One question that SiteLock encounters quite often is “Why do I need a firewall when my host has one?” If you haven’t spent a good portion of your life researching firewalls, it’s easy to understand why you’d ask. Most website hosting companies utilize what is generally referred to as a Network Firewall, which is fundamentally different from, but equally as important as, a Web Application Firewall (WAF) like SiteLock® TrueShield™. As a WordPress website owner, it is imperative to understand the roles that each plays in your website’s security.
In Part One below, we’re covering Network Firewalls.
Part One: Firewalls -> Network Firewalls
The primary purpose of a Network Firewall is to protect one part of a network from another, for example, between a shared hosting server cluster in your host’s “local area network” (LAN) and the public internet or “wide area network” (WAN). Network Firewalls are also commonly found within a LAN between machines performing different functions of varying trust levels.
(photo credit Wikimedia Foundation)
Network Firewalls use a method called packet filtering to inspect traffic primarily on the Network Layer against a configured ruleset to evaluate whether a threat exists. Preset rules typically define the types of traffic (i.e. protocols) which are allowed in the network, and which ports are permitted to communicate. Many modern Network Firewalls even provide some additional security into the Transport Layer by taking a look at the context of the traffic flowing through the firewall.
In smaller environments, providers often install a Network Firewall as software on the web server. However, for most large hosting providers, Network Firewalls are present in the form of a firewall appliance. In much the same way that a high-performance automobile may be built without luxury accessories in order to reduce weight and focus on speed, firewall appliances are machines that have been purpose-built to run firewall software at optimal performance, without the extra frills and without the computational tax of enforcing security policies on the same system as web services.
An example of a ‘small’ network firewall appliance. (photo credit Imperva)
Network Firewalls are a critical part of network security, and play an integral role in protecting the server(s) that your WordPress website is delivered from. What they do NOT do, however, is protect the web applications themselves, like WordPress, from being exploited. Attacks against web applications occur on the Application Layer, which is not visible to a Network Firewall. This is where the Web Application Firewall comes into the picture.
A Network Firewall DOES:
- Provide protection at the Network Layer.
- Filter traffic by protocol.
- Filter traffic by port.
- Filter traffic by IP address.
A Network Firewall DOES NOT:
- Analyze how your website applications (like WordPress) interact with visitors.
- Provide protection at the Application Layer.
- Block malware injection.
- Block cross-site scripting (XSS).
- Block SQL injection attempts (SQLi).
- Block against the other OWASP Top 10 threats.
Web Application Firewalls help to extend security coverage to the Application Layer. In Part Two of this series, we will discuss Web Application Firewalls in further detail. And for those of you wanting to dive into Network Firewalls more, later in the series we will discuss more finite differences between the types of Network Firewalls (e.g. stateless vs stateful). Stay tuned!