What is a firewall?
A firewall is a device or software that monitors network activity and blocks unauthorized or suspicious network traffic. Think of it like a coffee filter keeping grounds out of your morning brew, but with far more serious implications.
Most firewalls these days are automated, so you don’t need to do much besides turning them on (if they’re not on by default). The software will then update itself in the background and monitor incoming and outgoing traffic. For example, Windows computers typically come with a firewall turned on by default—no user intervention required—while Macs generally have their default firewall set to off.
Firewalls can help protect against a number of online threats:
- Unauthorized remote access: Hackers or cyber criminals could attempt to gain access to your device over the network. A firewall can block this access.
- Malware infections: A firewall can prevent malware embedded in websites or other locations from downloading itself to your device.
- Malware sending data out: If there’s already malware on your device, a firewall can prevent it from sending out information—such as your passwords or credit card information.
Given the potentially serious nature of these threats, and the set-and-forget nature of most firewalls, using one is a no-brainer and an important part of staying safe on the internet.
What are the different types of firewalls?
There are a few different types or categories of firewalls on the market. For the most part, you won’t need to worry about these when choosing one and securing your personal devices, but it’s still good to be familiar with the terminology so you don’t get confused.
Personal firewalls are those that run on a single computer. Examples include the firewalls built into Windows and Mac computers or the firewalls included with some antivirus software.
Personal firewalls are important, and you should definitely ensure that you have one running on each of your computers. They help prevent issues with malware or unauthorized remote access, and can also ensure that none of the applications on your device are running rogue.
Stateful firewalls are dynamic and can continuously monitor traffic as it passes through a network. They’re able to pick up on patterns and other signs of malicious traffic. Stateful firewalls are the second generation of firewalls.
This is in contrast to stateless firewalls, sometimes referred to as packet-filtering firewalls, which can only filter out network traffic based on predefined rules. These were the first generation of firewalls and had only very limited capabilities compared to today’s technologies, so they’re rarely used these days.
Note that the terms here are often used somewhat loosely and interchangeably. “Packet-filtering firewall” typically refers to a stateless firewall, but you may also see the phrase “stateful packet-filtering firewall.” Both are technically correct—these firewalls all tend to work by filtering out packets of network traffic.
Web Application Firewall
Web Application Firewalls (WAFs) are firewalls that focus on monitoring traffic at the application level—in this case, web apps. WAFs are often used to protect websites or web-based applications from malware infections or Distributed Denial of Service (DDoS) attacks. They are often (though not always) cloud-based. This is the type of firewall you’d want to look for if you were building your own website.
Next-Generation Firewalls (NGFWs) are those that aim to expand on the capabilities of traditional stateful firewalls. These tools aim to combine the best parts of modern firewalls with other network security functions, such as antivirus and threat prevention. They’re geared primarily toward enterprise customers, but you may run into some of the associated terminologies if you’re hunting for a personal firewall.
Software firewalls vs. hardware firewalls
Software firewalls are those that exist as a piece of software running on your machine—whether laptop, tablet, desktop, or server. A hardware firewall, on the other hand, is a separate piece of equipment. Hardware firewalls are essentially dedicated computers that only run the firewall software. The hardware firewall is connected to your router and filters traffic before it reaches your devices.
Generally speaking, these are overkill for most home internet uses—plus, many (if not most) routers already have firewalls built in. Hardware firewalls are primarily used in enterprise situations where you need to lock down all traffic beyond a certain point.
The main advantage of a hardware firewall is that it can dedicate more computing power and resources to the firewall without taking away from other applications on your device. This comes at the cost of needing extra physical space. Hardware firewalls are also often more expensive than software options.
How to get a firewall
If you have a modern computer, chances are good you already have a firewall installed and running. Nearly all modern Windows machines ship with the Windows firewall already enabled and running. This is plenty—there’s really no need to add anything else.
Macs also come with a firewall built in, although it’s turned off by default. There appear to be two main reasons: improved network performance (although today’s high-speed connections can likely handle it), and the fact that Macs tend to be more secure by nature. It seems Apple doesn’t think it’s necessary for most people. If you do want to turn it on, head to System Settings > Network > Firewall, and toggle it on. Again, this should be plenty for most users.
Most internet security software also comes bundled with a firewall. If you find you need more than what’s offered with your default firewall, this is an excellent option.
Another brick in the (fire)wall
Firewalls are highly useful tools that can block malicious traffic and keep unwanted visitors off your network. However, firewalls alone won’t guarantee online safety. You’ll want a wide array of tools, such as antivirus software, as well as plenty of knowledge. To help out with that, check out our guides to using public Wi-Fi safely and keeping your kids safe online.
Dave Schafer is a freelance writer with a passion for making technical concepts easy for anyone to understand. He’s been covering the world of gadgets, tech, and the internet for over 8 years, with a particular focus on TV and internet service providers. When he’s not writing, Dave can be found playing guitar or camping with his family and golden retriever, Rosie.
Bri Field has a background in academia, research writing, and brand marketing. She has edited scientific publications, conference papers, digital content, and technical communications. As Assigning Editor, she enjoys ensuring all content is accurate, clear, and helpful. In her free time, you can find her in the kitchen trying a new recipe, out on a hike, or working through her massive TBR list.