Content deleted Content added
→History: Archive |
→Packet filter: Archive |
||
Line 27:
The first reported type of network firewall is called a [[PF (firewall)|packet filter]], which inspects packets transferred between computers. The firewall maintains an [[access-control list]] which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with [[Internet Control Message Protocol]] or [[TCP reset attack|TCP reset]] response to the sender, and forward to the next hop.<ref>{{cite book|last1=Peltier|first1=Justin |first2=Thomas R. |last2=Peltier |title=Complete Guide to CISM Certification |date=2007 |publisher=CRC Press |___location=Hoboken |isbn=9781420013252 |page=210}}</ref> Packets may be filtered by source and destination [[network address|IP addresses]], protocol, or source and destination [[Port (computer networking)|ports]]. The bulk of Internet communication in 20th and early 21st century used either [[Transmission Control Protocol]] (TCP) or [[User Datagram Protocol]] (UDP) in conjunction with [[List of TCP and UDP port numbers|well-known ports]], enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers.<ref>{{Cite web |url=http://www.skullbox.net/tcpudp.php|title=TCP vs. UDP : The Difference Between them|website=www.skullbox.net|language=en|access-date=2018-04-09}}</ref><ref name="cheswick2003">{{cite book | first1 = William R. | last1= Cheswick |first2= Steven M.|last2= Bellovin| first3= Aviel D. |last3 = Rubin | year = 2003 | title = [[Firewalls and Internet Security]] repelling the wily hacker | publisher= Addison-Wesley Professional | edition = 2 | isbn = 9780201634662}}</ref>
The first paper published on firewall technology was in 1987 when engineers from [[Digital Equipment Corporation]] (DEC) developed filter systems known as packet filter firewalls. At [[Bell Labs|AT&T Bell Labs]], [[William Cheswick|Bill Cheswick]] and [[Steven M. Bellovin|Steve Bellovin]] continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture.<ref>{{cite web |url=http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf |title=A History and Survey of Network Firewalls |year=2002 |last1=Ingham |first1=Kenneth |last2=Forrest |first2=Stephanie |page=4 |access-date=2011-11-25 |archive-url=https://web.archive.org/web/20060902171316/http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf |archive-date=2006-09-02 |url-status=dead }}</ref> In 1992, Steven McCanne and
Van Jacobson released a paper on [[Berkeley Packet Filter|BSD Packet Filter]] (BPF) while at [[Lawrence Berkeley Laboratory]].<ref name="bpf93">{{cite web
| url=http://www.tcpdump.org/papers/bpf-usenix93.pdf
Line 35:
| first2=Van
| last2=Jacobson
| date=1992-12-19
| archive-url=https://web.archive.org/web/20000916155334/http://www.tcpdump.org/papers/bpf-usenix93.pdf
| archive-date=2000-09-16
| url-status=dead}}</ref><ref>{{cite web
| url=https://www.usenix.org/conference/usenix-winter-1993-conference/bsd-packet-filter-new-architecture-user-level-packet
| title=The BSD Packet Filter: A New Architecture for User-level Packet Capture
| |||