Alan Freedman -- The Computer Language Company - Computer Desktop Encyclopedia
Computer Desktop Encyclopedia
Longest-Running Tech Reference on the Planet

A CDE Definition

You'll love The Computer Desktop Encyclopedia (CDE) for Tech Term of the Day (TTOD)

LOOK UP ANOTHER TERM


firewall techniques

See firewall methods.



firewall methods

Following are the different methods used to provide firewall protection, and several of them are often used in combination. See firewall.

Network Address Translation (NAT)
Allows one IP address, which is shown to the outside world, to refer to many internal IP addresses; one on each client station. It performs the conversion back and forth. The most basic firewall, NAT is built into routers, and any user's computer that shares its Internet connection with others uses a software version. See NAT.

Stateful Inspection
Tracks the transaction to ensure that inbound packets were requested by the user. It generally can examine multiple layers of the protocol stack, including the data if required, so that blocking can be made at any depth. See stateful inspection.

Packet Filter
Blocks traffic based on a specific Web address (IP address) or type of application (email, ftp, Web, etc.), which is specified by port number. Packet filtering is typically done in a router, which is known as a "screening router." See TCP/IP port and bastion host.

Proxy Server
Serves as a relay between two networks, breaking the connection between the two. It also typically caches Web pages (see proxy server).






Protected and More Protected
In the top diagram, the internal network is protected by only one screening router (a router with packet filtering). If servers on the internal network provide services to Internet users, this offers minimal protection against an attack. The use of two screening routers in the bottom diagram offers two points of protection from the outside world to the internal LAN.






Firewall Management
Elron Firewall was a product that combined stateful inspection, multilayer packet analysis and network address translation (NAT) to secure a network. The left column scrolled down to more than 70 user services. (Screen example courtesy of Elron Software, acquired in 2003 by Zix Corporation, www.zixcorp.com)






Personal Use Only

Before/After Your Search Term
BeforeAfter
FirefoxFireWire
Firefox add-onFireWire 1600
Firefox appFireWire 3200
Firefox extensionFireWire 400
Firefox OSFireWire 800
Firefox plug-inFireWire drive
firewallFireWire hard drive
firewall applianceFireWire port
firewall methodsFirey engine
firewall routerfirmware

Terms By Topic
Click any of the following categories for a list of fundamental terms.
Computer Words You Gotta KnowSystem design
Job categoriesUnix/Linux
Interesting stuffPersonal computers
InternetIndustrial Automation/Process Control
Communications & networkingAssociations/Standards organizations
HistoryDesktop publishing
Audio/VideoGraphics
MainframesSecurity
ProgrammingHealthcare IT
System design