Firewall related terminology

Here are some common firewall-related terminologies:

1. Firewall: A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security policies. It acts as a barrier between trusted internal networks and untrusted external networks, such as the Internet.
2. Packet Filtering: Packet filtering is a basic firewall technique where network packets are inspected based on predefined rules. The firewall analyzes packet headers (source/destination IP addresses, ports, protocols) and makes decisions to allow, block, or redirect packets.
3. Stateful Inspection: Stateful inspection is a firewall mechanism that tracks the state of network connections. It keeps track of the context of connections, allowing more advanced inspection and enforcement of security policies based on the connection’s state.
4. Access Control List (ACL): An Access Control List is a set of rules or policies used by a firewall to determine whether to allow or block network traffic. ACLs define criteria such as IP addresses, ports, and protocols to control access to or from specific network resources.
5. Demilitarized Zone (DMZ): A DMZ is a network segment that sits between an organization’s internal network and the external network, typically the Internet. It is used to host public-facing servers or services that need to be accessible to external users while providing an additional layer of security through firewall protection.
6. NAT (Network Address Translation): Network Address Translation is a technique used by firewalls to translate private IP addresses used within an internal network to public IP addresses used on the Internet. NAT helps conserve public IP addresses and provides an additional level of security by hiding internal network structure.
7. VPN (Virtual Private Network): A Virtual Private Network is a secure connection established over the Internet or other untrusted networks. Firewalls can provide VPN functionality to enable secure remote access to internal networks, encrypting the communication between remote users and the internal network.
8. Intrusion Detection System (IDS): An Intrusion Detection System is a security tool or software that monitors network traffic for signs of malicious activities or unauthorized access attempts. It detects and alerts administrators about potential security breaches or attacks.
9. Intrusion Prevention System (IPS): An Intrusion Prevention System is an advanced security tool that not only detects but also actively blocks or prevents network threats and attacks. It can take immediate actions to stop or mitigate the impact of detected security incidents.
10. Unified Threat Management (UTM): Unified Threat Management refers to a comprehensive security solution that combines multiple security functions into a single device or software. It often includes firewall, antivirus, intrusion detection/prevention, content filtering, and VPN capabilities, providing a centralized and integrated approach to network security.

These are some common terms related to firewalls and network security. Understanding these terms can help in discussions and implementations of firewall solutions to enhance network security.

A standard firewall terminology helps remove the confusion surrounding firewall technology.RFC 2647 (Benchmarking Terminology for Firewall Performance, August 1999) is one document that attempts to establish such terminology. The most important terms it describes are outlined next. Refer to the RFC for a more complete description. The following list has been reordered for clarity and reworded for conciseness.

• Firewall A device or group of devices that enforces an access control policy among networks. Firewalls connect protected and unprotected networks, or support tri-homing, which allows a DMZ network.
• Protected network A network segment or segments to which access is controlled. Protected networks are sometimes called “internal networks,” but RFC 2647 states that the term is inappropriate because firewalls increasingly are deployed within an organization, where all segments are by definition internal.
• Unprotected network A network segment or segments to which access is not controlled by the firewall.
• Demilitarized zone (DMZ) A network segment or segments located between protected and unprotected networks. The DMZ may not be connected to the protected network in any way. The DMZ may also include perimeter defense systems. For example, The DMZ can be made to look like it is part of the protected network, luring hackers into traps that log their activities and attempt to track the source of the activity.
• Dual-homed firewall A firewall with two interfaces, one attached to the protected network and one attached to the unprotected network.
• Tri-homed firewall A tri-homed firewalls connect three network segments with different network addresses. Typically, these would be protected, DMZ, and unprotected segments.
• Proxy A request for a connection made on behalf of a host. A proxy stands between the protected and unprotected network. Think of a quarantined area where people on the inside use a telephone to talk to people on the outside. All external connections leading into the proxy terminate at the proxy. This effectively eliminates IP routing between the networks. The proxy repackages the messages into new packets that are allowed into the internal network. The proxy also terminates internal traffic that is headed out to the Internet and repackages it in a new packet with the source IP address of the proxy, not the internal host. Most important, the proxy inspects and filters traffic. A predefined “rule set” is used to determine which traffic should be forwarded and which should be rejected. There are two types of proxies: application proxies and circuit proxies, as described shortly.
• Network address translation A method of mapping one or more private, reserved IP addresses to one or more public IP addresses. NAT was defined to conserve IPv4 address space and refer to a specific block of IP addresses that are never recognized or routed on the Internet. It allows organizations to use their own internal IP addressing scheme. A NAT device translates between internal and external addresses, and is usually combined with proxy services. NAT devices are implemented in firewalls to support the private addressing scheme as defined in RFC 1918 .
• Application proxy A proxy service that is set up and torn down in response to a client request, rather than existing on a static basis (as is the case with circuit proxies). The application proxy performs all of the services of a proxy, but for specific applications. In contrast, a basic proxy performs generic packet filtering. The application proxy only processes packets related to the applications that it supports. If code is not installed for an application, those incoming packets are dropped. Packets are only forwarded after a connection has been made, which is subject to authentication and authorization.
• Circuit proxy A proxy service that statically defines which traffic will be forwarded. The circuit proxy is a special function performed by application proxies, usually to support proxy connection between internal users and outside hosts. The packets are relayed without performing any extensive processing or filtering because the packets are from trusted internal users, and they are going outside. However, packets that return in response to these packets are fully examined by the application proxy services.
• Policy A document defining acceptable access to protected, DMZ, and unprotected networks. Security policies set general guidelines for what is and is not acceptable network access.
• Rule set The collection of access control rules that determines which packets are forwarded or dropped.
• Allowed traffic Packets forwarded as a result of the rule set.
• Illegal traffic Packets specified for rejection in the rule set.
• Rejected traffic Packets dropped as a result of the rule set.
• Authentication The process of verifying that a user requesting a network resource is who he, she, or it claims to be, and vice versa. The entity being authenticated might be the client machine or a user, so authentication may take the form of verifying IP addresses, TCP or UDP port numbers, and passwords. Other advanced forms of identification include token cards and biometrics.
• Security association The set of security information related to a given network connection or set of connections. This definition covers the relationship between policy and connections. Associations may be set up during connection establishment, and they may be reiterated or revoked during a connection.
• Packet filtering The process of controlling access by examining packets based on the content of packet headers. Header information, such as IP address or TCP port number, is examined to determine whether a packet should be forwarded or rejected, based on a rule set.
• Stateful packet filtering The process of forwarding or rejecting traffic based on the contents of a state table maintained by a firewall. When stateful filtering is used, packets are only forwarded if they belong to a connection that has already been established and that is being tracked in a state table.
• Logging The recording of user requests made to the firewall. All requests are typically logged, including allowed, illegal, and rejected traffic.