Software firewalls 101: functions and options
Firewalls are designed to monitor and control incoming and outgoing network traffic. They do that relying on sets of predetermined security rules, and act as a barrier between your network or computer and the Internet (or a larger corporate network).
Firewalls effectively protect against unauthorized access, cyber-attacks, malware spread, and data breaches. Typically, users don’t bother with them until falling prey to a fraud or malevolent activity involving infiltration into the data storage (hard drive). If you want to be prepared and prevent such situations rather than remedy them post factum, keep on reading for actionable information and tips about this layer of a comprehensive cybersecurity strategy.
Software firewalls vs. hardware firewalls
First things first: let’s spell the essential difference between the two types of firewalls.
A hardware firewall is a physical device deployed between your network and the Internet, acting as a gatekeeper for all incoming and outgoing traffic. It makes sense to put up one if you seek to protect multiple devices on a network. A hardware firewall is a more significant investment, and requires some skill to set up, but it can handle larger volumes of traffic and does not eat into resources of other devices.
A software firewall operates at the level of a single computer. It is a program that monitors and controls traffic, typically needing no set up, like the built-in Windows Defender Firewall. Depending on the configuration and the volume of data transferred, a software firewall can have a tangible impact on the resources.
As the title of this piece suggests, it covers software firewalls as a more common solution good for most scenarios not involving storage of highly sensitive or top secret information.
Key functions of a software firewall
Traffic monitoring and control. This is, arguably, the most important job a firewall does: filtering incoming and outgoing network traffic under the predefined security rules. This function is crucial for protecting devices from unauthorized access and potential threats. Advanced firewalls can monitor traffic on the level of applications, detecting non-typical behavior and raising respective blocks.
Access control. If you need to allow only a certain pool of devices to access your computer (rather, its sections made visible to the outside world), a firewall can help set and effect the needed restrictions. This is achieved by creating rules that specify which IP addresses, ports, or protocols are permitted or denied access.
Logging. Software firewalls maintain logs of network activity, which can give information crucial to an investigation of a breach. Typically, such logs show the status of connections and traffic characteristics
Intrusion detection and prevention. Many software firewalls can monitor network traffic for signs of malicious activity or policy violations, and automatically block sources of suspicious behavior, like repeated failed login attempts or unusual data transfers.
Malware protection. While not a replacement for an antivirus suite, software firewalls often come with built-in malware protection features. Scanning the traffic, they check it for signs of known viruses, worms, and other malicious content, building quite an effective barrier.
Sandboxing. This is a feature available in more advanced firewalls. Sandboxing means setting up a controlled environment where the user can launch an application of dubious origins without putting the entire system at risk.
Is the built-in Microsoft Defender Firewall enough?
The integrated Windows firewall is basic, but it does deliver the essential building blocks for the gateway to monitor and control incoming and outgoing connections. In addition, the tool offers protection against unauthorized access: it can block unsolicited incoming traffic unless explicitly allowed through exceptions or rules you set.
Microsoft Defender Firewall:
- easy to use, straightforward configuration;
- enabled by default, you can spend no time setting it up;
- integrated with other Microsoft security tools;
- lacks advanced customization options compared to specialized software;
- cannot do intrusion detection, deep packet inspection, etc.
Third-party firewall solutions
If you want something more versatile than the Windows built-in firewall, here are four popular solutions with good value for money ratios.
- GlassWire Firewall. Filled with features, this firewall offers real-time monitoring with alerts for suspicious activity, and gives you a detailed graph of how the bandwidth was used over time.
Download GlassWire Free Firewall
- ZoneAlarm Free Firewall. This solution has an anti-phishing shield on top of traditional firewall capabilities, and comes with identity theft protection services as part of the full suite.
- Comodo Firewall. This one can do sandboxing and relies on cloud-based behavior analysis for better threat detection.
- TinyWall. As the name implies, this firewall solution is very lightweight (runs from a single executable file), yet it boasts advanced functions like applications whitelisting.
In case you have missed the previous posts from the spontaneous “Cybersecurity for the masses” series, here are the links to the previous installments: