What Does a Firewall Do
A firewall is a feature on a network that blocks or prevents unwanted access. Firewalls have evolved rapidly over the past 20 years and are nothing like what they were when the internet was in its infancy.
Most people want a firewall on their network for the sense of security that it provides. Whether you are looking to protect your children, secure your privacy, or add a layer of logging to what traffic your network is handling, a firewall is a great first line of defense.
In order to decide which firewall is right for you it's important to learn the features of the best firewalls that are available. Not all of these features are present on any give product so compromises have to be made.
Here are just some of the features that a good firewall offers:
Device Level Access Control
- Prevent Smart TVs from phoning home and spying on you.
- Block certain devices from receiving updates such as firmware.
- Prevent gaming consoles from connecting on the internet.
User Level Access Control
- Block certain computers, phones, or tablets from accessing certain websites based on content, or block the entire internet from those devices.
- Prevent access to the internet during certain times of day, such as after bedtime.
- Limit the amount of total time or data individual users can consume.
Internal Network Control
- Prevent unknown devices on your network from accessing the internet. Very useful if you have an open Wi-Fi network.
- Protect shared printers from unauthorized access.
- Limit data usage of all devices on your network.
- Restrict adult, illegal, or illicit content either on your entire network or by device.
- Block social networks based on time of day or device used.
- Prevent streaming content such as videos.
Logging and Alerting
- Log all activity or only blocked activity for viewing later.
- Send immediate alerts to your phone when an action is attempted and blocked.
Time of Day Restrictions
- Disable any or all services during defined time windows.
- Limit internet access time by individual or device.
There are many more features that firewalls can offer, and each firewall package out there offers a variety of the above options.
However, no single firewall on the market addresses all of these options yet. This is because some of these features are only possible in a hardware firewall, while other features can only exist in a software firewall.
Hardware Firewalls and Software Firewalls
Firewalls come in two distinct varieties: Hardware Firewalls, and Software Firewalls.
Windows and Macintosh operating systems have both shipped with very basic software firewalls for the past decade or so, which means that the vast majority of computers are already equipped with a very simple but effective firewall. Android, Chrome Os, and iOS devices do not ship with a stock firewall.
While it is convenient to have a basic firewall already installed in your computer, the default software firewalls often times do not offer the features that many people want. Aftermarket software firewalls are much more cyber security oriented and offer child safety related tools that many parents are looking for.
Hardware firewalls are usually either in your existing router or installed as an add-on network device very close to your router. Up until very recently hardware firewalls for home owners were very underwhelming and feature limited. They are a convenience however, being located in your router. Hardware firewalls protect your entire network at the same time, which means that they can add protection to home security systems, DVRs, gaming consoles, and other network devices.
You can read more information in our Hardware Firewall vs. Software Firewalls guide.
How a Firewall Works
Firewalls are usually composed of a set of rules that can be thought of as if-then instructions. For instance, a time of day filter might look something like this:
If it is after 9:00 at night, then turn off the internet for the kids.
While a content based filter can be:
If a webpage contains the word "bad", then block the web page.
Firewalls come with a huge set of default rules that are intended to get your network setup and running as fast as possible. The usually group websites by category, such as: social networking, gambling, adult, weapons, and more. This enables you to quickly block entire categories of websites and content without having to dig into the nitty-gritty details about what exactly you do and do not want to allow.
When one of these rules triggers the firewall blocks the content, logs the offense, sends out any alerts as needed, and reports to you that the content was blocked. In the case of hardware firewall the content is stopped before making it to your computer, while a software firewall receives the content, evaluates it, then decides to block it. Because of this a software firewall is much more capable at blocking content based on keywords than a hardware firewall. This does make a software firewall a bit slower than a hardware firewall, and this is an important consideration for many.
Since a firewall is only as good as its rules it is difficult to find a good free firewall. Rules have to be constantly updated and modified to reflect the current threats on the internet. Certainly a set of rules written 10 years ago would not be effective on today's internet.
Most of the free firewall options push heavily for a subscription upgrade to help pay for the costs of maintaining those rules. This does not make the free firewalls less effective, they are usually the exact same back end engine and rule sets. If having a firewall for free is a high priority than you may want to follow our 10 Best Free Firewalls guide.
NAT as a Firewall
It is a common misconception that the Network Address Translation offered in home routers counts as a firewall. A NAT router does indeed block all incoming connections, and that is a very important and useful security feature. However, NAT type routers do not block any outgoing connections, and they usually do not offer any sort of rules, triggers, or alerts related to firewall type activities.
Some home routers do have a dedicated firewall section in them and offer features above and beyond the basic incoming protection that NAT provides. If you are in need of a very cheap and simple hardware firewall this might be a good option for you. Just do not expect any features such as content filtering, real-time alerts, or per user settings.
Do You Need a Firewall
Unequivocally, undoubtedly, undeniably YES! You need a firewall. Fortunatly almost everyone already has one between the NAT in their router and the software firewall that Windows and MacOS ship with.
If you barely use the internet for a bit of email, some social networking, and a little Google research then the combination of a home router and the software firewall that comes with Windows and MacOS is most likely all that you need.
However, if you have a house full of devices and kids and you want to protect your privacy and offer a level of cyber security protection for your family then you should consider adding an aftermarket firewall to your home network. See How to Choose a Firewall for options.