Annotated edit history of
FireWall version 4, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 4 |
AristotlePagaltzis |
1 |
A network device through which network traffic passes, such as (commonly) a router/gateway or (sometimes) a bridge/switch, which can filter or otherwise impose arbitrary restrictions on the traffic. It can therefore be used to present a hurdle for someone sitting on one side of the FireWall and trying to do something unwelcome or malicious to a system on the other side. Commonly, a FireWall is more permissive in one direction than the other, thus yielding an inside-vs-outside-the-FireWall configuration. The actual FireWall can be implemented in software (the usual case with routers) or hardware. |
| 1 |
WikiAdmin |
2 |
|
| 4 |
AristotlePagaltzis |
3 |
Dividing the network in this manner is both useful and problematic: |
| 2 |
ChrisLowth |
4 |
|
| 4 |
AristotlePagaltzis |
5 |
* It’s useful because it can provide a single hardened entry control point which effectively prevents initial attacker reconnaissance. It also prevents direct access to internal systems which might run services for whom a new exploit was just published, buying time for the administrator(s) to secure the systems. |
| |
|
6 |
|
| |
|
7 |
* It’s problematic because a lot of threats are internal, and as such entirely outside the scope of FireWall protection. A FireWall also ''must'' permit at least certain traffic (otherwise it’d be more effective to just cut the connection). Therefore, a FireWall can be no license for neglecting to keep ''every single'' machine on the network secure. |
| |
|
8 |
|
| |
|
9 |
A FireWall is an effective and financially efficient time-buying measure that protects the systems you control from falling victim to attacks you didn’t have the chance to learn about yet; not more. |
| |
|
10 |
|
| |
|
11 |
See also: |
| |
|
12 |
* HowFirewallingWorks |
| |
|
13 |
* FirewallNotes |
| |
|
14 |
* FirewallingPeerToPeer |
| |
|
15 |
* PerrysFirewallingScript |
