On average, hackers infiltrate unsuspecting user’s computers every 39 seconds. Unsurprisingly, most attacks come from the internet. Malware can spread like a weed; if one device is infected, everything connected to the same network is at risk. Luckily, there are defensive measures available to protect users and their systems from cybercriminals.
Firewalls are security tools tasked with protecting your device from external threats, i.e. threats coming from the internet. They monitor all inbound and outbound data, terminating any connections deemed suspicious and preventing hackers from using your computer to spread malware. With this purpose in mind, they can block apps from using the internet, prevent unauthorized access to your data, and stop data exfiltration attacks.
As cybercrime continues to skyrocket, firewalls are more essential than ever. Using a firewall is one of the best things you can do to protect your sensitive data, like online banking details and personal information, and ensure the integrity of your devices. That said, a firewall alone is not enough to keep you safe from most threats.
What Is a Firewall and How Does It Work?
A firewall regulates connections between devices on your local area network (LAN) and the outside world. When you browse the internet or use a Voice over Internet Protocol (VOIP) program like Skype to make a call, your computer communicates with the Wide Area Network (WAN) by exchanging packets of information over designated ports. These packets travel both from the outside network to the computers on the LAN during the downlink (such as when you’re downloading a file from the internet), and in the opposite direction during the uplink (such as when you’re uploading a video to YouTube).
In a nutshell, firewalls are hardware or software used to prevent unauthorized access to your computer network.
They can be used by both individuals and large businesses to filter all incoming and outgoing data. If the firewall filter catches anything suspicious, it denies it access to your computer system and private network. In the same vein, if it detects suspicious data being sent from your computer, it will put a stop to it.
Firewalls can also be configured to block specific programs from accessing the internet. This is useful if you’re testing an app that you think might be dangerous, or if you’re using a program that contains highly sensitive information.
In this day and age, every computer needs a firewall in order to protect sensitive data. Though by no means the only tool necessary to avoid web-based threats, firewalls are a crucial part of any security suite. Luckily the best antiviruses come with advanced firewalls — I particularly like the one included with Norton due to its GUI and port configuration tools.
What Kind of Attacks Do Firewalls Protect Against?
Firewalls prevent cybercriminals from gaining access to your system. The issues include but are not limited to:
- Backdoor Access: A backdoor refers to any security holes or bugs that, when exploited, allow unauthorized access to a program. Even entire operating systems like Windows can have backdoors, and an experienced hacker knows how to take advantage of them.
- Malicious Traffic: A broad category, malicious traffic covers any data coming into your network that carries threats like malware. A good firewall will detect that the incoming data is suspicious and block it. Firewalls can also block data coming from specific IP addresses known to be used by malicious actors.
- Denial-of-Service Attacks: Denial-of-service and distributed denial-of-service attacks (DoS and DDoS) involve malicious actors sending huge amounts of data to a target network. When successful, these attacks can cripple network speed and bring services down. Firewalls can stop incoming data from certain sources, reducing the effect.
- Man-in-the-Middle Attacks: This type of threat (abbreviated as MITM attacks) is accomplished by hackers intercepting and altering data as it moves from source to recipient. The data might be changed to cause confusion or be replaced with malware. Some firewalls can detect unusual traffic and block it.
- Remote Login Hijacking: Remote desktop allows users to connect to and control a computer from another location. There are plenty of legitimate uses for this type of software, but it can also be exploited by hackers to steal your info or add malware to your machine.
- Source Routing: When data packets are traveling through an online network, they are typically “passed along” by multiple routers before reaching their destination. Some hackers take advantage of this system by making malicious data packs look like they’re coming from a trusted source. Many firewalls disable source routing for this reason.
What Else Are Firewalls Used For?
Firewall programs can sometimes be used as proxy servers. Whenever you access a web page, the proxy server receives the data first before forwarding it to your computer. This setup has a few benefits:
- The server that holds the web page doesn’t directly interact with your machine, reducing the chances of a malicious webpage infecting your computer.
- Your computer’s online network address is hidden.
- A version of the web page is saved in the proxy server’s cache memory, enabling faster loading if you revisit the page in the future.
On top of the proxy server, firewalls occasionally offer a DMZ (Demilitarized Zone) or a perimeter network that houses low-risk files and clients that are outside the main firewall. Since companies mainly use this feature, individuals most likely won’t have to worry about it.
Firewall Pros & Cons
There are many advantages to running a firewall on your computer. The increased security they provide is worth the price of a few notifications and warning pop-ups.
Pros
- Lower risk of malware as firewalls can block certain types of attacks.
- A firewall will ensure any program you run has its online access monitored and verified. Network traffic that could signal an unsecured transfer of sensitive data will be controlled through your firewall.
- Some will notify you when the firewall filters out any connections.
- Some firewalls come with extra features to enhance your cybersecurity. We’ll touch more on that later.
- You can control whether a specific app has access to the internet.
- Connection speeds can be maximized by filtering out unnecessary data.
Cons
- Like any security tool, false positives occasionally come up. You may find that your firewall accidentally blocks a genuinely secure webpage you want to access.
- Certain features can take up too much processing power.
- Excessive notifications can sometimes be slightly annoying.
How to Deal with False Positives
If your firewall impedes your work by blocking too many packets, you should consider checking the settings and adjusting the intensity of the firewall filters. Finding a balance between security and ease of use may prove a challenge at first.
Disable too many features, and you’ll be more vulnerable to attacks. Set the filter intensity too high, and you’ll run into issues with safe content getting blocked.
Here’s how to find and configure the settings that allow approved programs and connections. If you use Windows 11 and Windows Defender’s firewall, here’s what you can do:
- Enter “firewall” into the Windows search bar and click Firewall & network protection.
- If you want to change your app settings, click Allow an app through firewall.
- The new window will show the programs on the list and allow connections through either private or public networks.
- Click Change settings and accept the prompts, then scroll through the list and find the app you want to block or unblock from accessing the web.
If you tick both the Private and Public boxes, the app will always be able to access the internet. If you only tick Private, it can only get online through your home network.
The process of whitelisting a connection is similar with most of the best third-party firewalls. To give an example, with Norton, you need to go to the firewall window, go to settings, click Program Control, select the program you want to unblock, and make sure that Allow is ticked in the drop-down list.
The firewall tab on the Windows Security window will also let you customize your notification settings and set custom rules for both inbound and outbound traffic.
Does a Firewall Alone Offer Enough Protection?
No — firewalls are only effective against specific types of threats. They’re essential but by no means the only tool you need if you’re concerned about security. In addition to a firewall, you’ll need an antivirus. Many antiviruses (Windows Defender included) also come with firewalls, so if you choose wisely you can get maximum protection from a single product. The best firewalls come bundled with third-party antiviruses, with Norton being my personal favorite. For Windows users, that is. If you use a Mac, I recommend Intego.
A firewall mainly serves as a preventative measure against malicious online attacks. But if a threat makes it through, a firewall can do little to prevent it from damaging your system or stealing your data. You’ll need a good antivirus to neutralize any active threat.
If you accidentally download a malicious file all on your own, there’s little chance that your firewall will stop it. Instead, firewalls are more geared toward stopping hackers from using the internet to directly add viruses to your computer. An antivirus, on the other hand, will actually scan the content of the files you download and block anything malicious (assuming it works properly).
Keep in mind that not all firewalls are created equal. The Windows Defender default firewall is useful but somewhat barebones feature-wise. You need to ask yourself the following questions:
- Do you want more advanced firewall protection or special functions like dual-layer virus protection?
- How about a detailed report of which programs are attempting to access your device?
- Are you comfortable with basic protections or do you need higher quality detection?
If your answer to any of these questions is yes, you should consider getting a third-party firewall. There are many capable firewall options on the market, but you have to decide which one is right for you.
Editors' Note: Intego and this site are in the same ownership group.
What Are Some Good Firewall Recommendations?
A good firewall does its job effectively, offers extra functionality and customization, and runs without negatively impacting your system’s performance.
Conveniently, some antiviruses come bundled with firewalls, covering most of your cybersecurity needs with just one program. There are also some decent free firewalls that outshine those that come with every PC and Mac. Premium firewalls tend to be better than free alternatives, though, offering more flexibility and better overall protection against threats to your network.
Personally, I value firewalls that offer advanced configuration options, like the ability to create custom rules. Norton and Bitdefender both fit the bill. I particularly like how Norton makes it easy to manage ports.
McAfee’s firewall is easier to use but not as customizable. If you’re a Mac user, Intego is your best option. Note that to get any of these you’ll need to subscribe to an antivirus plan (which I recommend regardless).
If a premium antivirus doesn’t fit into your budget, Tinywall is a great option. It’s very customizable but didn’t block as many threats as Norton during my tests. ZoneAlarm is also pretty good, but you can’t utilize stealth mode with the free version.
Frequently Asked Questions
What do firewalls do?
Firewalls block a wide variety of internet-based attacks. They’re essential for protecting all of your devices as threats can easily spread from one device to another if your network is unprotected. At the most basic level, firewalls have the power to block incoming connections if they’re deemed dangerous, as well as outgoing data that could be used to spread malware.
How do firewalls work?
Firewalls work by analyzing your network activity and blocking anything that seems suspicious. This applies both to data coming into your network from external sources and data that you send out. This second aspect is important because it can stop your devices from being used to spread malware. In their analysis, firewalls look at the source of data as well as the content.
Firewalls are focused on protecting your network, meaning they aren’t effective against all online threats. For example, they generally won’t stop you from downloading malware by mistake.
Do I need a firewall?
Yes, absolutely. Firewalls are essential for keeping your network safe. The good news is you already have one. Every Mac and Windows computer comes with one, but these are far from the best firewalls out there. Third-party firewalls are generally more effective at blocking malicious traffic and offer better custom features.
How do I stop my firewall from blocking connections?
If you think your firewall is blocking something that’s actually safe, you’re experiencing a false positive. This can usually be addressed through your firewall’s settings. If it’s an app that’s being blocked, you should be able to find a list of apps on your device. Clicking on the app in question should show an option to allow connections through the app.
Just be certain it’s actually a false positive before letting it through your firewall. If it’s a new app you’ve just downloaded, your firewall might be blocking it for a good reason. The best firewalls keep false positives to a minimum.