8/14/2019 Doc 31 Firewall

1/2

Syntel CQA Forum Firewall CQA Doc No 31

Firewall - a security system to protect a networked server or computer fromintentional or accidental damage or unauthorized access; implemented by eitherhardware (a dedicated gateway machine) or software (defensive coding).

A firewall is a set of related programs, located at a network gateway server, thatprotects the resources of a private network from users from other networks. (The termalso implies the security policy that is used with the programs.) An enterprise with an

intranet that allows its workers access to the wider Internet installs a firewall toprevent outsiders from accessing its own private data resources and for controllingwhat outside resources its own users have access to.

Basically, a firewall, working closely with a router program, examines each networkpacket to determine whether to forward it toward its destination. A firewall alsoincludes or works with a proxy server that makes network requests on behalf ofworkstation users. A firewall is often installed in a specially designated computerseparate from the rest of the network so that no incoming request can get directly atprivate network resources.

There are a number of firewall screening methods. A simple one is to screen requeststo make sure they come from acceptable (previously identified) domain name andInternet Protocol addresses. For mobile users, firewalls allow remote access in to theprivate network by the use of secure logon procedures and authentication certificates.A number of companies make firewall products. Features include logging andreporting, automatic alarms at given thresholds of attack, and a graphical userinterface for controlling the firewall.

A firewall protects a computer network from unauthorized access. Firewalls may behardware devices, software programs, or a combination of the two. A firewall typicallyguards an internal network against malicious access from the outside; however,firewalls may also be configured to limit access to the outside from internal users.

Perhaps the most familiar form of Internet firewall is a proxy server. Proxy servers actas an intermediary between internal and external computers by receiving andselectively blocking data packets at the network boundary. They also provide an extrameasure of safety by hiding internal LAN addresses from the outside. In a proxy serverenvironment, network requests from multiple clients appear to the outsider as allcoming from the same proxy server address.Also Known As: proxy, gateway

In networking, a firewall could be described as a specially designed device thatcontrols the spreading of a network threat. The most commonly talked about source ofnetwork threats is the Internet. The Internet is the home of many unknown people

that we cannot trust. There are hackers on the Internet that may want to do ournetworks harm. We can use a firewall to impede an untrusted person from doingdamage to our networks.

A system designed to prevent unauthorized access to or from a private network.Firewalls can be implemented in both hardware and software, or a combination ofboth. Firewalls are frequently used to prevent unauthorized Internet users fromaccessing private networks connected to the Internet, especially intranets. Allmessages entering or leaving the intranet pass through the firewall, which examineseach message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques: Packet filter: Looks at each packet entering or leaving the network and

accepts or rejects it based on user-defined rules. Packet filtering is fairly

10718263.doc Page 1of 1

http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212176,00.htmlhttp://searchenterpriseservers.techtarget.com/sDefinition/0,,sid25_gci212964,00.htmlhttp://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci212377,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212924,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212736,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212840,00.htmlhttp://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci211988,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214031,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212887,00.htmlhttp://access.html/http://network.html/http://hardware.html/http://software.html/http://internet.html/http://intranet.html/http://security.html/http://packet.html/http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212176,00.htmlhttp://searchenterpriseservers.techtarget.com/sDefinition/0,,sid25_gci212964,00.htmlhttp://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci212377,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212924,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212736,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212840,00.htmlhttp://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci211988,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214031,00.htmlhttp://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212887,00.htmlhttp://access.html/http://network.html/http://hardware.html/http://software.html/http://internet.html/http://intranet.html/http://security.html/http://packet.html/

8/14/2019 Doc 31 Firewall

2/2

Syntel CQA Forum Firewall CQA Doc No 31

effective and transparent to users, but it is difficult to configure. In addition, it issusceptible to IP spoofing.

Application gateway: Applies security mechanisms to specific applications,such as FTP and Telnet servers. This is very effective, but can impose aperformance degradation.

Circuit-level gateway: Applies security mechanisms when a TCP or UDP

connection is established. Once the connection has been made, packets canflow between the hosts without further checking.

Proxy server: Intercepts all messages entering and leaving the network. Theproxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert.

A firewall is considered a first line of defense in protecting private information. Forgreater security, data can be encrypted.

10718263.doc Page 2of 1

http://var/www/apps/scribd/scribd/tmp/scratch6/IP_spoofing.htmlhttp://ftp.html/http://telnet.html/http://tcp.html/http://udp.html/http://var/www/apps/scribd/scribd/tmp/scratch6/proxy_server.htmlhttp://data.html/http://encryption.html/http://var/www/apps/scribd/scribd/tmp/scratch6/IP_spoofing.htmlhttp://ftp.html/http://telnet.html/http://tcp.html/http://udp.html/http://var/www/apps/scribd/scribd/tmp/scratch6/proxy_server.htmlhttp://data.html/http://encryption.html/