The term firewall
originally referred to a wall intended to confine a fire within a line of adjacent buildings.
Later uses refer to similar structures, such as the metal sheet
separating the engine
compartment of a vehicle or aircraft
from the passenger compartment. The term was applied in the late 1980s to network technology
that emerged when the Internet was fairly new in terms of its global use and connectivity.
The predecessors to firewalls for network security were routers
used in the late 1980s. Because they already segregated networks, routers could apply filtering to packets crossing them.
Before it was used in real-life computing, the term appeared in the 1983 computer-hacking movie WarGames
, and possibly inspired its later use.
An illustration a network based firewall within a network
The first reported type of network firewall is called a packet filter, which inspect packets transferred between computers. The firewall maintains an access control list
which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with Internet Control Message Protocol
or TCP reset
response to the sender, and forward to the next hop.
Packets may be filtered by source and destination IP addresses
, protocol, source and destination ports
. The bulk of Internet communication in 20th and early 21st century used either Transmission Control Protocol
(TCP) or User Datagram Protocol
(UDP) in conjunction with well-known ports
, enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers.
The first paper published on firewall technology was in 1987 when engineers from Digital Equipment Corporation
(DEC) developed filter systems known as packet filter firewalls. At AT&T Bell Labs
, Bill Cheswick
and Steve Bellovin
continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture.
Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses
are using at layer 4 (transport layer
) of the OSI model
for their conversation, allowing examination of the overall exchange between the nodes.
Endpoint based application firewalls function by determining whether a process should accept any given connection. Application firewalls filter connections by examining the process ID of data packets against a rule set for the local process involved in the data transmission. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers. Application firewalls that hook into socket calls are also referred to as socket filters.
Setting up a firewall is a complex and error-prone task. A network may face security issues due to configuration errors.
- ^ Boudriga, Noureddine (2010). Security of mobile communications. Boca Raton: CRC Press. pp. 32–33. ISBN 978-0849379420.
- ^ Oppliger, Rolf (May 1997). "Internet Security: FIREWALLS and BEYOND". Communications of the ACM. 40 (5): 94. doi:10.1145/253769.253802. S2CID 15271915.
- ^ Canavan, John E. (2001). Fundamentals of Network Security (1st ed.). Boston, MA: Artech House. p. 212. ISBN 9781580531764.
- ^ Cheswick, William R.; Bellovin, Steven M. (1994). Firewalls and Internet Security: Repelling The Wily Hacker. ISBN 978-0201633573.
- ^ Liska, Allan (Dec 10, 2014). Building an Intelligence-Led Security Program. Syngress. p. 3. ISBN 978-0128023709.
- ^ Ingham, Kenneth; Forrest, Stephanie (2002). "A History and Survey of Network Firewalls" (PDF). Retrieved 2011-11-25.
- ^ Boren, Jacob (2019-11-24). "10 Times '80s Sci-Fi Movies Predicted The Future". ScreenRant. Retrieved 2021-03-04.
- ^ Naveen, Sharanya. "Firewall". Retrieved 7 June 2016.
- ^ "Firewall as a DHCP Server and Client". Palo Alto Networks. Retrieved 2016-02-08.
- ^ "DHCP". www.shorewall.net. Retrieved 2016-02-08.
- ^ "What is a VPN Firewall? – Definition from Techopedia". Techopedia.com. Retrieved 2016-02-08.
- ^ Vacca, John R. (2009). Computer and information security handbook. Amsterdam: Elsevier. p. 355. ISBN 9780080921945.
- ^ "What is Firewall?". Retrieved 2015-02-12.
- ^ Peltier, Justin; Peltier, Thomas R. (2007). Complete Guide to CISM Certification. Hoboken: CRC Press. p. 210. ISBN 9781420013252.
- ^ "TCP vs. UDP : The Difference Between them". www.skullbox.net. Retrieved 2018-04-09.
- ^ Cheswick, William R.; Bellovin, Steven M.; Rubin, Aviel D. (2003). Firewalls and Internet Security repelling the wily hacker (2 ed.). ISBN 9780201634662.
- ^ Ingham, Kenneth; Forrest, Stephanie (2002). "A History and Survey of Network Firewalls" (PDF). p. 4. Retrieved 2011-11-25.
- ^ M. Afshar Alam; Tamanna Siddiqui; K. R. Seeja (2013). Recent Developments in Computing and Its Applications. I. K. International Pvt Ltd. p. 513. ISBN 978-93-80026-78-7.
- ^ "Firewalls". MemeBridge. Retrieved 13 June 2014.
- ^ "Firewall toolkit V1.0 release". Retrieved 2018-12-28.
- ^ John Pescatore (October 2, 2008). "This Week in Network Security History: The Firewall Toolkit". Retrieved 2018-12-28.
- ^ Marcus J. Ranum; Frederick Avolio. "FWTK history".
- ^ "What is Layer 7? How Layer 7 of the Internet Works". Cloudflare. Retrieved Aug 29, 2020.
- ^ Kohila, N. (November 2014). "Data Security in Local Network Using Distributed Firewall"(PDF). International Journal of Scientific Research in Computer Science Applications and Management Studies. 3: 8 – via IEEE.
- ^ Voronkov, Artem; Iwaya, Leonardo Horn; Martucci, Leonardo A.; Lindskog, Stefan (2018-01-12). "Systematic Literature Review on Usability of Firewall Configuration". ACM Computing Surveys. 50 (6): 1–35. doi:10.1145/3130876. ISSN 0360-0300. S2CID 6570517.
Wikimedia Commons has media related to Firewall
Last edited on 8 May 2021, at 17:26
Content is available under CC BY-SA 3.0
unless otherwise noted.