Firewall

Definition

A firewall is a security control that monitors and filters network traffic between systems, networks, and the internet based on defined rules. It helps reduce unauthorized access, limit exposure to malicious activity, and enforce network segmentation by allowing approved connections and blocking unwanted or risky traffic. Firewalls can be deployed at different layers, including network perimeter firewalls that control traffic between networks, host-based firewalls that protect individual endpoints and servers, and cloud-native firewalls that apply policy to virtual networks and workloads. In the context of CyberSecure Canada, firewalls support baseline cybersecurity practices by providing network boundary protection and controlled connectivity for business systems. Effective firewall use includes maintaining an approved rule set aligned to business needs, applying least privilege (deny-by-default and only permitting required ports, protocols, sources, and destinations), documenting and approving changes, and enabling logging to support monitoring, incident investigation, and compliance evidence. A well-managed firewall program also includes periodic rule reviews to remove unused or overly permissive rules, segmentation to isolate critical assets, and alerting on suspicious or policy-violating traffic. Comparable expectations for network boundary protection and traffic filtering also appear in widely used security frameworks such as NIST SP 800-41, NIST SP 800-53 (e.g., SC-7), ISO/IEC 27001 Annex A, and the CIS Critical Security Controls. While a firewall is not a complete security solution by itself, it is a foundational control that complements identity, endpoint protection, vulnerability management, and security monitoring.