TAYBENGH@NUSDISCS.BITNET (01/04/91)
Hi, Could somebody explain to me what actually the "firewall" means? Please forgive me if abuse this net to ask this simple question. Thanks a lot. - Beng Hang (email: taybengh@nusdiscs.bitnet)
rpw3@rigden.wpd.sgi.com (Rob Warnock) (01/04/91)
In article <9101031150.AA08506@ucbvax.Berkeley.EDU> TAYBENGH@NUSDISCS.BITNET writes: +--------------- | Hi, Could somebody explain to me what actually the "firewall" means? +--------------- In the architecture of buildings (and automobiles), a "firewall" is a wall (or partition) which is specially constructed to resist the spread of fire throughout the structure. This is especially helpful in buildings which are divided into offices by rather flimsy partitions. Properly located firewalls can reduce the overall damage to the building during a conflagaration. For a firewall to be effective, and openings in it (such as doorways or corridors) such be automatically sealed in the case of fire (such closures are often called "fire doors"). In automobiles, the "firewall" is the partition between the passenger compartment and the engine compartment, which in the case of a crash (hopefully) separates the passengers from a possible subsequent fire. In networking, a "firewall" is a boundary (gateway or host) between two networks which has been specially constructed or configured to resist the inadvertent leakage of undesired traffic from one network to another, thus (hopefully) protecting less-robust systems which lie behind the firewall. A typical configuration is to have but a single host which is actually "on the Internet". That host is also connected to your internal network, but the networking software is configured to disallow logins *through* the firewall host. Instead, internal users log onto the firewall, and from there FTP (or whatever) out into the Internet, later copying the results back into the internal network. No IP packets actually traverse the firewall (i.e., "IP forwarding" is disabled.) Other configurations are possible. Another popular one is to have a gateway (router) with some form of "filtering" on IP packets, so that connections are allowed through the firewall only to selected, (hopefully) robust hosts, and then only to selected destination ports (services). Like any other security procedure, a "firewall" is only as strong as its weakest component. Nevertheless, many people feel more confident about focussing their protection efforts in one place than in trying to protect hundreds of different hosts of a variety of manufacturers (and with a variety of configurations). As the saying goes, "Go ahead and put all your eggs in one basket... THEN WATCH THAT BASKET!" -Rob ----- Rob Warnock, MS-9U/515 rpw3@sgi.com rpw3@pei.com Silicon Graphics, Inc. (415)335-1673 Protocol Engines, Inc. 2011 N. Shoreline Blvd. Mountain View, CA 94039-7311