A D V E R T I S E M E N T
In computing, a firewall is a piece of hardware and/or
software which functions in a networked environment to prevent some
communications forbidden by the security policy, analogous to the function of
firewalls in building construction. A firewall is also called a Border
Protection Device (BPD), especially in NATO contexts, or packet filter in BSD
contexts. A firewall has the basic task of controlling traffic between different
zones of trust. Typical zones of trust include the Internet (a zone with no
trust) and an internal network (a zone with high trust). The ultimate goal is to
provide controlled connectivity between zones of differing trust levels through
the enforcement of a security policy and connectivity model based on the least
Proper configuration of firewalls demands skill from the administrator. It
requires considerable understanding of network protocols and of computer
security. Small mistakes can render a firewall worthless as a security tool.
History of Firewalls
Firewall technology first began to emerge in the late 1980s.
Internet was still a fairly new technology in terms of its global usage and
connectivity. The original idea was formed in response to a number of major
internet security breaches, which occurred in the late 1980s. In 1988 an
employee at the NASA Ames Research Center in California sent a memo by email to
his colleagues that read, "We are currently under attack from an Internet VIRUS!
It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames."
This virus known as the Morris Worm was carried by e-mail and is now a common
nuisance for even the most innocuous domestic user. The Morris Worm was the
first large scale attack on Internet security, of which the online community
neither expected, nor were prepared for. The internet community made it a top
priority to combat any future attacks from happening and began to collaborate on
new ideas, systems and software to make the internet safe again.
The first paper published on firewall technology was in 1988, when Jeff Mogul
from Digital Equipment Corp. developed filter systems know as packet filter
firewalls. This fairly basic system was the first generation of what would
become a highly evolved and technical internet security feature. From 1980-1990
two colleagues from AT&T Bell Laboratories, Dave Presetto and Howard Trickey,
developed the second generation of firewalls known as circuit level firewalls.
Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T
laboratories and Marcus Ranum described a third generation firewall known as
application layer firewall, also known as proxy-based firewalls. Marcus Ranum's
work on the technology spearheaded the creation of the first commercial product.
The product was released by Digital Equipment Corporation's (DEC) who named it
the SEAL product. DEC’s first major sale was on June 13, 1991 to a chemical
company based on the East-Coast of the USA.
At AT&T Bill Cheswick and Steve Bellovin were continuing their research in
packet filtering and developed a working model for their own company based upon
their original 1st generation architecture. In 1992, Bob Braden and Annette
DeSchon at the University of Southern California were developing their own
fourth generation packet filter firewall system. The product known as “Visas”
was the first system to have a visual integration interface with colours and
icons, which could be easily implemented to and accessed on a computer operating
system such as Microsoft's Windows or Apple's Mac/OS. In 1994 an Israeli company
called Check Point Software Technologies built this in to readily available
software known as FireWall-1. A second generation of proxy firewalls was based
on Kernel Proxy technology. This design is constantly evolving but its basic
features and codes are currently in widespread use in both commercial and
domestic computer systems. Cisco, one of the largest internet security companies
in the world released the product to the public in 1997.
The new Next Generation Firewalls leverage their existing deep packet inspection
engine by sharing this functionality with an Intrusion-prevention system.
Types of firewalls
There are three basic types of firewalls depending on:
Whether the communication is being done between a single
node and the network, or between two or more networks.
Whether the communication is intercepted at the network
layer, or at the application layer.
Whether the communication state is being tracked at the
firewall or not.
With regard to the scope of filtered communications there
Personal firewalls, a software application which normally
filters traffic entering or leaving a single computer.
Network firewalls, normally running on a dedicated
network device or computer positioned on the boundary of two or more
networks or DMZs (demilitarized zones). Such a firewall filters all traffic
entering or leaving the connected networks.
The latter definition corresponds to the conventional,
traditional meaning of "firewall" in networking.
In reference to the layers where the traffic can be
intercepted, three main categories of firewalls exist:
Network layer firewalls. An example would be iptables.
Application layer firewalls. An example would be TCP
Application firewalls. An example would be restricting
ftp services through /etc/ftpaccess file
These network-layer and application-layer types of firewall
may overlap, even though the personal firewall does not serve a network; indeed,
single systems have implemented both together.
There's also the notion of application firewalls which are
sometimes used during wide area network (WAN)
networking on the world-wide web and govern the system software. An extended
description would place them lower than application layer firewalls, indeed at
the Operating System layer, and could alternately be called operating system
Lastly, depending on whether the firewalls keeps track of the
state of network connections or treats each packet in isolation, two additional
categories of firewalls exist:
The objective of this online tutorial is to provide free tutorial for beginners
and intermediate users. This tutorial employed a user-friendly approach by using
very simple language to explain the technical terms of programming, and included
a lot of interesting examples.