Peter Loshin: Firewalls are typically installed between an organizational network and the public internet, to monitor all network traffic flowing in or out of the organization. Firewalls protect the organization’s network by filtering network traffic between the private network and the public internet, both inbound and outbound traffic. At a minimum, a firewall checks the source and destination IP addresses on all packets, and filters out packets sent to or from known bad destinations resources. But that’s not enough. Malicious actors can disguise their network attacks using other protocols in order to bypass IP address filtering. To defend against application level attacks, application layer firewalls examine application protocol headers to filter out malicious or unauthorized traffic that is targeting enterprise applications and systems. Firewalls can also do stateful inspection of packets, a technique also known as dynamic packet filtering, to protect against attacks that exploit transport layer protocols. In addition to filtering on source and destination IP headers, a stateful inspection firewall also looks at the network traffic protocol headers to verify that packets are all part of a legitimate connection and are not crafted malicious packets sent by an attacker. As web and other internet traffic increasingly depends on the Transport Layer Security or TLS protocol to encrypt packets, firewalls need to be able to do packet inspection, a process also known as deep packet inspection. This means the firewalls decrypt and encrypt traffic on behalf of users within the protected network before forwarding those packets to the internet. This lets the firewall detect a malicious traffic that attempts to use TLS encryption to avoid detection. While firewalls are an important component of any enterprise cyber security infrastructure, they should be considered just one part of a layered, in-depth security strategy that is resilient against all types of attack.