 firewall
What is a network firewall?
A firewall is a system or group of systems that enforces an access control
policy between two networks. The means by which this is accomplished
varies widely, but in principle, the firewall can be thought of as a pair
of mechanisms: one which exists to block traffic, and the other which
exists to permit traffic. Some firewalls place a greater emphasis on
blocking traffic, while others emphasize permitting traffic. Most notably,
it implements an access control policy. If you don't know what kind
of access you want to permit or deny, or simply let someone configure a
firewall based on what they think it should do, you are allowing
that person to make an important policy decision for your organization.
Why would I want a firewall?
The Internet is used by people who mischievously and maliciously invade
others' privacy. Most companies have sensitive or proprietary data they
must protect. A firewall keeps invaders out of a network while letting
users do their jobs.
Many companies have security policies that dictate how data must be
protected. Many use their firewall systems as a place to store public
information about corporate products and services, files to download,
bug-fixes, etc. The hardest part of connecting to the Internet can be
convincing management it's safe to do so. A firewall can play an important
role as a security blanket for management.
What can a firewall protect against?
Some firewalls permit only e-mail traffic, thereby protecting the network
against any attacks other than attacks against the e-mail service. Other
firewalls provide less strict protections and block services that are
known to be problems.
Generally, firewalls protect against unauthenticated interactive logins
from the outside world. This helps prevent vandals from logging onto
machines on your network. More elaborate firewalls block traffic from the
outside, while permitting inside users to communicate freely with the
outside.
Firewalls also can provide a single "choke point," where security and
audit can be imposed. In a situation where a computer system is being
attacked by someone dialing in with a modem, a firewall can act as an
effective 'phone tap' and tracing tool. Firewalls provide an important
logging and auditing function; often they provide summaries to the
administrator about what kinds and amounts of traffic, how many attempts
there were to break in, etc.
What can't a firewall protect against?
Firewalls can't protect against attacks that don't go through the
firewall. Many corporations that connect to the Internet are very
concerned about proprietary data leaking out of the company through that
route. Unfortunately, a magnetic tape can just as effectively be used to
export data. Many organizations terrified of Internet connections have no
coherent policy about how dial-in access via modems should be protected.
Many organizations buying expensive firewalls neglect numerous other
back-doors into their networks. For a firewall to work, it must be a part
of a consistent overall organizational security architecture. Firewall
policies must be realistic and reflect the level of security in the entire
network. A site with top-secret or classified data doesn't need a firewall
— systems with secret data should be isolated from the rest of the
corporate network.
A firewall also can't protect against mischief from inside your
network. While an industrial spy might export information through your
firewall, he's just as likely to export it through a telephone, FAX
machine or floppy disk. And an attacker may break into your network by
completely bypassing your firewall if a helpful employee provides access
to a modem pool.
|
