Firewall Fundamentals

We’ve all heard the term “firewall” at least once. 

But do you actually know how one functions? Does your team? 

If the answer to any of those questions is “no”, don’t worry – we’ve got you covered. 

Our guide will explain firewalls in simple terms and how you can introduce them to your employees. We’ll also cover how they protect your computer, the different types, and how to configure them, plus how to handle common attacks. 

It doesn’t matter if your team are tech pros or they’re just getting started with cybersecurity 101 – everyone will find something new and useful in this article. By the end of it, you’ll have a clear understanding of network security basics and the firewall fundamentals. 

Ready? 

What Is a Firewall? 

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined rules. It functions just like а digital barrier, positioned between a trusted internal network and untrusted external networks, such as the internet. The goal is to protect you from cyber threats by filtering malicious traffic and preventing unauthorized access. 

But how do firewalls work exactly? 

The first step is analyzing data packets. Those are small units of data transmitted over a network. Firewalls determine whether they should be allowed or blocked. This process relies on rules that define what kind of traffic is safe. More on that later.

Now, let’s discuss the types of firewalls. 

First, we have: 

• Hardware – physical devices that sit between your network and the internet. They filter traffic before it reaches endpoints. They’re commonly used in business settings for network-wide protection. 

• Software firewalls– installed on individual devices, providing security tailored to specific machines. These are useful for personal computers and remote workers. 

Most organizations use a combination of both to ensure comprehensive protection.  

We can break them down further, though. Firewalls can also be: 

• Packet-filtering – the most basic type, analyzing individual data packets based on predefined rules. 

• Stateful inspection – more advanced, track active connections and make security decisions based on the context of the traffic. 

• Proxy – act as intermediaries, inspecting and filtering traffic between users and the internet. 

• Next-generation (NGFWs) – a combination of traditional firewall capabilities with features like intrusion prevention and deep packet inspection. 

• Cloud-based – designed to protect cloud environments, these offer scalable and remote security solutions. 

The ideal firewall should balance security, performance, and ease of management while aligning with your company’s needs and growth plans.  

Once you’ve chosen one, make sure to explain to your team its exact purpose and specifics. You’ll also need to teach them how to configure a firewall successfully. 

Configuring a Firewall 

This is an essential step to ensure the firewall you chose effectively protects your business from cyber threats. Even the best one won’t be fully effective if it isn’t set up correctly and has security gaps. 

First things first: 

Establish clear security policies. Make sure to outline: 

• Which types of traffic should be allowed or blocked 

• Who has access to what data and applications 

• How external and internal threats should be handled 

Once those are cleared up, you can proceed to configuring your firewall. It should only allow necessary traffic and block everything else by default.  For example, it should restrict: 

• Remote Desktop Protocol (RDP) unless absolutely required 

• File-sharing protocols unless needed for business operations 

• Unsecured communication protocols like Telnet and FTP 

You need to understand that hackers often exploit open ports and unused services to infiltrate networks. So, make sure your IT team knows how to close unnecessary ports while maintaining business functionality. 

The next step is to implement Access Control Lists (ACLs). Those define which users, devices, and applications can communicate within your network. A well-configured ACL prevents unauthorized access to sensitive data. 

You should teach your employees how those controls work and why restricting access helps prevent security breaches. You can include hands-on exercises where teams set up mock ACL rules to better understand the intricacies of it.  

Another thing you should train them to do: 

Check the firewall logs. 

You see, firewalls generate logs that track all network activity. Regularly reviewing them can help detect potential threats before they cause damage. Walk your team through real-world examples of suspicious firewall activity. Train them to recognize signs of an attempted breach and how to respond. 

You can also: 

• Set up real-time alerts for suspicious activity 

• Use a Security Information and Event Management (SIEM) system for log analysis 

• Schedule routine audits to ensure firewall rules remain effective 

Last but not least: 

Firewalls with built-in Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) provide an extra layer of security by actively blocking malicious traffic and alerting administrators about potential threats. 

• Ensure IPS is set to block suspicious behavior automatically, rather than just issuing warnings 

• Regularly update the IPS signature database to detect new threats 

• Enable deep packet inspection (DPI) for advanced traffic analysis 

Once your employees are properly trained and everything is set up, you should set reminders to regularly update your firewalls. Also, review and modify firewall rules quarterly or after major infrastructure changes. Conducting regular penetration testing to identify vulnerabilities will work out in your favour, too. 

Common Firewall Attacks 

Let’s now discuss the most common firewall attacks.  

The ones you should definitely include in your training are:

• IP spoofing – occurs when an attacker disguises their IP address to appear as a trusted source. This allows malicious traffic to bypass firewall rules designed to block untrusted sources. 

• DDoS attack – floods a network with excessive traffic, overwhelming the firewall and preventing legitimate users from accessing services. In DDoS attacks, multiple compromised devices (botnets) are used to amplify the attack. 

• Man-in-the-Middle (MitM) attacks – an attacker intercepts and potentially alters communication between two parties. This can be used to steal sensitive information or inject malicious traffic into an otherwise secure connection. 

• Port scanning and probing – hackers use port scanning tools to identify open ports on a network. Open ports can serve as entry points for exploitation. 

• Firewall misconfiguration vulnerabilities – a poorly configured firewall can leave security holes that attackers can exploit. Misconfigurations may include weak access control lists (ACLs), outdated rules, or default admin credentials. 

Those can be blocked or mitigated by: 

• Enabling packet filtering to verify the legitimacy of IP addresses 

• Using deep packet inspection (DPI) to analyze traffic behavior beyond basic IP addresses 

• Implementing ingress and egress filtering to block forged IP addresses from both entering and leaving your network 

• Using rate limiting to control the number of requests from a single source 

• Deploying intrusion prevention systems (IPS) to detect and mitigate unusual traffic spikes 

• Encrypting sensitive traffic using SSL/TLS 

• Using a VPN to secure remote connections 

And more.  

Make sure to include an explanation of all relevant methods and how to employ them as parts of your educational programs.Wondering what else can you include in your cybersecurity training? 

We suggest you explain to your team how to deal with ransomware and phishing. Oh, and don’t forget to have a training on how to identify and report security incidents, too.  Although not firewall-specific, it’s crucial. You can also focus on the importance of password managers.  

And if you ever need a cybersecurity professional to enhance your team: 

Contact us! 

We’ll provide the best talent for your company and help you take your business to the next level. 

Wrap Up 

We all know that firewalls are a critical component of modern network security basics. 

But understanding and knowing how to properly configure them makes all the difference.  

Your team should also know what hardware and software firewalls are and how to update both. They should also recognize common attacks and how to mitigate them. Regular workshops on network security basics and general cybersecurity will empower your staff to prevent breaches and respond effectively if an incident occurs. 

Remember: 

Your employees are your first line of defence. It’s up to you to train them properly. 

FAQ 

How do firewalls work? 

Firewalls work by monitoring incoming and outgoing network traffic and blocking or allowing data based on predefined security rules. They act as a barrier between a trusted internal network and untrusted external sources (like the internet). Their goal is to prevent unauthorized access. 

What are the basics of firewall? 

The basics of a firewall are that it monitors and controls network traffic based on security rules to protect systems from cyber threats. There are different types of firewalls, but all work by filtering data packets to block unauthorized access while allowing legitimate communication. They prevent malware, hack attempts, and unauthorized data transfers. 

What is the most basic firewall? 

The most basic firewall is the packet-filtering one. It examines data packets and decides whether to allow them or not, based on predefined rules. It operates at the network layer, checking packet headers for source and destination IP addresses, ports, and protocols.