What is a Firewall?
A firewall is a security mechanism that inspects, filters and, where necessary, blocks network traffic based on predefined rules. The purpose of a firewall is to prevent unwanted or malicious communication, thereby protecting systems and networks from attack or misuse.
Firewalls often serve as the first line of defence in both IT and OT environments.
𧱠How does a firewall work?
A firewall analyses network traffic based on attributes such as:
- Source and destination IP address
- Port number (e.g. HTTP = port 80)
- Protocol type (TCP, UDP, Modbus, etc.)
- Application behaviour (in Next-Gen Firewalls)
Based on predefined rules, the firewall determines whether traffic is allowed or blocked.
π§ Types of firewalls
| Type | Description |
|---|---|
| Packet-filtering firewall | Inspects individual network packets based on IP/port rules |
| Stateful firewall | Tracks whether a connection is βlegitimateβ based on session information |
| Application firewall | Filters at the application level (e.g. HTTP, FTP, SCADA protocols) |
| Next-Generation Firewall | Combines traditional filtering with deep packet inspection, IDS/IPS and Logging |
| Hardware vs. software | Firewalls can be deployed as physical appliances or as software solutions |
π Firewalls in OT networks
In ICS, firewalls are deployed to:
- Separate SCADA or PLC networks from IT systems
- Allow only permitted traffic (e.g. Modbus TCP on port 502)
- Secure conduits between different zones
- Shield Remote Access via a Jump Server
- Permit updates or maintenance in a controlled manner
π OT firewalls are often specifically tuned for industrial protocols such as Modbus, ProfiNET, or DNP3, and support deep packet inspection for these protocols.
π In summary
A firewall is a critical security element that determines which traffic may enter or leave a network. In industrial environments, it plays a key role in the Defense in Depth principle and in enforcing the Zone and Conduits model.