| PH.# 847-803-9420 310 N. Busse Hwy. #312 Park Ridge, IL 60068 info@regillo.com |
 |
|||
|
Tech News First Study: Uptick in spam-sending zombie PCs in September Symantec attributes the growth to an increase in e-mail with sensationalistic news headlines that include links to downloadable malware. Spam volume down in September MessageLabs cites demise of one ISP and finds that the peak time of day for sexually explicit spam falls around the noon hour. Inside CNET Labs 16: 'Starcraft' was the bridge Episode 16 of the Inside CNET Labs Podcast Gates-Seinfeld schtick more viral than 'I'm a PC' Featured links from the CNET Blog Network Gates-Seinfeld schtick more viral than 'I'm a PC'--The two Gates-Seinfeld commercials have enjoyed 4.3 million more viral-video views than Microsoft's replacement "I'm a PC" campaign, according to Visible Measures. Open source can still win in a down economy--Economics are on the side of open source--the best value for money means enterprises can continue to grow during the economic downturn. Marc Fleury's OpenRemote gets into databases with Beehive--The OpenRemote project kicks off a central, open-source database for managing home-automation codes. It's the product, stupid: branding firms and industrial design--Carl Alviani describes a trend that has been emerging for a while now: Not only do digital agencies like R/GA enter the branding domain, branding, marcom, and advertising firms also round out their services portfolio by adding product design capabilities. Two Europeans indicted over U.S. cyberattacks A 24-year-old from England and a 25-year-old from Germany face conspiracy and computer damage charges related to a large-scale DDoS attack resulting in major financial losses. Hack and tell: Teen hacker Mafiaboy writes memoir Michael Calce, aka "Mafiaboy," who shut down major Web sites in 2000, has written a tell-all book that is due out next week. Ex-McAfee lawyer acquitted in stock options backdating trial Kent Roberts is the first executive to be acquitted on stock options backdating-related charges. Skype: We didn't know about security issues The company's president says he knew its Chinese partner filtered messages, but he was unaware that it was storing personal information in an insecure way. 'Internet safety' may be an oxymoron Reports on clickjacking, which enables a PC to get infected when a user clicks on a disguised Web link, point out that when it comes to Web browsing, there is no such thing as "security." Report: Adware supplies one third of all malware New figures show increased use of adware to deposit malicious software on victims' desktops, according to Panda Security. Estonia posts its cybersecurity strategy Report seeks to establish good cybersecurity practices within the country while urging global condemnation of all cybersecurity threats in the future. New phishing attempt targets bank customers Latest phishing threat exploits confusion over consolidation in banking industry to try to get information out of e-mail recipients for online financial theft and identity fraud. All the news that's fit to exploit--Google Trends Security firm sees trend in cybercriminals looking to Google Trends to find ways to lure victims to malicious Web sites. People can do more to guard against ID theft, says group While a new law will give victims of identity theft greater restitution for the damages they suffer, a study shows people can better protect themselves from cybercrime. Researchers find security holes in NYT, YouTube, ING, MetaFilter sites Attackers could have used vulnerabilities on several Web sites to compromise people's accounts, allowing them to steal money, harvest e-mail addresses, or pose as others online. Newsfeed display by CaRP |
|
A firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the network policy, analagous to the function of firewalls in building construction. It has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet ( a zone with no trust ) and an internal network ( a zone with high trust ). The ultimate goal is to prevent intrusion from a connected network device into other networked devices.
Network security analysts distinguish between:
The latter definition corresponds to the conventional meaning of "firewall" in networking, and the remainder of this article addresses this type of firewall. Two main categories of such firewalls exist: These two types of firewall may overlap; indeed, single systems have implemented both together.
[edit]
Types of firewalls
[edit]
Network layer firewallsNetwork layer firewalls operate at a (relatively low) level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating system and network appliances.
[edit]
Application-layer firewallsApplication-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. The XML Firewall exemplifies a more recent kind of application-layer firewall. A proxy device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets. Proxies make tampering with an internal system from the external network more difficult, and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network. Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly use so-called "private address space", as defined in RFC 1918. Administrators often set up such scenarios in an effort (of debatable effectiveness) to disguise the internal address or network. Proper configuration of firewalls demands skill. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.
[edit]
See also
[edit]
External links
available under the terms of the GNU Free Documentation License
© 2005 Regillo, Inc. Please Link Back to Our Site:
|
