smad/org-roam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

brain initiation

Browse Source
This commit is contained in:
smad
2025-11-05 09:18:11 +01:00
commit 933aa8a985
191 changed files with 6203 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
20231018121004-firewall.org Normal file
View File

@@ -0,0 +1,34 @@
:PROPERTIES:
:ID: b9047be5-edca-4eca-8bac-c45e03373942
:END:
#+title: Firewall
Firewall is a network security device that monitors and filters incoming and outgoing [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networks]] [[id:20efb455-5575-4b8b-857f-7c337bee644c][traffic]] based on an organizations previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewalls main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.
Firewalls are categorized as a network-based or a host-based system. Network-based firewalls are positioned between two or more networks, typically between the local area network ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]) and wide area network ([[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]]), their basic function is to control the flow of data between connected networks. They are either a software appliance running on general-purpose [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]], a hardware appliance running on special-purpose hardware, or a virtual appliance running on a virtual host controlled by a hypervisor. Firewall appliances may also offer non firewall functionality, such as [[id:06b466a8-05ae-4bbd-820d-2d80461767fd][DHCP]] or [[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]] services. Host-based firewalls are deployed directly on the host itself to control network traffic or other computing resources. This can be a [[id:e108b31b-23c1-47fe-a794-84e41bc45044][daemon]] or service as a part of the [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]] or an agent application for protection.
* Types
The first reported type of network firewall is called a [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]] filter, which inspects packets transferred between computers. The firewall maintains an access-control list which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with Internet Control Message Protocol or TCP reset response to the sender, and forward to the next hop. Packets may be filtered by source and destination [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] addresses, [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]], source and destination [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]]. The bulk of Internet communication in 20th and early 21st century used either Transmission Control Protocol ([[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]]) or User Datagram Protocol ([[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]]) in conjunction with well-known ports, enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers.
** packet filter
The first paper published on firewall technology was in 1987 when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture. In 1992, Steven McCanne and Van Jacobson released a paper on BSD Packet Filter (BPF) while at Lawrence Berkeley Laboratory.
** connection tracking
From 19891990, three colleagues from AT&T Bell Laboratories, Dave Presotto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them circuit-level [[id:d1d940e1-2ddb-405a-8876-2480bdcab749][gateway]].
Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes.
** application layer filtering
The key benefit of application layer filtering is that it can understand certain applications and protocols such as File Transfer Protocol ([[id:7fb31a9c-b252-493f-958b-e2d330047b18][FTP]]), Domain Name System ([[id:80666401-173e-4828-9c29-552dab716946][dns]]), or Hypertext Transfer Protocol (HTTP). This allows it to identify unwanted applications or services using a non standard [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]], or detect if an allowed protocol is being abused. It can also provide unified security management including enforced encrypted DNS and virtual private networking.
As of 2012, the next-generation firewall provides a wider range of inspection at the application layer, extending deep packet inspection functionality to include, but is not limited to:
- Web filtering
- Intrusion prevention systems
- User identity management
- Web application firewall
** endpoint specific filtering
Endpoint-based application firewalls function by determining whether a process should accept any given connection. Application firewalls filter connections by examining the process ID of data packets against a rule set for the local process involved in the data transmission. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers. Application firewalls that hook into socket calls are also referred to as socket filters.