|
A system composed of hardware or
software, or both, that enforces access control between two networks.
Usually between a private
local area networks, and the public internet. Most firewalls are
installed to prevent unauthorised access to networks by potentially
malicious outsiders, although they are often used in corporate environments
to control the use of internet resources by employees. Home users are
increasingly vulnerable to attack by crackers armed with port
scanners, especially those with always-on connections via cable or
adsl , and personal firewalls are now available that are designed to
protect individual pcs. The latest versions of popular operating
systems now include firewalls as standard.
Firewalls are
flexible tools that can be configured to provide security at many levels.
Some allow only e-mail traffic, for example, and others block only incoming
traffic from specific sites or services. they may also provide logging and
auditing functions, allowing administrators to see how much and what sort of
traffic passed across the network, how many illegal access attempts
were made and even where those attempts came from. This is a potentially
useful way of tracking down intruders. Personal firewalls may also stop
outgoing traffic from a pc, preventing malware such as
Trojan Horses and viruses from "phoning home" or redistributing
itself.
Although often seen as the ultimate in network security, no
firewall can prevent an employee walking out of the building with a bag full
of corporate data stored on disk or tape; equally, a firewall may not be
able to protect a network that allows dialup access to a modem pool
or a maintenance port on a photocopier. Increasingly, firewalls are being
sen as tools that reinforce a comprehensive overall approach to security
rather than the last line of a network's defence. A new generation of
distributed firewalls attempts to provide security for every point on the
network, rather than a single barrier that can easily be stepped around. |
