Defining “Firewalls” [Updated]

In my day job I work as Information Security Engineer.

I have been having a bit of a friendly mini-debate with a few co-workers as to what exactly constitutes a firewall (e.g. “is a firewall a single device or a set of device?”, “is the firewall just that thing doing stateful inspection, or is it the outbound user proxy server for web access”). Before starting to update policies and procedures to reflect a consensus definition, I decided to look up other sources and not just rely on my own judgment – though I am sure I am right :-).

I was surprised by the diversity.

FFIEC IT Examination Handbook

A firewall is a collection of components (computers, routers, and software) that mediate access between different security domains. All traffic between the security domains must pass through the firewall, regardless of the direction of the flow. Since the firewall serves as an access control point for traffic between security domains, they are ideally situated to inspect and block traffic and coordinate activities with network intrusion detection systems (IDSs).

Financial institutions have four primary firewall types from which to choose:
packet filtering, stateful inspection, proxy servers, and application-level firewalls. Any product may have characteristics of one or more firewall types.

NIST Publication – Guidelines on Firewalls and Firewall Policy

Network firewalls are devices or systems that control the flow of network
traffic between networks employing differing security postures.
[…]
Firewalls can also act as Virtual Private Network (VPN) gateways. Thus, an organization or agency can send unencrypted network traffic from systems behind the firewall to other remote systems behind a cooperating VPN gateway; the firewall encrypts the traffic and forwards it to the remote VPN gateway, which decrypts it and passes it on to the destination systems.
[…]
A firewall environment is a collection of systems at a point on a network that together constitute a firewall implementation. A firewall environment could consist of one device or many devices such as several firewalls, intrusion detection systems, and proxy servers.

PCI Data Security Standard v1.1

Firewalls are computer devices that control computer traffic allowed into and out of a company’s network, as well as traffic into more sensitive areas within a company’s internal network. A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria.

Wikipedia Entry on Firewalls

A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust.

Firewalls Mailing List – Firewall FAQ v10.4

A firewall is a system or group of systems that enforces an access control policy between two or more networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don’t have a good idea of what kind of access you want to allow or to deny, a firewall really won’t help you. It’s also important to recognize that the firewall’s configuration, because it is a mechanism for enforcing policy, imposes its policy on everything behind it. Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility.

Inside Network Perimeter Security 2nd Ed by Northcutt et al

A firewall is a chokepoint device that has a set of rules specifying what traffic it will allow or deny to pass through it. A firewall typically picks up where the border router leaves off and makes a much more thorough pass at filtering traffic.

Security Engineering by Ross J. Anderson

This is a machine that stands between a local network and the Internet, and filters out traffic that might be harmful.


Building Internet Firewalls (2nd Edition) by Zwicky et al

A component or set of components that restricts access between a protected network and the Internet, or between other sets of networks.

Windows Server System Reference Architecture – Firewall Services Blueprint

A firewall is a mechanism for controlling the flow of IP traffic between two networks. Firewall devices typically operate at L3 of the OSI model, although some models can operate at higher levels as well.

Firewalls generally provide the following benefits: Defending internal servers from network attacks, Enforcing network usage and access policies, Monitoring traffic and generating alerts when suspicious patterns are detected.

It is important to note that firewalls mitigate only certain types of security risks. This is important to note, as many organizations feel protected with a firewall alone. A firewall typically does not prevent the damage that can be inflicted against a server with a software vulnerability. Firewalls should be implemented as part of an organization’s comprehensive security architecture.

I  decided upon this definition: A Firewall is what I say a #$*&#@& firewall is.

I will edit it a bit before I update the official written policy.

About these ads

One Response

  1. Here is what I went with at the time:

    A firewall is a device or set of devices configured to permit, deny, encrypt, or proxy all computer traffic between different security domains based upon security criteria.

    I would go with this today:

    A firewall is a device or set of devices configured to permit, deny, encrypt, or proxy all computer traffic between different security domains based upon a set of rules or other criteria.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 224 other followers

%d bloggers like this: