EFFICACY AND LIMITATIONS OF FIREWALL CONFIGURATIONS IN PREVENTING NETWORK ATTACKS: A CONCEPTUAL REVIEW OF ARCHITECTURES AND RULE SETS

Authors

  • Adamu Bashir Ismail
    Umaru Ali Shinkafi Polytechnic Sokoto, Sokoto State, Nigeria
  • Mukhtar Ibrahim Hussaini
    Rayhaan University Birnin Kebbi, Kebbi State, Nigeria
  • Suleiman Abba Abubakar
    Umaru Ali Shinkafi Polytechnic Sokoto, Sokoto State, Nigeria
  • Abdulmalik Ahmad
    Umaru Ali Shinkafi Polytechnic Sokoto, Sokoto State, Nigeria

Abstract

Firewalls remain a central part of network security architectures, but their effectiveness is continually challenged by changing cyber threats and complex deployment settings. This conceptual review provides a full description of strengths and limitations of different firewall technologies, such as packet-filtering, stateful inspection, or next-generation firewalls (NGFWs) to combat modern network attacks. The study adopted a structured literature review methodology, analyzing peer-reviewed journal articles, conference papers, and authoritative reports published between 2010 and 2024 to identify key trends, challenges, and advancements in firewall research. This paper incorporates existing literature to investigate the relationship between firewall architecture, rule-set management and threat detection capabilities. The results revealed that while NGFWs are better defended against application-layer and encrypted threats by deep packet inspection (DPI), and intrusion prevention systems (IPS), they are much more complex than the NGFWs themselves are by providing much higher performance overhead and configuration complexity. It provides further work on the still significant issue of rule-set misconfiguration, as a source of security vulnerabilities, and new developments such as AI in adaptive security or Zero Trust architectures. This review concludes that a comprehensive approach to networking security consists of proper firewall technology combined with proper policy management and architectural best practices. Future research is designed to standardize AI-driven firewall evaluation and expand security frameworks in cloud-native and IoT environments

Author Biographies

Adamu Bashir Ismail

Department of Computer science and Technology

Mukhtar Ibrahim Hussaini

Department of Computer Science

Suleiman Abba Abubakar

Department of Computer science and Technology

Abdulmalik Ahmad

Department of Computer science and Technology

Dimensions

Ahmad, T. (2025). AI-driven dynamic firewall optimization using reinforcement learning for anomaly detection and prevention. arXiv. https://arxiv.org/abs/2506.05356

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060. https://doi.org/10.3389/fcomp.2021.563060

Apruzzese, G., Laskov, P., De Oca, E. M., Mallouli, W., Rapa, L. B., Grammatopoulos, A. V., & Di Franco, F. (2022). The role of machine learning in cybersecurity. Digital Threats Research and Practice, 4(1), 1–38. https://doi.org/10.1145/3545574

Check Point. (2021). Stateful inspection technology. Check Point Software Technologies. https://www.checkpoint.com/resources/stateful-inspection-technology

CISA. (2023). Zero trust maturity model, version 2.0. Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model

Dawadi, B. R., Adhikari, B., & Srivastava, D. K. (2023). Deep learning technique-enabled web application firewall for the detection of web attacks. Sensors, 23(4), 2073. https://doi.org/10.3390/s23042073

He, K., Kim, D. D., & Asghar, M. R. (2023). Adversarial Machine Learning for Network Intrusion Detection Systems: A Comprehensive survey. IEEE Communications Surveys & Tutorials, 25(1), 538–566. https://doi.org/10.1109/comst.2022.3233793

Heino, J., Hakkala, A., & Virtanen, S. (2022). Study of methods for endpoint aware inspection in a next generation firewall. Cybersecurity, 5(1). https://doi.org/10.1186/s42400-022-00127-8

Furnell, S., & Clarke, N. (2012). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 31(8), 983–988. https://doi.org/10.1016/j.cose.2012.08.004

Gigamon. (2023, April 7). Right-sizing decryption functionality for your network. Gigamon Blog. https://blog.gigamon.com/2023/04/07/right-sizing-decryption-functionality-for-your-network

Hayajneh, T., Mohd, B., Itradat, A., & Quttoum, A. N. (2013). Performance and Information Security Evaluation with Firewalls. International Journal of Security and Its Applications, 7(6), 355–372. https://doi.org/10.14257/ijsia.2013.7.6.36

Kizza, J. M. (2024). Guide to computer network Security. In Texts in computer science. https://link.springer.com/book/10.1007/978-3-031-47549-8

Neupane, K., Haddad, R., & Chen, L. (2018). Next generation firewall for network Security: a survey. SoutheastCon. https://doi.org/10.1109/secon.2018.8478973

Qu, Z., Ling, X., Wang, T., Chen, X., Wu, S., & Zhang, Y. (2024). AdvSQLi: Generating adversarial SQL injections against real-world WAF-as-a-service. IEEE Transactions on Information Forensics and Security, 19, 1–14. https://doi.org/10.1109/TIFS.2024.3350911

Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero trust architecture (NIST SP 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207

Scarfone, K., & Hoffman, P. (2009). Guidelines on firewalls and firewall policy (NIST SP 800-41 Rev. 1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-41r1

Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy (pp. 305–316). IEEE. https://doi.org/10.1109/SP.2010.25

Suthar, F., & Patel, N. (2023). A survey on DDOS Detection and Prevention Mechanism.Journal of Advances in Information Technology, 14(3), 444–453. https://doi.org/10.12720/jait.14.3.444-453

Stallings, W. (2019). Network security essentials: Applications and standards (6th ed.). Pearson.

Talukder, M. A., Khalid, M., & Sultana, N. (2025). A hybrid machine learning model for intrusion detection in wireless sensor networks leveraging data balancing and dimensionality reduction. Scientific Reports, 15(1). https://doi.org/10.1038/s41598-025-87028-1

Liu, M., Dou, W., Yu, S., & Zhang, Z. (2014). A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Optimization. IEEE Transactions on Parallel and Distributed Systems, 26(3), 621–631. https://doi.org/10.1109/tpds.2014.2314672

Gabriele, L. G. F., & Ghafir, I. (2024). Firewalls: types, policies, security issues and best practices. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4709034

Bastion Host Architecture

Published

17-11-2025

How to Cite

Bashir Ismail, A., Ibrahim Hussaini, M., Abba Abubakar, S., & Ahmad, A. (2025). EFFICACY AND LIMITATIONS OF FIREWALL CONFIGURATIONS IN PREVENTING NETWORK ATTACKS: A CONCEPTUAL REVIEW OF ARCHITECTURES AND RULE SETS. FUDMA JOURNAL OF SCIENCES, 9(12), 20-25. https://doi.org/10.33003/fjs-2025-0911-4049

Issue

Vol. 9 No. 12 (2025): FUDMA Journal of Sciences - Vol. 9 No. 12

Section

Review Articles
Copyright & Licensing

Copyright (c) 2025 Adamu Bashir Ismail, Mukhtar Ibrahim Hussaini, Suleiman Abba Abubakar, Abdulmalik Ahmad

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Bashir Ismail, A., Ibrahim Hussaini, M., Abba Abubakar, S., & Ahmad, A. (2025). EFFICACY AND LIMITATIONS OF FIREWALL CONFIGURATIONS IN PREVENTING NETWORK ATTACKS: A CONCEPTUAL REVIEW OF ARCHITECTURES AND RULE SETS. FUDMA JOURNAL OF SCIENCES, 9(12), 20-25. https://doi.org/10.33003/fjs-2025-0911-4049