Differences between current version and predecessor to the previous major change of FireWall.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 4 Last edited on Thursday, May 26, 2005 9:51:00 pm by AristotlePagaltzis
Older page: version 3 Last edited on Wednesday, May 25, 2005 9:36:28 pm by JohnMcPherson Revert
@@ -1,5 +1,15 @@
-A device (can be a dedicated piece of hardware or a software application ) which helps to monitor incoming and outgoing network traffic. It can therefore be used to try and prevent malicious attacks on the system
+A network device through which network traffic passes, such as (commonly) a router/gateway or (sometimes ) a bridge/switch, which can filter or otherwise impose arbitrary restrictions on the traffic. It can therefore be used to present a hurdle for someone sitting on one side of the FireWall and trying to do something unwelcome or malicious to a system on the other side. Commonly, a FireWall is more permissive in one direction than the other, thus yielding an inside-vs-outside-the-FireWall configuration. The actual FireWall can be implemented in software (the usual case with routers) or hardware
-See FirewallNotes  
+Dividing the network in this manner is both useful and problematic:  
-See FirewallingPeerToPeer 
+* It’s useful because it can provide a single hardened entry control point which effectively prevents initial attacker reconnaissance. It also prevents direct access to internal systems which might run services for whom a new exploit was just published, buying time for the administrator(s) to secure the systems.  
+* It’s problematic because a lot of threats are internal, and as such entirely outside the scope of FireWall protection. A FireWall also ''must'' permit at least certain traffic (otherwise it’d be more effective to just cut the connection). Therefore, a FireWall can be no license for neglecting to keep ''every single'' machine on the network secure.  
+A FireWall is an effective and financially efficient time-buying measure that protects the systems you control from falling victim to attacks you didn’t have the chance to learn about yet; not more.  
+ See also:  
+* HowFirewallingWorks  
+* FirewallNotes  
+* FirewallingPeerToPeer  
+* PerrysFirewallingScript