Firewall
Jump to navigation
Jump to search
In computer networks, a firewall is a set of information security functions that may or may not reside in a single physical computer. Large or fault-tolerant networks have multiple firewalls. The functions control certain types of access to the protected network. Most often, we think of the attacks as coming from the Internet, but firewalls have applications for internal networks — and not all secure access through the Internet goes through a firewall.
Some basic firewall functions include:
- Stateless packet filtering
- Stateful packet inspection
- Network address translation
- Proxy services
- Security logging
What a firewall is not
- A substitute for a security policy
- A substitute for information security administration
- (necessarily) a single computer
- A guarantee of network security
Firewalls are not primary protection against
- Attacks inside the protected network
- Some denial of service attacks
- Most malware
- Fraudulent authentication
- Human error
Cooperating services
These may or may not share computers, although it is wise to have the minimum possible number of services on a firewall.