About Us  |  Services  | Recruitment  |  Advertise  | Contact

 

Computer Network Defence Ltd

IDS & IPS Products
Scanning Products
VPN & Firewall Products
UTM
Desktop Fwall Software
Host IPS
SoHo Fwall Appliance
Enterprise Fwall Appliance
Gateway Fwall Software
Telephony Firewalls
VPN Clients
VPN Servers
Fwall Rule Editors/Testers
UTM Appliance
Forensics Solutions
Content Protection
Training Courses
Raw Packets
Bug Sweeping / TSCM
Miscellaneous
Services


Firewalls
A firewall is considered a first line of defense in protecting private information. Firewalls can be implemented in both hardware and software, or a combination of both. For greater security, data can be encrypted, for example with a VPN tunnel.

Scroll down for more detailed category descriptions.

Glossary for firewall terms and acronyms

Articles and Other Items

Last Reviewed by Michele Jordan 12 May 2006


Articles and Other Information
 Choosing a Firewall -  An article dated Jul. 2004 at windowsnetworking.com that goes over firewall basics and ideas.

How to choose the right Enterprise Firewall - An article from 4 years ago, but gives a good overview of the basic firewall types.

Three Blind Phreaks: How the phone-phreaking Badir brothers ran rings around Israel's telcos for six scam-filled years.  An interesting article about PBX and Telco fraud.  From February 2004.

 

Desktop Firewall Software
Software that is used to protect individual Internet-connected computers from intrusion, and is especially useful for home and business users with "always-on" connections such as DSL or cable modem.  Often bundled with anti-spyware or anti-virus software as a "security suite".
Also called: Personal Firewall Software.

Host IPS
Firewalls protect a host by monitoring network packets and attempting to identify good vs. bad traffic. A complement program to firewalls is Host Intrustion Prevention Systems (HIPS).

HIPS works to protect a host by monitoring applications that execute.  HIPS tries to look at what the program does, either by intercepting system calls or watching packets or other system activity. These may be rule based or may assign scores for certain activity.

SOHO Firewall Appliance
SOHO (Single Office/Home Office) Firewall Appliances are dedicated hardware/software solutions designed for small company or home networks, typically less than 25 computers.  Many of the firewall appliances also act as routers, and offer other services such as VPN, content scanning, and virus scanning.  Many offer functionality required by remote offices to connect to the central office as well.

Enterprise Firewall Appliance
An Enterprise firewall appliance is a turnkey hardware/software device that has most components pre-installed and pre-configured, and manages a security policy for an entire enterprise. An enterprise firewall appliance must be able to log to a central control console to be considered enterprise ready.

Gateway Firewall Software - Enterprise
A software based enterprise firewall is a software package that gets installed on top of an operating system and manages a security policy for an entire enterprise. This is typically installed as a gateway between the Internet and the Enterprise network, but can also be deployed inside the network for internal compartmentalization. Many come with Management software components to help manage multiple devices in the network.

 

Telephony Firewalls
A telephony firewall is designed to protect a telephone exchange or PBX, reporting on a variety of attacks, commonly referred to as phreaking . This may range from misuse, for example if a preset threshold of particular calls is exceeded, to attacks against the exchange such as wardialing, where many telephone extensions are called in order to solicit information about the end user device.

This section also includes VoIP or SIP-Aware firewalls. SIP-aware firewalls have the ability to inspect the packets coming into the firewall and distinguish SIP voice traffic from regular data, to allow SIP traffic to pass through without having to open ports, which opens the door to security issues.

VPN Clients
A VPN Client is most often a software program but can also be hardware as well (usually another VPN router). The client initiates a conversation with the server and attempts to authenticate and log on. If authentication is successful then the VPN client and VPN server are able to communicate as if they were on the same network. At this point they are on the same virtual network.

VPN Servers
A VPN server is the piece of hardware or software acting as the gateway into an entire network or just a single computer. In most scenarios it is always on and listening for VPN clients to connect to it and authenticate. This category also includes peer-to-peer VPN products.

Firewall Rule Editors/Testers
Firewalls are only as good as the configuration given them by the administrator. Rule order, precedence, and options all affect the performance and security of a firewall. There are many applications available that will allow easier management of firewall rules. This page includes text and GUI interfaces to text-based rule firewalls, or applications that manage rule sets across multiple platforms. This page also lists firewall rule testing software and websites.

UTM Appliances
Unified Threat Management (UTM) Appliances are "all in one" appliances, typically combining some combination of the following functionalities into a single network appliance: firewall, vpn, anti-virus, anti-spam, anti-spyware, and intrusion detection/prevention. The benefit is a single appliance to install, configure, monitor and maintain.

Glossary

 

Definitions for many firewall terms


Firewall - A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

 

Firewall techniques  In practice, many firewalls use two or more of these techniques in concert.

Packet Filter - Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

Application gateway - Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

Circuit-level gateway - Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy Server - Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

 

SOHO - Short for small office/home office, a term that refers to the small or home office environment and the business culture that surrounds it.  A SOHO is also called a virtual office.

 

UTM - short for Unified Threat Management.  A comprehensive security product that includes protection against multiple threats. A UTM product typically includes a firewall, antivirus software, content filtering and a spam filter in a single integrated package.

 

VPN - (pronounced as separate letters) Short for virtual private network.  A VPN is a secure, private tunnel between two or more devices across a public network such as the internet. A VPN device can be anything from a standard PC with VPN software installed on it to a dedicated hardware device called a VPN router.

At the very basic a VPN allows computers at different locations to communicate with each other in a safe and secure environment. This can be two computers at different offices or thousands of computers on different networks around the world.

A VPN is secure because it employs very strong encryption to protect your data as it travels across the internet. Even if a hacker or snooper were to try to eavesdrop on the communication they wouldn't be able to understand it because all the data is so highly encrypted. Another important security aspect of VPN technology is that VPN devices continuously monitor their data traffic in very sophisticated ways that ensure information is never altered while travelling across the public network.

 

 VPN Server - A VPN server is the piece of hardware or software acting as the gateway into an entire network or just a single computer. In most scenarios it is always on and listening for VPN clients to connect to it and authenticate.

VPN Client - A VPN Client is most often a software program but can also be hardware as well (usually another VPN router). The client initiates a conversation with the server and attempts to authenticate and log on. If authentication is successful then the VPN client and VPN server are able to communicate as if they were on the same network. At this point they are on the same virtual network.

 

VPN Protocols - There are two major protocols (or languages) that VPN technology employs to communicate. Microsoft uses PPTP or Point to Point Tunneling Protocol whereas almost everyone else uses IPSec - Internet Protocol Security. Microsoft has updated Windows 2000 professional and XP to support IPSec. Similar updates are also available for Microsoft's non business systems such as Windows 98 and ME.

PPTP has good encryption and also features authentication for verifying a user ID and password. IPSec is purely an encryption model and is much safer but does not include authentication routines. A third standard, L2TP - Layer 2 Tunnel Protocol is IPSec with authentication built in. Microsoft operating systems now also support L2TP.

 
 

Information updated: 12 May 06
 

Click Here To Go To The Top Of The Page

Last page update:  22 June 2007

 

Computer Network Defence Ltd
Information Security Consultancy and Recruiting
 enquiries@securitywizardry.com 

Copyright © 2004 Computer Network Defence Ltd. All Rights Reserved.

PO Box 2680, Corsham, Wiltshire, SN13 0ZR, UK
Phone       0870 3219014
International +44 (0) 1225 811806