At its most basic, a firewall is the security solution that stands as a first line of defense.
It inspects traffic that is coming into the network. If it identifies blacklisted sources or malicious traffic, it blocks unwanted activity, stopping hackers right at the gate.
For any user or business, firewall security is an essential part of cybersecurity hygiene.
Most OS systems have already built-in firewall software to protect users from hacking exploits. On the other hand, businesses with complex infrastructures need multi-layered cybersecurity systems.
The firewall itself is only one part of it.
While a firewall is essential, there are many misconceptions about what kind of protection it can offer to one’s systems.
Which cyber attacks can a firewall prevent? And which attacks are likely to bypass this first line of defense?
Let’s find out.
Table of Contents
Firewall Security Can Prevent Against Illicit Access
Firewalls can prevent a wide range of cyber threats. Some of them include:
- Brute force attacks
- Malware exploits
- Distributed Denial of Service (DDoS)
Waiting between two networks (e.g. the private network and the public internet), the firewall’s main objective is to stop illicit access to the system. It blocks bad actors who are trying to attack the network with malicious bots and software.
Let’s break down how firewalls can prevent DDoS, malware attacks, and brute force attacks.
Brute Force Attacks
One of the core firewall capabilities is the detection of unauthorized access attempts. During brute force attacks, hackers will test weak or stolen passwords, attempt to crack user credentials, and sign in to different websites, networks, or applications.
A firewall can detect this activity in its trial and error phase — before the threat actor guesses the actual user password.
For example, the tools can identify too many login attempts to accounts, especially if they happen at the same time.
A firewall is great at detecting and filtering well-known cyber exploits — such as documented malware.
Better said, a basic firewall can detect the signs of intrusion and prevent the threat actor from deploying malware within the system.
Newer versions of the firewall (such as Next Generation Firewalls) have antimalware functionality as well. They can block the malware they detect on application layers.
Distributed Denial of Service
Distributed Denial of Service attacks flood the network or application with traffic to slow it down or take it down. While inspecting traffic, Firewall can detect signs of simpler DDoS attempts — such as ACK Fragmentation Floods.
However, it can’t protect the system against volumetric DDoS attacks or those that mimic regular traffic.
Companies still need additional DDoS protection because even the most complex version of the Firewall can’t offer you comprehensive security that protects a business from all threats.
Cyber Attacks That Bypass Firewall Security
On the other hand, a firewall can’t detect and block:
- Social engineering attacks
- Zero-day exploits
- Viruses already in the system
Essentially, a firewall is helpless when a threat actor uses attacks that rely on human errors, threats that are yet unknown to an organization’s security systems, or viruses that get into the system via another route.
Let’s break these down.
Social Engineering Attacks
It’s estimated that 90% of cyber attacks start with phishing schemes. Instead of exploiting technical vulnerabilities, hackers are more likely to call an employee on the phone or contact them via email, impersonating someone they trust.
Social engineering, such as phishing and shoulder surfing, have been used for decades. They’re still effective since they rely on psychology and exploit biases every human has naturally.
The firewall isn’t designed to pick up on discrepancies in human interactions.
A more effective way to fight social engineering attacks is with phishing awareness training for all employees. Security tools such as email scanning may detect suspicious emails, but they will not catch more advanced phishing types.
Zero Day Exploits
When looking for signs of malicious traffic; the firewall cross-compares the data it has to determine if the incoming packets of traffic are suspicious.
If vendors or security professionals still haven’t discovered the threat, your firewall can’t identify it.
That is, it can’t detect zero-day exploits because a firewall can’t block something it doesn’t expect or actively look for.
Companies can also calibrate the firewall to block threats based on the unwanted activity that is likely for their type of infrastructure.
Virus Already on the Device
The basic version of the firewall blocks malicious activity right at the gate. But once the virus does infect the machine through a source such as an infected USB port or an email, your firewall can’t see it.
That is why companies are advised to install multiple basic security tools — such as antivirus and antimalware software. They can pick up on the threats that pass the initial wall of defense.
For example, an antivirus can scan all the files to uncover and remove malicious software that already infected documents on a machine. The firewall can’t.
Capabilities Depend on the Type of Firewall
We mentioned only a few threats against which a firewall can protect users and organizations. To make a more comprehensive list, it’s important to consider which kind of firewall the business has.
Types of firewalls range from simpler packet filtering firewalls that inspect specific data for the company to nuanced Next Generation Firewalls that offer more in-depth analysis on the application level.
Also, the capabilities of the same type of firewall will vary depending on the vendor.
Finally, firewalls are essential and can mitigate many threats that could compromise the system. But it’s important not to mistake the firewall for comprehensive cybersecurity.
Networks still need multi-layered security.
The more layers a business has, the more challenging it is for cyber criminals to reach the most valuable assets of the company. For the hacker, this means they have to go through multiple defense layers until they can reach certain access and data within the system.