This page was designed as a brief introduction to the subject of network
firewalls. As such, for in-depth information I have included some hot links
to other firewall pages and search engines for users' convenience.
Description
- A firewall is a system or a group of systems that
enforces an access control policy between two networks. Though the
actual implementation varies, it consists of two mechanisms: one which
exists to block traffic and the other to permit traffic.
Configuration
- Conceptually, there are two types of firewall:
- the network level
- the application level
Network level firewalls generally make their decisions based on the
source, destination address, and ports in individual IP packets. A
simple router is an example of the "traditional" network level firewall,
since it is not able to make particularly sophisticated decisions about
what a packet is actually talking to or where it actually came from.
Application level firewalls are generally hosts running proxy servers,
which permit no traffic directly between networks, and which perform
elaborate logging and auditing of traffic passing through them.
Application level firewalls can be used as network address translators,
since traffic goes in one "side" and out the other, after
having passed through an application that effectively masks the origin
of the initiating connection. Application level firewalls tend to
provide more detailed audit reports and tend to enforce more conservative
security models than network level firewalls.
Protection
- Generally, firewalls are configured to protect against
unauthenticated interactive logins from "outside" world. Some firewalls
permit only e-mail traffic through them, thereby protecting the
network against any attack other than an attack against the e-mail
service. More elaborate firewalls permit passage only from the inside
to the outside while blocking all incoming traffic. By plugging the
firewall, the user is protected against any type of network-borne attack.
Firewalls cannot protect against attacks that do not go through the firewall.
Firewalls cannot protect very well against things like viruses. There are too
many ways of encoding binary files for transfer over networks, and too many
different architecture and viruses to try to search for them all. In general,
a firewall cannot protect against a data-driven attack--an attack in which
something is mailed or copied to an internal host where it is then
executed.
Proxy Servers
- A proxy server (application gateway or forwarder) is an application
that mediates traffic between a protected network and the Internet. Proxies
are often used instead of router-based traffic controls, to prevent traffic
from passing directly between networks. Many proxies contain extra logging
or support for user authentication. Since proxies must "understand" the
application protocol being used, they can also implement protocol specific
security (e.g. an FTP proxy might be configurable to permit incoming
FTP and block outgoing FTP). Proxy servers are application specific. In
order to support a new protocol via a proxy, a proxy must be developed
for it.
Related Sites
-
pandoras-box.bgsm.wfu.edu
Firewall fundamentals.
www.tis.com
Internet firewalls frequently asked questions.
www.lpac.ac.uk
Firewall products.
Infoseek
Yahoo
Return to top of page
Back to "Security on the Internet" home page.
Back to "Getting Started on the WWW".
This page was designed and developed in partial fulfillment of the
requirements for Baruch College, Graduate Course "Networks and
Telecommunications" -- CIS 9350. The information provided in these
pages is accurate and up to date (as of December 1995) to the best
of our knowledge and abilities. The page was designed and created
for educational purposes only. Any opinions represented on this
page are from the students' perspective as they researched the
opinions of the faculty or the Baruch College School of Business.
Security Project Members.
Please send comments about this page to John Ye at jye@smtp.ibes.com.
Last modified 16 Dec 95