|
In computing, a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. Originally, the word computing was synonymous with counting and calculating, and a computer was a person who computes. ...
Hardware is equipment such as fasteners, keys, locks, hinges, wire, chains, plumbing supplies, tools, utensils, cutlery and machine parts, especially when they are made of metal. ...
Computer software (or simply software) refers to one or more computer programs and data held in the storage of a computer for some purpose. ...
A computer network is a system for communication among two or more computers. ...
This article about computer security describes how security can be achieved through design and engineering. ...
This article is about firewalls used in construction. ...
A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle. An intranet is a local area network (LAN) used internally in an organization to facilitate communication and access to information that is sometimes access restricted. ...
Proper configuration of firewalls demands skill and wit from the administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool. A system administrator is a person responsible for running, or running some aspect of, a computer system. ...
A firewall is also called a Border Protection Device (BPD) especially in NATO contexts. In BSD context, it is often referred to as packet filter. The flag of NATO NATO 2002 Summit The North Atlantic Treaty Organisation (NATO), sometimes called North Atlantic Alliance, Atlantic Alliance or the Western Alliance, is an international organisation for defence collaboration established in 1949, in support of the North Atlantic Treaty signed in Washington, D.C., on April 4, 1949. ...
BSD redirects here; for other uses see BSD (disambiguation). ...
Types of firewalls
There are three basic criteria used to distinguish between different types of firewalls: - whether the communication is being done between a single node and the network, or between two or more networks
- whether the communication is intercepted at the network layer, or at the application layer
- whether the communication state is being tracked at the firewall or not
With regard to the scope of filtered communication there exist: - personal firewalls, a software application which normally filters traffic entering or leaving a single computer
- network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking. A personal firewall is traditionally a piece of software installed on an end-users PC which controls communications to and from the users PC, permitting or denying communications based on a Security Policy. ...
Diagram of a typical network employing DMZ. In terms of computer security a demilitarized zone (DMZ) is a network area that sits between an organisations internal network and an external network, usually the Internet. ...
In reference to the layers where the traffic can be intercepted, two main categories of firewalls exist:
These two types of firewall may overlap; indeed, single systems have implemented both together. A network layer firewall works as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator. ...
An Application layer firewall as the name suggests, is a firewall operating at the application layer of a protocol stack. ...
Lastly, depending on whether the firewalls track packet states, two additional categories of firewalls exist:
In computing, a stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams) traveling across it. ...
In computing, a stateless firewall is a firewall that treats each network frame (or packet) in isolation. ...
Network layer firewalls - Main article: network layer firewall
Network layer firewalls operate at a (relatively low) level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). A network layer firewall works as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator. ...
The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet runs. ...
A protocol stack is a particular software implementation of a computer networking protocol suite. ...
A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating system and network appliances.
Modern firewalls can filter traffic based on many packet attributes like source IP, source port, destination IP or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes. An IP address (Internet Protocol address) is a unique number, a kind of telephone number, used by machines (usually computers) to refer to each other when sending information through the Internet. ...
In computing, a port (derived from seaport) is usually an interface through which data are sent and received. ...
Graphic representation of the world wide web around Wikipedia The World Wide Web (WWW, or simply Web) is an information space in which the items of interest, referred to as resources, are identified by global identifiers called Uniform Resource Identifiers (URI). ...
The File Transfer Protocol (FTP) is a software standard for transferring computer files between machines with widely different operating systems. ...
Time to live (TTL) is an 8-bit field in the Internet Protocol (IP) header that indicates how many more hops this packet should be allowed to make before being discarded or returned. ...
The Domain Name System or DNS is a system that stores information about hostnames and domain names in a kind of distributed database on networks, such as the Internet. ...
Application-layer firewalls - Main article: application layer firewall
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. An Application layer firewall as the name suggests, is a firewall operating at the application layer of a protocol stack. ...
Telnet is a network protocol used on the Internet or local area network LAN connections. ...
This page is about the File Transfer Protocol, a computer protocol. ...
By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). ...
The XML Firewall exemplifies a more recent kind of application-layer firewall.
Proxies A proxy device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets. A proxy server is a computer network service which allows clients to make indirect network connections to other network services. ...
Proxies make tampering with an internal system from the external network more difficult, and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network. Categories: Wikipedia cleanup | Stub | Crimes | Terrorism | IT ...
The word masquerade has a number of meanings: A masquerade ball is a ball, dance, or party; in which, participants wear elaborate costumes and hide their true identity. ...
In the context of computer networking, cracking (also called black-hat hacking) is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network (the somewhat similar activity of defeating copy prevention devices in software...
In computer networking, the term Internet Protocol spoofing (IP spoofing) is the creation of IP packets with a forged (spoofed) source IP address. ...
Network address translation Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly use so-called "private address space", as defined in RFC 1918. Administrators often set up such scenarios in an effort (of debatable effectiveness) to disguise the internal address or network. In computer networking, network address translation (NAT, also known as network masquerading or IP-masquerading) is a technique in which the source and/or destination addresses of IP packets are rewritten as they pass through a router or firewall. ...
Implementations In computer networking, computers communicate by transmitting and receiving digital data packets. ...
IPFilter or commonly referred as ipf is a software package that can be used to provide network address translation (NAT) or firewall services. ...
pf is OpenBSDs stateful packet filter, written by Daniel Hartmeier. ...
Cisco PIX (Private Internet EXchange) is a Firewall originally designed by Brantley Coile and John Mayes of Network Translation, Inc. ...
See also In computing, a stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams) traveling across it. ...
In computing, a stateless firewall is a firewall that treats each network frame (or packet) in isolation. ...
End-to-end connectivity is a property of the Internet that allows all nodes of the network to send packets to all other nodes of the network, without requiring intermediate network elements to further interpret them. ...
A bastion host is a network entity that provides a single entrance / exit point to the Internet. ...
An Application layer firewall as the name suggests, is a firewall operating at the application layer of a protocol stack. ...
Diagram of a typical network employing DMZ. In terms of computer security a demilitarized zone (DMZ) is a network area that sits between an organisations internal network and an external network, usually the Internet. ...
The access control list (ACL) is a concept in computer security, used to enforce privilege separation. ...
External links - Matt Curtin and Marcus J. Ranum Internet Firewalls: Frequently Asked Questions (http://www.faqs.org/faqs/firewalls-faq/)
- Firewalls 101 (http://www.windowsnetworking.com/articles_tutorials/Firewalls-101.html) - Explains the inner workings of a firewall and some common firewall features in an easy to understand manner.
- Firewall White papers (http://www.xtradyne.com/products/resources.htm) - White papers on Web Services XML/SOAP and CORBA IIOP firewall security.
- Home PC Firewall Guide - includes info on free firewalls (http://www.firewallguide.com/)
- ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2) - a web service which can evaluate some aspects of firewall effectiveness
- What is a Firewall (http://www.pcreview.co.uk/articles/Internet/What_is_a_Firewall/) - a guide to computing firewalls, with links to current downloads.
- A FreeBSD security how-to (ipfw) (http://www.metronet.com/~pgilley/freebsd/ipfw)
| 
Feeds |
Contact