What is a Firewall? How do they relate to the Cybersecurity Maturity Model Certification (CMMC)?

A firewall is generally used to establish a wall between a trusted network, such as an internal/private network, and an untrusted network, such as the Internet. Firewalls can offer protection beyond standard functions. They can often include intrusion detection systems, protect networks from denial-of-service attacks and provide other security services to protect devices within the private network.

The term firewall originally referred to a barrier in buildings that was developed to keep fire at bay, and therefore keep anything on the other side of the wall safe. Later uses of the term firewall refer to walls such as the metal sheet separating the engine compartment of a vehicle from the passenger compartment. The first use of the term in reaction to network security came about in the 80s. The term firewall famously appeared in the 1983 hacking movie “WarGames”.

There are 5 different types of firewalls; Packet filtering firewall, Circuit-level gateway, Stateful inspection firewall, Application-level gateway, and Next-generation firewall (NGFW).

Packet filtering firewalls compare each packet received to a set of filters; for example allowed IP addresses, packet type, port number etc. Packets that don’t meet the set filters are dropped and are not forwarded.

Circuit-level gateway firewalls monitor TCP handshakes and other protocol session initiation messages over the network as they are established and determine whether the session is legitimate or if the remote system being connected to is trusted.

Stateful inspection firewalls examine each packet and keep track of that packet to determine if it is part of an established network session. This essentially combines the security benefits of packet filtering and circuit monitoring. Stateful inspection firewalls have a greater toll on network performance.

Application-level gateway firewalls or a proxy firewall, filter packets as specified by the destination port and other criteria such as the HTTP request string thus filtering packets at the application level.

A Next-generation firewall combines packet inspection, stateful inspection and deep packet inspection together in addition to other network security systems such as intrusion detection/prevention system, malware filtering and antivirus. A Next-generation firewall is really the swiss army knife of firewalls.

CMMC practices related to firewalls generally appear in the following domains: access control, system and communication protection, and the system and information integrity domain. All CMMC levels have firewall related requirements including level one which requires companies to implement boundary protections to monitor, control, and protect communications coming in and out of their network. If you would like more information on CMMC firewall related requirements feel free to reach out to us at info@lakeridge.io.