The primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public Web server from its internal network. Firewalls are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the enterprise.
In the home, a personal firewall typically comes with or is installed in the user's computer (see Windows Firewall). Personal firewalls may also detect outbound traffic to guard against spyware, which could be sending your surfing habits to a Web site. They alert you when software makes an outbound request for the first time (see spyware).
In the organization, a firewall can be a stand-alone machine (see firewall appliance) or software in a router or server. It can be as simple as a single router that filters out unwanted packets, or it may comprise a combination of routers and servers each performing some type of firewall processing.
Firewall Techniques
Following are the different methods used to provide firewall protection, and several of them are often used in combination.
Stateful Inspection
Tracks the transaction to ensure that inbound packets were requested by the user. Generally can examine multiple layers of the protocol stack, including the data, if required, so blocking can be made at any layer or depth. See stateful inspection.
Network Address Translation (NAT)
Allows one IP address, which is shown to the outside world, to refer to many IP addresses internally; one on each client station. Performs the translation back and forth. NAT is found in routers and is built into Windows Internet Connection Sharing (ICS). See NAT and ICS.
Packet Filter
Blocks traffic based on a specific Web address (IP address) or type of application (e-mail, ftp, Web, etc.), which is specified by port number. Packet filtering is typically done in a router, which is known as a "screening router." See bastion host.
Proxy Server
Serves as a relay between two networks, breaking the connection between the two. Also typically caches Web pages (see proxy server).
Protected and More Protected
In the diagram on top, the internal network is protected by only one screening router (a router with packet filtering). If there were servers on the internal network providing services to Internet users, this would offer minimal protection against an attack. The use of two screening routers in the firewall configuration at the bottom offers two points of protection from the outside world to the internal LAN.
Firewall Management
Elron Firewall was a product that combined stateful inspection, multilayer analysis of IP and IPX packets and network address translation to secure a network. The window on the left could scroll down to more than 70 user services. (Screen example courtesy of Elron Software, acquired in 2003 by Zix Corporation, www.zixcorp.com)
An Excellent Resource
O'Reilly's \"Building Internet Firewalls, 2nd Edition\" by Zwicky, Cooper and Chapman is one of the best books written on Internet and Web security. It covers a huge range of firewall and related topics and should be a \"must have\" for anyone interested in the subject. (O'Reilly & Associates, Inc., 2000, ISBN 1-56592-871-7)
In the home, a personal firewall typically comes with or is installed in the user's computer (see Windows Firewall). Personal firewalls may also detect outbound traffic to guard against spyware, which could be sending your surfing habits to a Web site. They alert you when software makes an outbound request for the first time (see spyware).
In the organization, a firewall can be a stand-alone machine (see firewall appliance) or software in a router or server. It can be as simple as a single router that filters out unwanted packets, or it may comprise a combination of routers and servers each performing some type of firewall processing.
Firewall Techniques
Following are the different methods used to provide firewall protection, and several of them are often used in combination.
Stateful Inspection
Tracks the transaction to ensure that inbound packets were requested by the user. Generally can examine multiple layers of the protocol stack, including the data, if required, so blocking can be made at any layer or depth. See stateful inspection.
Network Address Translation (NAT)
Allows one IP address, which is shown to the outside world, to refer to many IP addresses internally; one on each client station. Performs the translation back and forth. NAT is found in routers and is built into Windows Internet Connection Sharing (ICS). See NAT and ICS.
Packet Filter
Blocks traffic based on a specific Web address (IP address) or type of application (e-mail, ftp, Web, etc.), which is specified by port number. Packet filtering is typically done in a router, which is known as a "screening router." See bastion host.
Proxy Server
Serves as a relay between two networks, breaking the connection between the two. Also typically caches Web pages (see proxy server).
Protected and More Protected
In the diagram on top, the internal network is protected by only one screening router (a router with packet filtering). If there were servers on the internal network providing services to Internet users, this would offer minimal protection against an attack. The use of two screening routers in the firewall configuration at the bottom offers two points of protection from the outside world to the internal LAN.
Firewall Management
Elron Firewall was a product that combined stateful inspection, multilayer analysis of IP and IPX packets and network address translation to secure a network. The window on the left could scroll down to more than 70 user services. (Screen example courtesy of Elron Software, acquired in 2003 by Zix Corporation, www.zixcorp.com)
An Excellent Resource
O'Reilly's \"Building Internet Firewalls, 2nd Edition\" by Zwicky, Cooper and Chapman is one of the best books written on Internet and Web security. It covers a huge range of firewall and related topics and should be a \"must have\" for anyone interested in the subject. (O'Reilly & Associates, Inc., 2000, ISBN 1-56592-871-7)
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- XP Firewall Commander 4.0.1 (Windows)
- XP Firewall Commander is an easy to use control interface for your Windows XP built-in firewall which lets you add and remove exceptions for programs and services so that they can receive inbound traffic. If you use no exceptions, you can still view Web pages, send and receive e-mail messages,...
- Software downloads 2009-11-24
- Fastream IQ Proxy Server 3.1.4R (Windows)
- IQ Proxy Server is a robust and secure content/reverse solution for Windows. Featuring the most scalable server engine with up to 20,000 simultaneous connections for both filtering and caching content proxy and securing and accelerating reverse proxy, could serve more than 10,000 requests/sec in keep-alive mode. Fastream IQ Proxy Server...
- Software downloads 2009-11-24
- Avira Premium Security Suite 9.0.0.387 (Windows)
- Avira Premium Security Suite protects you in a very comprehensive way against the dangers of the Internet. It offers you numerous additional features over the virus protection offered in the AntiVir Premium Edition. In addition to AntiVir Premium, the Suite includes an integrated firewall that wards off attacks such as...
- Software downloads 2009-11-24
- Malware Defender 2.4.4 (Windows)
- Malware Defender is a HIPS Host Intrusion Prevention System with firewall. It is effective to protect your computer system from all forms of malware (viruses, worms, trojans, adware, spyware, keyloggers, rootkits). Malware Defender is also an advanced rootkit detector. It provides many useful tools that can be used to detect...
- Software downloads 2009-11-24
- TeamViewer 5.0.7312 Beta (Windows)
- TeamViewer is a simple and fast solution for remote control, desktop sharing and file transfer that works behind any firewall and NAT proxy. To connect to another computer just run TeamViewer on both machines without the need of an installation procedure. With the first start automatic partner IDs are generated...
- Software downloads 2009-11-21
- Anti Trojan Elite 4.7.6 (Windows)
- Anti Trojan Elite is a malware remover and system security manager. It features a real-time malware firewall for users that can detect trojans or keyloggers that try to infect your PC. It can detect a vast variety of malware such as trojans, worms and keyloggers and has a live update...
- Software downloads 2009-11-21
- Microsoft finds security hole in Google Chrome Frame
- HAHA! Way to go Microsoft! They basically just told Google to suck it! The best part is they were right the whole time. Yet people blindly defended Google. It would seem Google has more software issues than anyone else.RE: Microsoft finds security hole in Google Chrome FrameI'm not...
- Discussion threads 2009-11-19
- Do we need a 'beautiful mess' in operating systems? Yup
- To make a good soup, you've got to stir the pot...Ok, sure - it turns cloudy, short-term. Just be sure to filter it or let it settle, before serving.Whereas the classic 'design-by-committee' model so often fails, its always useful to have multiple, talented teams working on similar projects, independently. With...
- Discussion threads 2009-11-19
- FortKnox Personal Firewall 5.0.305 (Windows)
- It is a personal firewall that allows you to protect a PC against hacker attacks, Trojans, spyware and Internet threats. It gives user complete overview of all inbound and outbound network communication. It has built-in Intrusion Prevention System and SPI technologies for extended user protection. With application rules user can...
- Software downloads 2009-11-19
- IceClean 3.3.2 (Mac)
- IceClean is a powerful Finder and System optimization tool using ONLY built-in Unix system tasks to help your System stay healthy and to keep it running smoothly. IceClean lets you execute the following tasks: System Maintenance Process & Infos Periodic Routine Scripts Verify Preferences .plist files Repair Permissions Update Prebindings...
- Software downloads 2009-11-19
- Trojan Guarder Gold 7.95 (Windows)
- Though installed with anti-virus system and firewall, your PC is still not safe enough. Trojans could be recording all your valuable passwords and credit card information without your knowing it. Trojan is a mini program running on a workstation. At its basic level, it merely records every key pressed together...
- Software downloads 2009-11-19
- BeeThink IP Blocker 1.2 (Windows)
- BeeThink IP Blocker blocks unwanted IP addresses based on IP blocklists. It monitors network activities in real-time and prevents the connection between a server/website and certain IP addresses or ranges of addresses. BeeThink IP Blocker effectively bans undesired connections from those computers to a website, mail server, or other Internet...
- Software downloads 2009-11-18
- Gbridge 2.0.0.1322 (Windows)
- Securely do VNC, share files, sync folder and remote backup via Google based VPN, even behind NAT. Gbridge helps you to manage your multiple PCs, and collaborate works with close friends. You can also use it to privately exchange huge media files with your family. Gbridge has many unique features....
- Software downloads 2009-11-18
- Next year is THE year for cloud computing
- Here is what Indu Kodukula, CTO of SunGard Availability Services thinks how cloud computing is likely to transform the computing industry landscape in 2010. Commentary - Yogi Berra had it right - it?s difficult to make predictions, especially about the future. It?s especially difficult...
- News items 2009-11-17
- Thousands of web sites compromised, redirect to scareware
- RE: Thousands of web sites compromised, redirect to scarewareI'm glad Microsoft Windows goes the extra mile to protect users from this kind of mischief. In Microsoft Windows I can set security zones in the Internet Options window so that only trusted sites will load, or set it so internet...
- Discussion threads 2009-11-17
- Local SMTP Server Pro 5.8 (Windows)
- SMTP server program to send e-mail messages without help of your ISP, directly from your local PC to recipient mailboxes. Use your favorite e-mail client along with Local SMTP Server Pro as usual. Mobile PC users who travel a lot and have to switch between different ISPs on the run...
- Software downloads 2009-11-17
- Microsoft confirms 'detailed' Windows 7 exploit
- Ummm interesting....so just block 139 and 445...445? great that port aggain.Is SMB blocked to/from internet by th firewall by default?RE: Microsoft confirms 'detailed' Windows 7 exploitPorts 139 and 445 are blocked by default for Internet access by Windows firewall in Windows 7 and any commerical hardware firewall. They are enabled...
- Discussion threads 2009-11-16
- Online Armor 4.0.0.10 (Windows)
- Online Armor Premium Firewall safeguards your funds, identity and data on your PC weather you're browsing, transacting or receiving email. Online Armor Premium comes with "Banking Mode" that secures your internet banking session therefore protecting you from keyloggers and Phishing techniques that might want to either record your login details...
- Software downloads 2009-11-14
- Where does HP's Procurve line go post 3Com?
- Strong on switching, weak on routing/firewallIs it not true that the Procurve line is very strong in the switch space, but is weak or non-existent in routing and security?It would seem the 3Com play is to take that slice of the enterprise network away from Cisco.
- Discussion threads 2009-11-13
- Wallix Pro 3.2 (Windows)
- Wallix Pro firewall prevents hackers from accessing your computer and this is the main objective for a computer firewall. It automatically detects and blocks attacks through a comprehensive examination of all inbound and outbound information to your computer.
- Software downloads 2009-11-13
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Check out Doc’s Blog on ZDNet
- Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
- Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
-
Produced by
ZDNet and -
