Firewalls – Dedicated Proxy Servers

Dedicated proxy servers differ from application-proxy and circuit-level gateways in that while they retain proxy control of traffic, they do not have firewalling capabilities.

Although dedicated proxy servers are not firewalls, they are described in this section because of their close relationship to application-proxy gateway firewalls and circuit-level gateway firewalls. Many proxies are application-specific, and some actually perform analysis and [..]

Firewalls – Application Proxy Gateways

An application-proxy gateway is a feature of advanced firewalls that combines lower layer access control with upper layer functionality. These firewalls contain a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other, and never allows a direct connection between the two hosts.

Each successful connection attempt actually results in the creation of two separate connections—one between the client and the proxy server, and [..]

Firewalls | Packet Filtering

The most basic feature of a firewall is the packet filter. Firewalls that are only packet filters—also known as stateless inspection firewalls—are essentially routing devices that provide access control functionality for host addresses and communication sessions. Unlike more advanced filters, packet filters are not concerned about the content of packets.

Their access control functionality is governed by a set of directives referred to as a ruleset. Packet filtering capabilities are built [..]

Overview of Firewall Technologies

Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments.

For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as personnel or accounting. An organization [..]

Digital Signature

A digital signature is an electronic analogue of a written signature; the digital signature can be used to provide assurance that the claimed signatory signed the information. In addition, a digital signature may be used to detect whether or not the information was modified after it was signed (i.e., to detect the integrity of the signed data). These assurances may be obtained whether the data was received in a transmission [..]

IPv6

IPv6 is a new version of IP that is increasingly being deployed. Although IPv6’s internal format and address length differ from those of IPv4, many other features remain the same—and some of these are relevant to firewalls.

For the features that are the same between IPv4 and IPv6, firewalls should work the same. For example, blocking all inbound and outbound traffic that has not been expressly permitted by the firewall policy [..]

Firewalls and Network Architectures

Firewalls are used to separate networks with differing security requirements, such as the Internet and an internal network that houses servers with sensitive data. Organizations should use firewalls wherever their internal networks and systems interface with external networks and systems, and where security requirements vary among their internal networks. This section is intended to help organizations determine where firewalls should be placed, and where other networks and systems should be [..]

Computer security

What is computer security?

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as “intruders”) from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, [..]

Security – Principles of Authentification

The broadest definition of authentication within computing systems encompasses identity verification, message origin authentication, and message content authentication.
The concept of identity verification specifically applies to principals with information processing and decision making capabilities, including human users, computing systems and processes executing on those systems. From an authentication standpoint, the term “user” applies to all these principals. This guideline focuses on technology and techniques for verifying the identity of human users [..]

Electronic Credentials

Paper credentials are documents that attest to the identity or other attributes of an individual or entity called the subject of the credentials. Some common paper credentials include passports, birth certificates, driver’s licenses, and employee identity cards.

The credentials themselves are authenticated in a variety of ways: traditionally perhaps by a signature or a seal, special papers and inks, high quality engraving, and today by more complex mechanisms, such as [..]