How Do Firewalls Work?

Cyberattacks can be incredibly devastating for businesses, not to mention costly—it’s estimated that in 2017, the cost of cybercrime was nearly $600 billion. With the number of targeted cyberattacks continuing to rise, managed services providers (MSPs) are under increased pressure to secure customer networks from threats.

As an MSP, you know that having a firewall (or multiple firewalls, for that matter) can make a big difference in network security. Firewalls help protect networks and devices from a wide range of security risks, namely unauthorized access from outside your customers’ networks. They can also inform you of potentially threatening attempts to connect from within customer networks.

Knowing how to properly articulate the role of firewalls for your customers is a key part of delivering service as an MSP. If you’ve ever had a customer ask “What does a firewall do?” or “How do firewalls work?” this guide can help walk you through simple ways to explain these concepts.

Firewalls explained

Firewalls are software or hardware that work as a filtration system for the data attempting to enter your computer or network. Firewalls scan packets for malicious code or attack vectors that have already been identified as established threats. Should a data packet be flagged and determined to be a security risk, the firewall prevents it from entering the network or reaching your computer.

There are several different ways security firewalls can monitor and regulate network traffic. These methods can include:

  • Packet filtering. Packets are small amounts of data. When a firewall uses packet filtering, the packets attempting to enter the network are run against a group of filters. These filters remove the packets that match certain identified threats and allow the others through to their intended destination.
  • Proxy service. These firewalls are incredibly secure, but they come with their own drawbacks. They work more slowly than other types of firewalls and are often limited with regard to the sorts of applications they can support. Instead of serving as a filtration system that data passes through, proxy servers function as go-betweens. By essentially creating a mirror of the computer behind the firewall, they prevent direct connections between the customer device and the incoming packets, protecting your network location from potential bad actors.
  • Stateful inspection. Where static filtering examines the packet headers, stateful inspection firewalls examine a variety of elements of each data packet and compare them to a database of trusted information. These elements include source and destination IP addresses, ports, and applications. Incoming data packets are required to sufficiently match the trusted information in order to be allowed through the firewall. Stateful inspection is a newer method of firewall filtering.

How does a firewall protect data?

By putting protective filters in place around your network and devices, firewalls can help to prevent a number of different security risks. These can include:

  • Backdoors. While certain applications are designed to be accessed remotely, others may have bugs that give potential hackers a “backdoor,” or a hidden way to access and exploit the program for malicious purposes. Some operating systems may also contain bugs that provide backdoors for skilled hackers to manipulate to their own benefit.
  • Denial of service. This increasingly popular type of cyberattack can slow or crash a server. Hackers utilize this method by requesting to connect to the server, which sends an acknowledgment and attempts to establish a connection. However, as part of the attack, the server will not be able to locate the system that initiated the request. Flooding a server with these one-sided session requests allows a hacker to slow down server performance or take it offline entirely. While there are ways firewalls can be used to identify and protect against certain forms of denial of service attacks, they tend to be easily fooled and are usually ineffective. For this reason, it’s important to have a variety of security measures in place to protect your network from different types of attacks.
  • Macros. Macros are scripts that applications can run to streamline a series of complicated procedures into one executable rule. Should a hacker gain access to your customers’ devices, they can run their own macros within the applications. This can have drastic effects, ranging from data loss to system failure. These executable fragments can also be embedded data attempting to enter your network, which firewalls can help identify and discard.
  • Remote logins. Remote logins can vary in severity, but always refer to someone connecting to and controlling your computer. They can be a useful technique for allowing IT professionals to quickly update something on a specific device without being physically present—but if performed by bad actors, they can be used to access sensitive files or even execute unwanted programs.
  • Spam. While most spam is harmless, some spam can also be incredibly malicious. Spam often will include links—which should absolutely never be clicked! By following links in spam mail, users may accept cookies onto their systems that create backdoor functionality for hackers. It is important that your customers receive cybersecurity awareness training in order to reduce vulnerabilities from within their network.
  • Viruses. Viruses are small programs that replicate themselves from computer to computer, allowing them to spread between devices and across networks. The threat posed by some viruses can be relatively small, but others are capable of doing more damage—such as erasing your customers’ data. Some firewalls include virus protection, but using a firewall alongside antivirus software is a smarter and more secure choice.

Because there are so many varieties of potential cyberattacks, it can be difficult for firewalls to filter out every threat. While firewalls are extremely beneficial in securing networks, it is essential to also pair firewalls with other security programs and hardware as part of a robust security lineup.

How does a multilayer firewall work?

Multilayer firewalls function like packet-scanning firewalls in that they filter out incoming data before it can actually enter the network. The difference is that multilayer firewalls use what is called “dynamic packet filtering,” which involves monitoring the networks’ active connections. Based on those connections, the firewall will assess which packets are safe and can be allowed through. Multilayer firewalls offer a number of benefits in securing networks, but can be expensive to employ.

How do I use a firewall?

There are both hardware and software firewalls. The hardware options are often built in to routers to intercept traffic moving between the broadband router and user devices. Software options are programs that monitor the traffic going in and out of your computer. If you are running a Windows operating system, there is a built-in software firewall that you can access by opening the Control Panel and clicking the Windows Firewall pane.

Interested in learning more about how firewalls work? Read through our blog for other common questions and concerns with firewalls.


Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site