Wikipedia

Firewall (computing): Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Reverted 1 edit by Sequelnet (talk): Spam
m Added and fix some words for clarity.
Line 1:
{{short description|Software or hardware-based network security system}}
 
In [[computing]], a '''firewall''' is a [[network security]] system that [[Network monitoring|monitors]] and controls incoming and outgoing [[network traffic]] based on configurable security rules.<ref>{{cite book | first1=Noureddine | last1=Boudriga | title=Security of mobile communications | url=https://archive.org/details/securitymobileco00boud | url-access=limited | publisher=CRC Press | date=2010 | ___location=Boca Raton | pages=[https://archive.org/details/securitymobileco00boud/page/n66 32]–33 | isbn=978-0849379420}}</ref><ref>{{Cite journal |last1=Macfarlane |first1=Richard |last2=Buchanan |first2=William |last3=Ekonomou |first3=Elias |last4=Uthmani |first4=Omair |last5=Fan |first5=Lu |last6=Lo |first6=Owen |date=2012 |title=Formal security policy implementations in network firewalls |url=https://linkinghub.elsevier.com/retrieve/pii/S0167404811001192 |journal=Computers & Security |language=en |volume=31 |issue=2 |pages=253–270 |doi=10.1016/j.cose.2011.10.003}}</ref> A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the [[Internet]],<ref name="Oppliger 1997 94">{{cite journal|last=Oppliger|first=Rolf|title=Internet Security: FIREWALLS and BEYOND|journal=Communications of the ACM|date=May 1997|volume=40|issue=5|page=94|doi=10.1145/253769.253802|s2cid=15271915|doi-access=free}}</ref> or between several [[VLAN]]s. Firewalls can be placed for routers or a single device.
 
== History ==
The term ''[[firewall (construction)|firewall]]'' originally referred to a wall intended to confine a fire within a line of adjacent buildings.<ref>{{cite book|last1= Canavan|first1=John E.|title=Fundamentals of Network Security|date=2001|publisher=Artech House|___location=Boston, MA|isbn=9781580531764|page=212|edition=1st}}</ref> Later uses refer to similar structures, such as the [[Firewall (engine)|metal sheet]] separating the [[engine]] compartment of a [[vehicle]] or [[aircraft]] from the passenger compartment. The term was applied in the 1980s to network technology<ref name="cheskwick1994">{{cite book | first1 = William R. | last1 = Cheswick | author1-link = William Cheswick | first2= Steven M. | last2= Bellovin | author2-link = Steven M. Bellovin | title = [[Firewalls and Internet Security]]: Repelling The Wily Hacker | year = 1994 | publisher = Addison-Wesley | isbn = 978-0201633573 }}</ref> that emerged when the Internet was fairly new in terms of its global use and connectivity.<ref>{{cite book|last1=Liska|first1=Allan|title=Building an Intelligence-Led Security Program|date=Dec 10, 2014|publisher=Syngress|isbn=978-0128023709|page=3}}</ref> The predecessors to firewalls for network security were [[Router (computing)|routers]] used in the 1980s. Because they already segregated networks, routers could apply filtering tofilter packets crossing them.<ref name="report_unm">{{cite web |url=http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf |title=A History and Survey of Network Firewalls |year=2002 |last1=Ingham |first1=Kenneth |last2=Forrest |first2=Stephanie |access-date=2011-11-25 |archive-url=https://web.archive.org/web/20060902171316/http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf |archive-date=2006-09-02 |url-status=dead }}</ref>
 
Before it was used in real-life computing, the term appeared in [[John Badham|John Badham's]] 1983 computer{{nbh}}hacking movie ''[[WarGames]]'', spoken by the bearded and bespectacled programmer named Paul Richter, which possibly inspired its later use.<ref>{{Cite web|last=Boren|first=Jacob|date=2019-11-24|title=10 Times '80s Sci-Fi Movies Predicted The Future|url=https://screenrant.com/80s-sci-fi-movies-predicted-the-future/|access-date=2021-03-04|website=ScreenRant|language=en-US}}</ref>
Line 10:
One of the earliest commercially successful firewall and network address translation (NAT) products was the PIX (Private Internet eXchange) Firewall, invented in 1994 by Network Translation Inc., a startup founded and run by John Mayes. The PIX Firewall technology was coded by Brantley Coile as a consultant software developer.<ref>{{Cite web|last=Mayes|first=John|date=2022-11-24|title=NTI - JMA|url=http://www.jma.com/nti.html|access-date=2023-03-04|website=Wikipedia|language=en-US}}</ref> Recognizing the emerging IPv4 address depletion problem, they designed the PIX to enable organizations to securely connect private networks to the public internet using a limited number of registered IP addresses. The innovative PIX solution quickly gained industry acclaim, earning the prestigious "Hot Product of the Year" award from Data Communications Magazine in January 1995. Cisco Systems, seeking to expand into the rapidly growing network security market, subsequently acquired Network Translation Inc. in November 1995 to obtain the rights to the PIX technology. The PIX became one of Cisco's flagship firewall product lines before eventually being succeeded by the Adaptive Security Appliance (ASA) platform introduced in 2005.
 
== Types of firewallfirewalls ==
{{see also||Computer security||Comparison of firewalls}}
Firewalls are categorized as a network-based or a host-based system. Network-based firewalls are positioned between two or more networks, typically between the [[Local area network|local area network (LAN)]] and [[Wide area network|wide area network (WAN)]],<ref>{{Cite web
Line 25:
 
=== Packet filter ===
The first reported type of network firewall is called a [[PF (firewall)|packet filter]], which inspects packets transferred between computers. The firewall maintains an [[access-control list]] which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with [[Internet Control Message Protocol]] or [[TCP reset attack|TCP reset]] response to the sender, and forward to the next hop.<ref>{{cite book|last1=Peltier|first1=Justin |first2=Thomas R. |last2=Peltier |title=Complete Guide to CISM Certification |date=2007 |publisher=CRC Press |___location=Hoboken |isbn=9781420013252 |page=210}}</ref> Packets may be filtered by source and destination [[network address|IP addresses]], protocol, or source and destination [[Port (computer networking)|ports]]. The bulk of Internet communication in 20th and early 21st century used either [[Transmission Control Protocol]] (TCP) or [[User Datagram Protocol]] (UDP) in conjunction with [[List of TCP and UDP port numbers|well-known ports]], enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers.<ref>{{Cite web |url=http://www.skullbox.net/tcpudp.php|title=TCP vs. UDP : The Difference Between them|website=www.skullbox.net|language=en|access-date=2018-04-09}}</ref><ref name="cheswick2003">{{cite book | first1 = William R. | last1= Cheswick |first2= Steven M.|last2= Bellovin| first3= Aviel D. |last3 = Rubin | year = 2003 | title = [[Firewalls and Internet Security]] repelling the wily hacker | publisher= Addison-Wesley Professional | edition = 2 | isbn = 9780201634662}}</ref>
 
The first paper published on firewall technology was in 1987 when engineers from [[Digital Equipment Corporation]] (DEC) developed filter systems known as packet filter firewalls. At [[Bell Labs|AT&T Bell Labs]], [[William Cheswick|Bill Cheswick]] and [[Steven M. Bellovin|Steve Bellovin]] continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture.<ref>{{cite web |url=http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf |title=A History and Survey of Network Firewalls |year=2002 |last1=Ingham |first1=Kenneth |last2=Forrest |first2=Stephanie |page=4 |access-date=2011-11-25 |archive-url=https://web.archive.org/web/20060902171316/http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf |archive-date=2006-09-02 |url-status=dead }}</ref> In 1992, Steven McCanne and
Line 200:
 
== External links ==
{{Wikibooks| Guide to Unix|BSD/OpenBSD/As a Firewall|OpenBSD PF firewall}}
{{commons category|Firewall}}
* [http://docstore.mik.ua/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3.htm Evolution of the Firewall Industry] – discusses different architectures, how packets are processed and provides a timeline of the evolution.
* [http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf A History and Survey of Network Firewalls] – provides an overview of firewalls at various ISO levels, with references to original papers where early firewall work was reported.
Retrieved from "https://en.wikipedia.org/wiki/Firewall_(computing)"