VPN vs Firewall
VPNs and firewalls both protect your internet connection from digital nasties, but which one is better? Here's everything you need to know.
Network security has never been more important on an increasingly hostile Internet. Poorly defended systems are identified and exploited automatically, adding new machines to worldwide botnets without the hackers in charge having to lift a finger.
You should be doing everything you can to keep attackers out of your network, but it's not always obvious which tool is best for any given use case. If you've ever thought about whether a VPN or a Firewall is the better pick for your network, I've got good news: you can use both.
However, it's important to understand what each tool does. VPNs and Firewalls are both crucial for safeguarding networks, but they operate at different levels and serve distinct purposes. To make it even more confusing, some Firewalls have VPN functionality baked into them. Read on and I'll clear up the differences between firewalls and the best VPNs, exploring their functionalities, differences, and roles in modern network security architecture.
What is a Firewall?
A Firewall sits somewhere between the network you want to defend and the external Internet gateway, such as a router. It acts as the frontline defense against unauthorized access into your network by reading incoming and outgoing data packets. The Firewall then makes decisions about whether to allow or deny them passage based on predefined security rules.
Firewalls come in many shapes and forms. They can be implemented locally as software on each machine in a network, as part of a hardware device on the edge of a network, or even in the cloud. The traditional Firewall is a state-based application that operates by examining network traffic and enforcing rules to allow or block packets based on defined criteria. These criteria include:
- Source IP address
- Destination IP address
- Port number
- Protocol
- Application type
- Time of day
- Packet size
- Identity tokens
While stateful inspection Firewalls are still the backbone of network defense, they've been augmented over the years to encompass technical advancements in cybersecurity such as virus scanners, AI-powered behavioral monitoring, and reputation-based domain management. Firewalls that use these techniques to provide threat management are usually referred to as "Next Generation Firewalls", or NGFWs.
Compared to a traditional Firewall, NGFWs offer advanced application awareness and control features, allowing organizations to automatically identify and classify network traffic based on specific applications or application categories. By utilizing Deep Packet Inspection to analyze packet payloads and generate new behavioral patterns using AI-powered threat engines, NGFWs block risky or unauthorized applications that would otherwise fly under the radar of a traditional Firewall without a human operator ever having to step in.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
NGFWs also integrate with external threat intelligence sources to enhance threat detection and response capabilities. These Firewalls use real-time threat intelligence data on emerging threats and attack trends to generate alerts that can help security teams identify and block known threats more effectively, reducing the risk of an organization being caught unaware during a new wave of cutting-edge cyber attacks.
A Firewall needs to integrate all of these features in some measure to qualify as an NGFW. The other key aspect of an NGFW is long-term threat management. Put simply, an NGFW needs to offer flexible upgrade paths and scalability options. This ensures that an NGFW can be updated to accommodate evolving security requirements and future information feeds, ensuring ongoing protection against emerging threats and vulnerabilities.
Why would I use a Firewall?
Whether you're an individual or an organization, Firewalls make it harder for hackers to carry out their objectives by making your networks harder to breach. If they get inside, an advanced Firewall makes it harder for them to move laterally inside the network without being detected. Even if they reach their objective, a Firewall can stop an attacker from effectively exfiltrating data outside of the network.
Firewalls also provide an added layer of defense against various types of cyber threats, including malware, viruses, worms, and denial-of-service attacks. They help detect and block malicious activities before they can cause harm to your network by inspecting network traffic and applying security measures such as packet filtering, stateful inspection, and content filtering
Firewalls can also help mitigate Distributed Denial of Service attacks by filtering out traffic designed to knock a system offline. In the case of application and protocol-based DDoS attacks, Firewalls analyze incoming traffic and drop packets that exhibit characteristics typical of DDoS attacks.
This might include dropping repeated TCP SYN requests that don’t complete the connection handshake, or dropping excessive DNS zone requests. Some Firewalls also come with blacklists that keep an updated list of known malicious sources or IP addresses associated with botnets which are automatically blocked before their malicious traffic can reach the target network.
Firewalls can even impose limits on the rate of incoming traffic, preventing sudden spikes or floods of data that are indicative of DDoS attacks. Throttling traffic to a manageable level ensures that legitimate requests are prioritized and denies hackers the ability to selectively overwhelm individual machines.
Firewalls also help you monitor the content passing in and out of your network. Deep Packet Inspection is an advanced Firewall technology that involves the thorough analysis of the contents of data packets as they pass through the Firewall.
Unlike traditional packet filtering I've covered earlier, DPI goes a step further by inspecting the actual data within packets. This deep level of inspection allows firewalls to gain granular visibility into network traffic and identify potential security threats that may not be evident from packet headers alone. DPI-enabled Firewalls can also recognize the applications or services generating the traffic, such as web browsing, email, file sharing, and streaming media. This application awareness enables more precise access control and policy enforcement based on application-specific rules.
What is a VPN?
A VPN, or Virtual Private Network, is a set of protocols that allow computers to communicate with each other over an encrypted connection. This allows machines that don't exist on the same Local Area Network to send data and access resources as though they were, even over the Internet.
There are several different types of VPNs, but you're probably familiar with the remote access VPNs that are commercially available on the Internet which allow you to disguise your IP and access foreign streaming services. I'll get into the other types in a moment and describe how they stack up against Firewalls, but first, we need to talk about how VPNs work.
How do VPNs work?
VPNs perform many different functions, but they all follow the same fundamentals. A VPN creates a secure connection between a user's device and a remote server. This connection, often referred to as a "tunnel," allows users to transmit data over the internet securely.
First off, you need to establish a connection to the VPN server by authenticating. There's a variety of ways to do this, from username/password pairs to biometrics and two-factor authentication.
Once you’ve initiated a VPN connection, your device encrypts all outgoing data packets before sending them over the internet. Encryption ensures that the data remains confidential and protected from interception by unauthorized parties.
These encrypted packets are then encapsulated with routing information so they can be transmitted over the public network to the VPN server. As these packets are being passed along, any third party that inspects them will only see the routing information and cannot read the data portion of the packet.
Once the encrypted data packets reach the VPN server, they are decrypted, processed, and forwarded to their intended destination. If you’re using a VPN to connect to the Internet, the data packets appear to originate from the VPN server rather than from your device, masking your true IP address and location.
What would I use a VPN for?
VPNs serve a multitude of purposes in modern network architecture, so I'm only going to go over a few of the most popular use cases.
Domestic VPNs route your traffic to the Internet through remote servers, which has several advantages. When your network traffic passes through a VPN, it's encrypted from the moment it leaves your computer until it hits the VPN server. This way, VPNs allow you to avoid surveillance from both ISPs and other users on your local network. This is particularly useful if you're browsing on a connection you don’t own, such as a public Wi-Fi hotspot.
Using a VPN also masks your IP address. When you connect through a VPN, you appear as though you’re located in the same location as the VPN server you’re connected to. This allows you to bypass local censorship if you're trying to access banned sites such as Wikipedia from a country with repressive Internet laws.
Not all geo-blocking is as high-stakes as censoring freedom of information. Streaming services often make use of region-locking to enforce copyright restrictions, which can be a real pain when you're traveling regularly but want to view content from your home region.
VPNs also enable remote workers to access corporate resources securely, regardless of their physical location. Instead of being somewhere on the Internet, the VPN server you’re connecting to is inside the corporate network you're connecting to. Once you’ve validated your credentials with that server, you can browse the rest of the network as though you were on a computer in the office.
There are also site-to-site VPNs, which carry out the same task as a corporate remote VPN but for linking two geographically separate Local Area Networks together. In the same way a remote VPN for a single worker would allow them to join the corporate network, site-to-site VPNs allow businesses to seamlessly share resources and assets across offices in different parts of the world as though everyone was on a single network.
Firewalls vs VPNs: Which one do I need?
If you use Windows, you've already got access to a fairly powerful software-based firewall which is adequate for defending against most basic threats. Linux users have access to iptables, which performs the same function. Your router also may come with a firewall pre-installed.
You might want to consider investing in an NGFW if you're running a business or have a large home network you're worried about protecting, but it's pretty much overkill for anyone with only a computer and a few IoT devices on their network.
You're most likely not going to have access to a VPN by default. Windows comes with some basic VPN software, but the nature of VPNs means you need a service to connect to. If you're working with an enterprise that already has a VPN set up, they've most likely already given you the credentials and software you need to connect remotely to their network.
However, as I've covered, a business VPN is very different from a domestic VPN. An enterprise VPN just lets you connect to the resources at your workplace, whereas VPN providers invest in high-speed Internet-facing networks to give you the best connection possible while hiding your IP address and protecting you from online threats.
There's some overlap between VPN providers and Firewalls in that both protect your network from Internet-based threats. If a VPN provider offers their own DNS servers, it usually comes with a pre-built blacklist of known malware distributors, botnets, and advertising networks. This takes a lot of strain off your Firewall, blocking a multitude of threats at the network level before they have the chance to reach your router.
So, if you're looking to upgrade your home network security, I'd invest in a secure VPN provider first. It offloads a lot of the network security configuration you'd have to worry about to a well-prepared third party that specializes in keeping Internet-based threats out of your hair.
On the other hand, if you're worried about enterprise network security, you should deploy a VPN server along with a Firewall to create a layered network security plan. With this approach, Firewalls form the perimeter defense, filtering incoming and outgoing traffic to prevent unauthorized access. VPNs provide a regulated passage through that Firewall, using authentication to ensure that only trusted users can access the internal network. They also add an additional layer of security by encrypting data transmission over public networks, ensuring confidentiality.
Final thoughts
Firewalls and VPNs are both indispensable components of a comprehensive network defense strategy. While firewalls fortify network perimeters by regulating internet traffic, VPNs create secure connections from point to point that can't be spied on.
Understanding the nuances of each of these technologies allows you to pick and choose which one you need to defend your network against cyber threats. Together, they allow selective access while also creating an effective defense while also that should keep hackers from snooping around your networks.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.