| PH.# 847-803-9420 310 N. Busse Hwy. #312 Park Ridge, IL 60068 info@regillo.com |
 |
|||
|
Tech News First Rising fraud threats in virtual worlds McAfee says phishing attacks, viruses, spam, and money laundering are rife in virtual worlds. Security hole opens up password protected iPhones Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected. IE 8 beta gives other browsers a run for their money With the newest public beta version of its Internet Explorer browser, Microsoft meets, and in some cases exceeds, the security features available in other browsers. Become a remote spy with Swann's new wireless camera Swann announces the IP-3G ConnectCam 1000. Space: The final frontier for computer viruses Virus that hits laptops onboard the International Space Station isn't the first ever, just the first one that is reported, NASA says. Google Earth shows cows point north Featured links from the CNET Blog Network Google Earth shows cows point north -- A study by German scientists using images sourced from Google Earth shows that cows align themselves to the north-south magnetic axis. The opportunity for backup and disaster recovery in the Cloud -- Cloud-based services offer a new opportunity for businesses to take backup and disaster recovery seriously. The site that might help you sleep with a psychopath -- Airbedandbreakfast.com is a site that encourages people to host and to stay at ordinary people's houses when they're traveling. The correct way to update Windows' device drivers -- Visit the system vendor's site to download the latest versions of the software that runs your PC's important components. Firefox extension protects against man-in-the-middle attacks New software helps guide users to safe Web sites and away from malicious sites, without being confused by an error message Firefox displays for many Web sites that don't pay third-parties to verify their security. Amex, Royal Bank of Scotland, NatWest customer details sold on eBay Over 1 million customers' details have been compromised because of a data-archiving company's server being sold on eBay. Ubuntu issues security patch for kernel flaw Linux vendor warns users to update all machines running recent versions of Ubuntu. IE 8 to include private browsing feature The next version of Explorer will allow you to control whether the browser automatically saves your browsing history, cookies, and other data. Data on 84,000 U.K. prisoners is lost A contractor for the Home Office had downloaded the unencrypted data to a USB memory stick for "processing purposes." Loss results in suspension of PA Consulting staffer. Google making SSL changes, other sites quiet A security researcher holds off on releasing exploit after talks with Google, the only company to respond to complaints about SSL implementations. Red Hat, Fedora servers compromised Linux seller says Red Hat and Fedora servers were breached but customers are not affected. Phreaker calls buddies overseas on U.S. government dime U.S. FEMA investigating voice mail hole that allowed hacker to make hundreds of calls overseas. Brazilian charged in U.S. in connection with operating botnet U.S. grand-jury indictment alleges that Brazilian man had a role in a botnet made up of more than 100,000 infected computers designed to send spam. Newsfeed display by CaRP |
|
A firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the network policy, analagous to the function of firewalls in building construction. It has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet ( a zone with no trust ) and an internal network ( a zone with high trust ). The ultimate goal is to prevent intrusion from a connected network device into other networked devices.
Network security analysts distinguish between:
The latter definition corresponds to the conventional meaning of "firewall" in networking, and the remainder of this article addresses this type of firewall. Two main categories of such firewalls exist: These two types of firewall may overlap; indeed, single systems have implemented both together.
[edit]
Types of firewalls
[edit]
Network layer firewallsNetwork layer firewalls operate at a (relatively low) level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating system and network appliances.
[edit]
Application-layer firewallsApplication-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. The XML Firewall exemplifies a more recent kind of application-layer firewall. A proxy device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets. Proxies make tampering with an internal system from the external network more difficult, and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network. Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly use so-called "private address space", as defined in RFC 1918. Administrators often set up such scenarios in an effort (of debatable effectiveness) to disguise the internal address or network. Proper configuration of firewalls demands skill. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.
[edit]
See also
[edit]
External links
available under the terms of the GNU Free Documentation License
© 2005 Regillo, Inc. Please Link Back to Our Site:
|
