Differences between version 4 and predecessor to the previous major change of FireWall.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 4 | Last edited on Thursday, May 26, 2005 9:51:00 pm | by AristotlePagaltzis | Revert |
| Older page: | version 3 | Last edited on Wednesday, May 25, 2005 9:36:28 pm | by JohnMcPherson | Revert |
@@ -1,5 +1,15 @@
-A device (can be
a dedicated piece of hardware
or a software application
) which helps to monitor incoming and outgoing network
traffic.
It can therefore be used to try
and prevent
malicious attacks
on the system
.
+A network
device through which network traffic passes, such as
(commonly)
a router/gateway
or (sometimes
) a bridge/switch,
which can filter or otherwise impose arbitrary restrictions on the
traffic. It can therefore be used to present a hurdle for someone sitting on one side of the FireWall
and trying to do something unwelcome or
malicious to a system
on the other side. Commonly, a FireWall is more permissive in one direction than the other, thus yielding an inside-vs-outside-the-FireWall configuration. The actual FireWall can be implemented in software (the usual case with routers) or hardware
.
-See FirewallNotes
+Dividing the network in this manner is both useful and problematic:
-See FirewallingPeerToPeer
+* It’s useful because it can provide a single hardened entry control point which effectively prevents initial attacker reconnaissance. It also prevents direct access to internal systems which might run services for whom a new exploit was just published, buying time for the administrator(s) to secure the systems.
+
+* It’s problematic because a lot of threats are internal, and as such entirely outside the scope of FireWall protection. A FireWall also ''must'' permit at least certain traffic (otherwise it’d be more effective to just cut the connection). Therefore, a FireWall can be no license for neglecting to keep ''every single'' machine on the network secure.
+
+A FireWall is an effective and financially efficient time-buying measure that protects the systems you control from falling victim to attacks you didn’t have the chance to learn about yet; not more.
+
+
See also:
+* HowFirewallingWorks
+* FirewallNotes
+*
FirewallingPeerToPeer
+* PerrysFirewallingScript
