a Firewall Does

A firewall sits between different parts of a network—most often between your internal network and the internet—and:

  • Watches incoming and outgoing network traffic.

  • Compares that traffic to security rules (for example, “allow web browsing,” “block known bad addresses”).

  • Allows or blocks connections based on those rules.

This helps prevent unauthorized access and can reduce the spread of malware or attacks inside a network.

Types of Firewalls (High Level)

Modern firewalls come in several forms:

  • Network firewalls (hardware or virtual appliances)

    • Protect entire networks or segments; often used at the perimeter (between internal network and internet) and between internal zones.

  • Host‑based / personal firewalls

    • Software firewalls on individual computers or servers, controlling traffic to and from that device.

  • Next‑Generation Firewalls (NGFWs)

    • More advanced firewalls that can inspect application‑level traffic, identify specific apps (like social networks, cloud tools), and block known threats based on signatures or behavior.

Basic Firewall Rules (Plain‑Language)

Firewalls make decisions using rule sets such as:

  • Allow connections on certain ports/services

    • For example, allow web traffic (HTTPS) to a public website server.

  • Block risky or unnecessary services

    • For example, block remote desktop from the internet unless specifically needed.

  • Restrict who can connect

    • Only certain IP addresses or networks can reach sensitive systems (like admin interfaces or databases).

Think of it like a guest list plus behavior rules at a building entrance: only certain people can enter, only through certain doors, and for specific purposes.

Why Firewalls Matter for Businesses

Firewalls are a foundational security control because they:

  • Reduce exposure (shrink the attack surface)

    • Limit which systems are reachable from the internet or other networks.

  • Help enforce network segmentation

    • Separate sensitive areas (like payment systems or HR data) from general‑purpose networks.

  • Filter known malicious traffic

    • Block connections to or from known bad IPs, domains, or patterns associated with attacks.

  • Support compliance

    • Many regulations and standards expect appropriate firewalling between networks and around sensitive systems.

Limitations of Firewalls

Firewalls are essential but not enough on their own:

  • They can’t stop attacks that come through allowed paths (for example, phishing via email, or an attacker using a stolen VPN login).

  • Misconfigured rules (too open, overly broad “allow any” policies) can make them far less effective.

  • They don’t automatically protect against things like weak passwords, insider threats, or unpatched software.

They work best as part of layered security, alongside good identity management, patching, endpoint protection, and monitoring.

Everyday Examples

Examples of firewall decisions:

  • Allow employees’ computers to browse the web and reach approved cloud apps, but block access to known malicious sites.

  • Let the public access a company’s website, but block direct access to the database behind it.

  • Allow remote access to internal systems only via a secure VPN and only from certain locations or groups.

Key Best Practices (Plain‑Language)

For organizations managing firewalls:

  • Use “least privilege” rules

    • Allow only the traffic that’s truly needed; block everything else by default where practical.

  • Segment networks

    • Place critical systems (like finance, production, or medical devices) behind additional firewalls or segments with tighter rules.

  • Review and clean up rules regularly

    • Remove old, unused, or overly broad rules that were added “temporarily” and left in place.

  • Monitor and log firewall activity

    • Keep logs of allowed and blocked traffic; use them to spot unusual patterns and support incident investigations.

  • Keep firewall software and firmware updated

    • Apply updates to fix vulnerabilities and improve detection features.