Beginners Guide to Firewall Terms - Part 1

Some of the tech-talk related to network security can overwhelm of staff not steeped in the nuances of the burgeoning information technologies and ever-multiplying acronyms.  For small to medium sized businesses without the budgets to employ a full-time IT security professional, making the right choice on a firewall solution can be confusing. Even having the smallest grasp on some important firewall terms can help a small business owner make a better decision.  

IT-types don’t always talk in the most simplistic of terms and the industry is rife with acronyms. Hopefully the following list will be a useful resource.  

Small Business Firewall Terms to Know

Let’s start with a couple of basic tech definitions that will make some of the more complex terms a bit easier to understand:

Gateway

A computer networking access point.  This can be a router, server or firewall. It will connect your local network to the internet.  

Packet

Various “chunks” of data transferred between origins and destinations over a network. Information sent over your network is divided into these.  

Protocols

Digital commands and rules used to manage communication between computing systems.  Protocols can change the way your network interacts with different applications and traffic.  TCP is a protocol that controls packet delivery.

These few building blocks will make the capabilities of the various firewall technologies somewhat easier to follow. 

Stateful Packet Inspection

In Stateful Inspection, the firewall keeps track of the state of network connections traveling across it.  Only packets matching a known active connection will be allowed, others will be rejected.    

Deep Packet Inspection (DPI)

This is a form of network packet filtering that examines the internal information contained in a packet as it passes through the firewall.  This enables advanced network management and provides a more thorough security check than a standard source/destination check. 

Stateful Inspection and Deep Packet Inspection are not exclusive and contemporary firewalls utilize both technologies to protect networks. 

Intrusion Detection Service /Intrusion Prevention Service (IDS/IPS)

Scans and prevents external/internal traffic that is attempting to break into your network.  Intrusion Prevention Services can set off alarms, drop the inappropriate packets, block traffic from an offending IP address, etc.  IDS/IPS can be run as a standalone system or in conjunction with your other firewall technologies (see UTM). 

Gateway Anti-virus/Anti-spyware

Gateway Anti-virus and Anti-spyware moves virus and spyware protection to the perimeter of your network.  Utilizing Deep Packet Inspection and Stateful Inspection technologies the firewall can analyze traffic for known threats before the malicious code impacts your endpoints.  Consistently updated, these tools are used to prevent more sophisticated attacks on networks.  Real-time protection geared towards a more connected online community increasingly vulnerable to attacks.  

Enforced Client Anti-virus/Anti-spyware

This provides the ability to enforce security via policies applied to the network.  If an employee’s or guest’s device does not have current anti-virus, anti-spyware, etc., they are denied connectivity to the network or the appropriate software is automatically deployed to the device.  Protection is consistent, updated malware databases and performance reporting.

Anti-Spam Service

Stops SPAM email from entering the gateway.  Monitors content, sender IPs, block lists and keeps real-time information on email threats. 

Web or Content Filtering

Creates and blocks a library of monitored sites and categorized internet content that is unwanted on local networks.  Usually provides several levels of intelligent reporting to review activity and enforce policy.  Can cache content for better overall network performance.