How an Internet Firewall Protects Your Online Privacy

test

Lyndon Seitz - Editor-in-Chief

Date Modified: January 4, 2023

How an Internet Firewall Protects Your Online Privacy

Nothing good should ever be easy. The old saying goes something like that, and that philosophy is playing out perfectly with the internet. While going online daily for entertainment, work, and education has become normal for millions (billions?) of people, its use doesn’t come without risk.

We’re talking about the dark underbelly of the online world. Words like hackers, malware, and the Dark Web come to mind. You assume a certain security risk whenever you hop on the World Wide Web. 

Hackers and other cybercriminals are out there daily, waiting and hovering like jackals to scoop up your personal information to sell to others or use themselves for nefarious reasons.

Another word you’ve probably heard thrown around is internet firewall. This is a tool the good guys use to thwart a hack attempt to plant malware. A firewall is a software program that sits between your device and the internet and tries to keep the bad stuff out.

With recent advancements in AI technology, modern firewalls do a pretty good job.

What is an Internet Firewall?

Having a firewall installed on your network and devices is one of the most effective moves to keep yourself safe and anonymous online. In simple terms, a firewall is a software program trained to independently scan the data that goes in and out of your device.

When it finds something suspicious, it automatically pulls the suspect data out, quarantines it, and asks the device operator if it should be deleted.

As perhaps one of the most critical tools in the battle against cybercrime, let’s run through the different types of internet firewall security options.

How does a firewall work

Hardware Firewalls

A hardware firewall is a physical device that is installed between a network or device and the internet. The installation is such that all data going into or out of the network passes through the firewall, is scanned and allowed to pass, or will be quarantined and possibly deleted. 

Any firewall worth its salt is loaded with various filters, access controls, and security inspection capabilities. Machine language learning has made firewalls even more fearsome when identifying and stopping online crime.

To see internet firewall security in action, you can look no further than any small, medium, or large company. You can bet that most of them have some form of firewall. Maybe even multiple instances.

Software Firewalls

The second variety we’d like to mention is a software firewall. The difference between software and hardware firewalls is the difference between software and hardware in general. Whereas a hardware firewall includes hardware and software packaged inside a physical container, a software firewall is only a computer program you typically download and install. 

Software firewalls serve the same purpose as a hardware firewall, essentially a digital sentry screening incoming traffic for malware and outgoing traffic for stolen data. There are a few famous firewall suites like McAfee and Norton. Newcomers to the industry who previously made their bones in the VPN space are now rolling firewalls into their products.

A question that arises at some point in any cybersecurity discussion is whether or not a firewall slows down an internet connection. This perceived side effect keeps some people from seriously considering security software. 

The reality is that a firewall should have little to no noticeable effect on your internet speed unless you have a computer that falls short in RAM and other resources. Using a normal computer in normal conditions with a firewall should not affect your connection speed.

Cloud Firewalls

Strike another blow for clarity of expression! A cloud firewall is the same kind of security product as a hardware or software firewall but is hosted in the, wait for it, cloud and sold on an “as needed” basis. The business model is called Firewall-as-a-Service or FWaaS. 

Cloud firewalls run in the cloud and are accessed over the internet. Businesses love FWaaS for the simple reason that a third-party vendor maintains it. Paying for a working firewall without having to take care of one or deal with performance issues takes a massive load off the shoulders of an in-house IT department.

Types of Firewalls

So far, we’ve talked about firewalls as if they are some monolithic essence. There are five different types of firewalls. Each assesses data traffic differently. Let’s take a look.

Types of internet firewalls

Packet-Filtering Firewalls

When it comes to firewalls, the packet-filtering option is the least expensive and most basic of the five options we’re exploring. 

Operating according to a set of user-defined rules, IP addresses, ports, and protocols, this firewall only allows data through the gates if it matches pre-existing filtering rules. Otherwise, it gets declined.

The primary benefits of a packet-filtering firewall are that they are fast, cheap, and effective. The main drawback is that the level of security is rudimentary. While packet-filtering firewalls are still used widely, we should consider them more as the forerunner to the deeper protection of newer firewall technology.

Circuit-Level Gateways

Like other firewalls, a circuit-level gateway cleans traffic according to an internal set of rules. The difference with a circuit-level firewall is that it never discloses the details of users related to the protected network to external internet traffic. The bottom line is that this secrecy makes it harder for cyber-criminals to perpetrate their schemes.

Proxy Firewalls

We turn to the proxy firewall for the most secure form of firewall. It creates this security by preventing networks from contacting other networks. Since it has its own IP address, no external network connection can receive packets directly from the protected network.

A proxy firewall works by setting up a single contact point for traffic flow. This allows it to apply advanced security scrutiny like deep packet inspection. A network that uses a proxy firewall will typically install it on a single computer. Then all other network users must use the protected computer to access the internet.

In short, a proxy firewall creates a single data checkpoint for the entire network.

Next-Generation Firewall 

The term “Next-Generation Firewall” (NGFW) has become a catch-all reference to a firewall package that incorporates security capabilities beyond what is ordinarily available. For example, a traditional firewall allows or blocks traffic based on administrator-defined rules. 

A next-generation firewall does that and much more, including deploying machine learning and artificial intelligence to track down sophisticated malware and stop application-layer attacks. The bottom line is that a next-generation firewall is better. A lot better.

Stateful Inspection Firewall

A stateful firewall monitors all active internet connections and scans incoming traffic for anything that poses a risk to your data. This type of firewall collects data on every connection made and monitors the state and context of subsequent connections compared to previous ones.

The older connections that have been verified serve as “safe” states to which a stateful firewall can compare an unknown connection when trying to identify whether a new connection is malicious.

Factors to Consider When Choosing a Firewall

It’s easy to get bogged down in feature overload any time you intend to spend on technology. Forgot everything else and just pay attention to the considerations we mention below. It will be enough to make sure you don’t head down the wrong track. Promise.

Cost

The cost of a firewall can vary tremendously. A physical device intended to protect a medium- to large-sized company could run from a few hundred to a few thousand dollars. Don’t panic. A firewall intended for personal device protection isn’t nearly that much.

A firewall that protects up to five devices will run between $20 and $50 annually. This is for the names you’ve probably heard - Norton, Bitdefender, McAfee, and others. Right around Christmas, you can frequently catch amazing deals like a recent one from Bitdefender that offered a firewall at 70% off or $17.99 annually.

Remote Users

We’re long past the time when you buy a single copy of a firewall and can only use it on one machine. In this remote world of work, you might be working at home but protected by a cloud firewall managed and maintained by a third-party vendor.

If you’re buying a version for home use, pay attention to how many remote users it allows because you might need more than you think.

VPN Capability

A VPN (Virtual Private Network) has become ubiquitous with cybersecurity. You want to find a firewall with VPN capability built in if you can or at least one that plays well with another party’s VPN.

A VPN like NordVPN encrypts and anonymizes your data. Hackers are learning it’s hard to mess with data you can’t see or users you can’t find. A firewall is critical in your fight to stay safe online, and so is a VPN.

Number of Users

Different firewalls allow different numbers of users to activate and use the software simultaneously. All other things being equal, more users are better than fewer, so keep an eye open for that. With so many people using multiple devices daily, the demand for firewall protection is growing. The bottom line is to ensure you can connect and protect enough devices to meet your needs.

Accurate Random Access Memory (RAM)

Generally speaking, you want plenty of accurate RAM, no matter what. Check the requirements for any firewall you’re planning on buying, and make sure your device has enough RAM to run the firewall. Hardware firewalls don’t matter because they have RAM built-in. On the other hand, software firewalls run off the device's resources. Inadequate RAM could lead to poor performance and malware making it through.

DDoS Protection

DDoS (distributed denial of service) attacks are a hacker staple, and it would be wise to have a firewall able to ward them off. With DDoS, a cybercriminal attempts to take over hundreds or maybe even thousands of computers and use them to crash a website by flooding its server with more activity than it can handle.

The critical part here is that you don’t want to let your computer get dragged into service as part of a botnet that is used to take down other sites. A firewall feature you probably don’t want to do without is the capability to detect and eliminate this kind of attack.

The Best Internet Firewalls for Your Security

Now that you have some idea of a firewall's essential features let’s quickly run down a few of the best ones out there (we think anyway) that will protect you from cyber-attacks.

Top internet firewalls

Norton

Norton has been kicking around the cybersecurity industry for a long time and, unsurprisingly, has emerged with one of the top security products, Norton 360.

Why We Chose It

This offering from Norton is one of those next-generation firewalls we discussed earlier. Some would call it a “smart” firewall. Included are features like a firewall, VPN, password manager, cloud backup, and a lot more. Norton 360 should be able to handle every aspect of your online security.

What to Look Out For

Norton 360 is probably our favorite firewall product, but it’s not perfect. The desktop UI is clunky, and the VPN isn’t as much of a drop-dead, locked-down solution as we hoped. It logs users' IP addresses (a big no-no) and doesn’t work with all streaming services, which is the main reason many people get a VPN in the first place.

Avast

This company’s free antivirus protection is quite a robust product and better than the commercial offerings from some competing companies. Before 2016, Avast was one of the two major free antivirus products. The other was AVG, which Avast bought.

Why We Chose It

Clear advantages to Avast are its price - it’s free - and has excellent scores from independent testing labels. Avast also impresses with its powerful network security inspector and an engine that is hotter than other paid products.

What to Look Out For

It’s hard to come up with much in the way of “be careful” when “purchasing” Avast Free Antivirus. But if you held us down and forced a comment, we’d say one drawback is the separate purchase required for some of its bonus features. To be fair, though, you have to make money somehow.

Also, boot time scans can be on the slow side. Of course, we presume this means it’s doing a darn good job at rooting out malware, so we can’t complain too much about that, either.

Bitdefender

At $36 a year, Bitdefender seems over-priced compared to Avast, but don’t get too caught up in having to pay something for a quality security product. 

Why We Chose It

Bitdefender includes excellent malware protection, a top-of-the-line VPN, and an easy-to-use interface. 

What to Look Out For

A few nits to pick with Bitdefender. Normal operation seems to put a heavy load on system resources, which we don’t like much. Our testing revealed that a few threats also made it through the Bitdefender defenses. That might make you a little nervous. It also lacks file encryption, which is kind of a big deal.

ZoneAlarm

ZoneAlarm has been a household name in the online security industry for over two decades. You don’t last that long without putting out at least some quality products. The downside is that this tried and true security suite is due for an upgrade.

Why We Chose It

ZoneAlarm is backed by Check Point, a powerhouse security firm in its own right. What we like about ZoneAlarm is its still heavy-duty ability to track zero-day exploits. The core functionality is great.

What to Look Out For

As mentioned, ZoneAlarm has been content to rest on its laurels for a little too long. It doesn’t include a VPN, which is almost the industry standard. Additionally, its customer service features are clunky, and the user interface should be embarrassing in 2023. 

Glasswire

This Texas-based company has charted a path that differs from many other security companies. It doesn’t include a VPN in its list of features but works so well with third-party options you probably won’t care.

Why We Chose It

Like Avast, GlassWire is free firewall software. There are two specific features that secure this product’s place on this list. First is the easy-to-scan graph you receive to monitor your data traffic. This ensures that your VPN provider is playing straight because it’ll show up on the graph if they are throttling traffic.

Also, your active connections are easy to find in the firewall section. For any host you connect to, it’s simple to locate what country they are in and the address.

What to Look For

Unlike most commercial firewall products that charge a monthly subscription fee ad infinitum, GlassWire operates based on a one-time payment that ranges from $49 to $199. Other than that, the main drawbacks we note are that parts of the free version are behind a paywall. Unfortunately, for Mac users, GlassWire is only available for Windows.

Final Thoughts

A final tip regarding firewalls: sometimes they do their job better than you would hope, and you are blocked from the internet. Understandably, a firewall would interpret the entire internet as a hazard. Still, you can save yourself a lot of aggravation if you take a few moments upfront to learn how to stop a firewall from blocking internet connections.

We haven’t mentioned yet that some internet service providers (ISPs) provide varying security levels that sometimes include a firewall. Before spending too much time agonizing over which firewall to buy, take advantage of our internet service finder tool. Check out the providers in your area that might provide a firewall at no extra charge.

FAQ

Can firewalls be hacked?

Firewalls can be hacked. A survey of cybersecurity experts revealed that 40% say half of all attacks got through the firewall. The bottom line, they can be vulnerable.

Does a firewall slow your internet?

A firewall can slow down your internet connection, but it’s not common. A physical hardware device will not do it since it has built-in resources. Software firewalls, on the other hand, are at the mercy of the speed and resources of the host computer.

Is a firewall hard to set up?

Unlike most modern installations, downloading and installing a firewall is relatively simple. Configuring it is another matter. The basic process is to create zones, configure settings, and review firewall rules.

How long does a firewall last?

As long as a user installs updates when they become available, there’s no reason a firewall will ever “wear out” since it’s made of only digital 1s and 0s. While the device around it might eventually malfunction and die, it’s not the firewall that is wearing out.

Are free firewalls as good as paid ones?

According to many cybersecurity experts, highly-rated free firewalls like Avast and AVG should be considered serious alternatives to paid suites.