FIREWALL EXPLAINED
What is a Firewall? - In computing, a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewall's in building construction. A firewall is also called a Border Protection Device (BPD), especially in NATO contexts, or packet filter in BSD contexts.
A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
Proper configuration of firewall's demands skill from the administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.
There are three basic types of firewall's depending on
- whether the communication is being done between a single node and the network, or between two or more networks
- whether the communication is intercepted at the network layer, or at the application layer
- whether the communication state is being tracked at the firewall or not
With regard to the scope of filtered communication there exist:
- personal firewall's, a software application which normally filters traffic entering or leaving a single computer through the Internet
- network firewall's, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking.
There's also the notion of application firewall's which are sometimes used during wide area network (WAN) networking on the world-wide web and govern the system software. An extended description would place them lower than application layer firewall's, indeed at the Operating System layer, and could alternately be called operating system firewall's.