 |
Business | Industries | Finance | Tax |
| Index: > A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
|
|||||
| First Prev [ 1 2 ] Next Last |
In the traditional meaning in construction, a firewall consists of a windowless, fireproof wall (or a wall of substantially heavier construction than other walls in a building) built to prevent fire from spreading beyond one section of a building. Such firewalls form the built-up equivalent of firebreaks in a landscape. Their function in containing the undesirable resembles the use of bulkheads in shipbuilding and aircraft construction.
Firewalls are also found in specially prepared cars for competition use. For example, a typical conversion of a production car for rallying will include a metal firewall which seals the boot (trunk) compartment from the interior of the vehicle. The fuel tank is located in the boot area or just beneath it. In the event of an accident resulting in fuel spillage, the firewall can prevent burning fuel from entering the passenger compartment, where it could cause serious injury or death. Firewalls have to be fitted so that they form a complete seal - usually this is done by bonding the metal sheet to the bodywork using fiberglass resin.
The term firewall is also commonly used by automotive mechanics to refer to the barrier between the passenger and engine compartments of any vehicle.
By extension, the computing world uses the term firewall metaphorically to refer to a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the network policy. It has the basic task of preventing intrusion from a connected network device into other networked devices.
Network security analysts distinguish between:
The latter definition corresponds to the conventional meaning of "firewall" in networking, and the remainder of this article addresses this type of firewall. Two main categories of such firewalls exist:
These two types of firewall may overlap; indeed, single systems have implemented both together.
Network layer firewalls operate at a (relatively low) level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules".
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. The XML Firewall exemplifies a more recent kind of application-layer firewall.
A proxyA proxy server is a computer network service which allows clients to make indirect network connections to other network services. A client connects to the proxy server, then requests a connection, file, or other resource available on a different server. device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets.
Proxies make tampering with an internal system from the external network more difficult, and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masqueradeA masquerade is a ball, dance, or party; in which, participants wear elaborate costumes and hide their true identity. See masquerade ball. The Masquerade is a fictional term, from White Wolf Game Studio's Vampire: The Masquerade describing the efforts ofs as that system to other internal machines. While use of internal address spaces enhances security, crackersIn the context of computer networking, cracking (also called black-hat hacking or hacking is the act of compromising the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the netw may still employ methods such as IP spoofing to attempt to pass packets to a target network.
Firewalls often have network address translationIn computer networking, network address translation NAT also known as Network masquerading or IP-masquerading is a technique which relies on rewriting IP addresses of network packets passing through a router or firewall. In the sense that routers should n (NAT) functionality, and the hosts protected behind a firewall commonly use so-called "private address space", as defined in RFC 1918. Administrators often set up such scenarios in an effort (of debatable effectiveness) to disguise the internal address or network.
Proper configuration of firewalls demands skill. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.
| Politics | Business | Finance |
 |
 |
 |
|