Firewall (computing)

Last updated

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. [1] [2] A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet. [3]

Contents

History

The term firewall originally referred to a wall intended to confine a fire within a line of adjacent buildings. [4] Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. The term was applied in the 1980s to network technology [5] that emerged when the Internet was fairly new in terms of its global use and connectivity. [6] The predecessors to firewalls for network security were routers used in the 1980s. Because they already segregated networks, routers could apply filtering to packets crossing them. [7]

Before it was used in real-life computing, the term appeared in the 1983 computer-hacking movie WarGames , and possibly inspired its later use. [8]

One of the earliest commercially successful firewall and network address translation (NAT) products was the PIX (Private Internet eXchange) Firewall, invented in 1994 by Network Translation Inc., a startup founded and run by John Mayes. The PIX Firewall technology was coded by Brantley Coile as a consultant software developer [9] . Recognizing the emerging IPv4 address depletion problem, they designed the PIX to enable organizations to securely connect private networks to the public internet using a limited number of registered IP addresses. The innovative PIX solution quickly gained industry acclaim, earning the prestigious "Hot Product of the Year" award from Data Communications Magazine in January 1995. Cisco Systems, seeking to expand into the rapidly growing network security market, subsequently acquired Network Translation Inc. in November 1995 to obtain the rights to the PIX technology. The PIX became one of Cisco's flagship firewall product lines before eventually being succeeded by the Adaptive Security Appliance (ASA) platform introduced in 2005.

Types of firewall

Firewalls are categorized as a network-based or a host-based system. Network-based firewalls are positioned between two or more networks, typically between the local area network (LAN) and wide area network (WAN), [10] their basic function being to control the flow of data between connected networks. They are either a software appliance running on general-purpose hardware, a hardware appliance running on special-purpose hardware, or a virtual appliance running on a virtual host controlled by a hypervisor. Firewall appliances may also offer non-firewall functionality, such as DHCP [11] [12] or VPN [13] services. Host-based firewalls are deployed directly on the host itself to control network traffic or other computing resources. [14] [15] This can be a daemon or service as a part of the operating system or an agent application for protection.

An illustration of a network-based firewall within a network Firewall.png
An illustration of a network-based firewall within a network

Packet filter

The first reported type of network firewall is called a packet filter, which inspects packets transferred between computers. The firewall maintains an access-control list which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with Internet Control Message Protocol or TCP reset response to the sender, and forward to the next hop. [16] Packets may be filtered by source and destination IP addresses, protocol, or source and destination ports. The bulk of Internet communication in 20th and early 21st century used either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) in conjunction with well-known ports, enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers. [17] [18]

The first paper published on firewall technology was in 1987 when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture. [19] In 1992, Steven McCanne and Van Jacobson released a paper on BSD Packet Filter (BPF) while at Lawrence Berkeley Laboratory. [20] [21]

Connection tracking

Flow of network packets through Netfilter, a Linux kernel module Netfilter-packet-flow.svg
Flow of network packets through Netfilter, a Linux kernel module

From 1989–1990, three colleagues from AT&T Bell Laboratories, Dave Presotto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them circuit-level gateways. [22]

Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes. [23]

Application layer

Marcus Ranum, Wei Xu, and Peter Churchyard released an application firewall known as Firewall Toolkit (FWTK) in October 1993. [24] This became the basis for Gauntlet firewall at Trusted Information Systems. [25] [26]

The key benefit of application layer filtering is that it can understand certain applications and protocols such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP). This allows it to identify unwanted applications or services using a non standard port, or detect if an allowed protocol is being abused. [27] It can also provide unified security management including enforced encrypted DNS and virtual private networking. [28] [29] [30]

As of 2012, the next-generation firewall provides a wider range of inspection at the application layer, extending deep packet inspection functionality to include, but is not limited to:

Endpoint specific

Endpoint-based application firewalls function by determining whether a process should accept any given connection. Application firewalls filter connections by examining the process ID of data packets against a rule set for the local process involved in the data transmission. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers. Application firewalls that hook into socket calls are also referred to as socket filters.[ citation needed ]

Most common firewall log types

Traffic Logs:

Threat Prevention Logs:

Audit Logs:

Event Logs:

Session Logs:

DDoS Mitigation Logs:

Geo-location Logs:

URL Filtering Logs:

User Activity Logs:

VPN Logs:

System Logs:

Compliance Logs:

Configuration

Setting up a firewall is a complex and error-prone task. A network may face security issues due to configuration errors. [32]

Firewall policy configuration is based on specific network type (e.g., public or private), and can be set up using firewall rules that either block or allow access to prevent potential attacks from hackers or malware. [33]

See also

Related Research Articles

<span class="mw-page-title-main">Router (computing)</span> Device that forwards data packets between computer networks

A router is a computer and networking device that forwards data packets between computer networks, including internetworks such as the global Internet.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

<span class="mw-page-title-main">Network address translation</span> Technique for making connections between IP address spaces

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The two primary categories of application firewalls are network-based and host-based.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It can, for example, allow private network communications to be sent across a public network, or for one network protocol to be carried over an incompatible network, through a process called encapsulation.

Windows Filtering Platform (WFP) is a set of system services in Windows Vista and later that allows Windows software to process and filter network traffic. Microsoft intended WFP for use by firewalls, antimalware software, and parental controls apps. Additionally, WFP is used to implement NAT and to store IPSec policy configuration.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

A distributed firewall is a security application on a host machine of a network that protects the servers and user machines of its enterprise's networks against unwanted intrusion. A firewall is a system or group of systems that implements a set of security rules to enforce access control between two networks to protect the "inside" network from the "outside" network. They filter all traffic regardless of its origin—the Internet or the internal network. Usually deployed behind the traditional firewall, they provide a second layer of defense. The advantages of the distributed firewall allow security rules (policies) to be defined and pushed out on an enterprise-wide basis, which is necessary for larger enterprises.

<span class="mw-page-title-main">SoftEther VPN</span> Open-source VPN client and server software

SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.

Port Control Protocol (PCP) is a computer networking protocol that allows hosts on IPv4 or IPv6 networks to control how the incoming IPv4 or IPv6 packets are translated and forwarded by an upstream router that performs network address translation (NAT) or packet filtering. By allowing hosts to create explicit port forwarding rules, handling of the network traffic can be easily configured to make hosts placed behind NATs or firewalls reachable from the rest of the Internet, which is a requirement for many applications.

A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a conventional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS-encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection, third-party identity management integration, and SSL decryption

<span class="mw-page-title-main">IPFire</span> Linux distribution

IPFire is a hardened open source Linux distribution that primarily performs as a router and a firewall; a standalone firewall system with a web-based management console for configuration.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

  1. Boudriga, Noureddine (2010). Security of mobile communications . Boca Raton: CRC Press. pp.  32–33. ISBN   978-0849379420.
  2. Macfarlane, Richard; Buchanan, William; Ekonomou, Elias; Uthmani, Omair; Fan, Lu; Lo, Owen (2012). "Formal security policy implementations in network firewalls". Computers & Security. 31 (2): 253–270. doi:10.1016/j.cose.2011.10.003.
  3. Oppliger, Rolf (May 1997). "Internet Security: FIREWALLS and BEYOND". Communications of the ACM. 40 (5): 94. doi: 10.1145/253769.253802 . S2CID   15271915.
  4. Canavan, John E. (2001). Fundamentals of Network Security (1st ed.). Boston, MA: Artech House. p. 212. ISBN   9781580531764.
  5. Cheswick, William R.; Bellovin, Steven M. (1994). Firewalls and Internet Security: Repelling The Wily Hacker. Addison-Wesley. ISBN   978-0201633573.
  6. Liska, Allan (Dec 10, 2014). Building an Intelligence-Led Security Program. Syngress. p. 3. ISBN   978-0128023709.
  7. Ingham, Kenneth; Forrest, Stephanie (2002). "A History and Survey of Network Firewalls" (PDF). Retrieved 2011-11-25.
  8. Boren, Jacob (2019-11-24). "10 Times '80s Sci-Fi Movies Predicted The Future". ScreenRant. Retrieved 2021-03-04.
  9. Mayes, John (2022-11-24). "NTI - JMA". Wikipedia. Retrieved 2023-03-04.
  10. Naveen, Sharanya. "Firewall". Archived from the original on 21 May 2016. Retrieved 7 June 2016.
  11. "Firewall as a DHCP Server and Client". Palo Alto Networks. Retrieved 2016-02-08.
  12. "DHCP". www.shorewall.net. Retrieved 2016-02-08.
  13. "What is a VPN Firewall? – Definition from Techopedia". Techopedia.com. Retrieved 2016-02-08.
  14. Vacca, John R. (2009). Computer and information security handbook. Amsterdam: Elsevier. p. 355. ISBN   9780080921945.
  15. "What is Firewall?" . Retrieved 2015-02-12.
  16. Peltier, Justin; Peltier, Thomas R. (2007). Complete Guide to CISM Certification. Hoboken: CRC Press. p. 210. ISBN   9781420013252.
  17. "TCP vs. UDP : The Difference Between them". www.skullbox.net. Retrieved 2018-04-09.
  18. Cheswick, William R.; Bellovin, Steven M.; Rubin, Aviel D. (2003). Firewalls and Internet Security repelling the wily hacker (2 ed.). Addison-Wesley Professional. ISBN   9780201634662.
  19. Ingham, Kenneth; Forrest, Stephanie (2002). "A History and Survey of Network Firewalls" (PDF). p. 4. Retrieved 2011-11-25.
  20. McCanne, Steven; Jacobson, Van (1992-12-19). "The BSD Packet Filter: A New Architecture for User-level Packet Capture" (PDF).
  21. McCanne, Steven; Jacobson, Van (January 1993). "The BSD Packet Filter: A New Architecture for User-level Packet Capture". USENIX.
  22. M. Afshar Alam; Tamanna Siddiqui; K. R. Seeja (2013). Recent Developments in Computing and Its Applications. I. K. International Pvt Ltd. p. 513. ISBN   978-93-80026-78-7.
  23. "Firewalls". MemeBridge. Retrieved 13 June 2014.
  24. "Firewall toolkit V1.0 release" . Retrieved 2018-12-28.
  25. John Pescatore (October 2, 2008). "This Week in Network Security History: The Firewall Toolkit". Archived from the original on April 29, 2016. Retrieved 2018-12-28.
  26. Marcus J. Ranum; Frederick Avolio. "FWTK history".
  27. "What is Layer 7? How Layer 7 of the Internet Works". Cloudflare. Retrieved Aug 29, 2020.
  28. "5 Firewall Features you Must-Have". Check Point Software. Retrieved 2021-11-08.
  29. Stanfield, Nathan (2019-12-04). "11 Firewall Features You Can't Live Without". Stanfield IT. Retrieved 2021-11-08.
  30. "Safing Portmaster". safing.io. Retrieved 2021-11-08.
  31. Liang, Junyan; Kim, Yoohwan (2022). Evolution of Firewalls: Toward Securer Network Using Next Generation Firewall. pp. 0752–0759. doi:10.1109/CCWC54503.2022.9720435. ISBN   978-1-6654-8303-2 . Retrieved 2024-02-02.
  32. Voronkov, Artem; Iwaya, Leonardo Horn; Martucci, Leonardo A.; Lindskog, Stefan (2018-01-12). "Systematic Literature Review on Usability of Firewall Configuration". ACM Computing Surveys. 50 (6): 1–35. doi:10.1145/3130876. ISSN   0360-0300. S2CID   6570517.
  33. "What is Firewall Configuration and Why is it Important?". Fortinet.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.