91 relations: Access control list, Air gap (networking), Application firewall, Bastion host, Bell Labs, Berkeley Software Distribution, Circuit-level gateway, Comparison of firewalls, Computer security, Computing, Cyberoam, Daemon (computing), De-perimeterisation, Deep packet inspection, Denial-of-service attack, Digital Equipment Corporation, Distributed firewall, Domain Name System, Dynamic Host Configuration Protocol, Egress filtering, End-to-end principle, Endpoint security, File Transfer Protocol, Firewall (construction), Firewall (engine), Firewall pinhole, Firewalls and Internet Security, FreeBSD, Golden Shield Project, Guard (information security), Hypertext Transfer Protocol, Identity management, Identity-based security, Internet, Internet Control Message Protocol, Internet protocol suite, Intranet, Intrusion detection system, IP address spoofing, IP fragmentation attack, Ipchains, IPFilter, Ipfirewall, Layered security, Linux, List of router and firewall distributions, List of TCP and UDP port numbers, Local area network, MacOS, Mandatory access control, ..., Mangled packet, NetBSD, Netfilter, Network address, Network address translation, Network monitoring, Network packet, Network security, Network traffic, Next-generation firewall, Node (networking), NPF (firewall), OpenBSD, Operating system, OSI model, Personal firewall, PF (firewall), Port (computer networking), Protocol stack, Red/black concept, Sandbox (computer security), Screened-subnet firewall, Security hacker, Software appliance, Spoofing attack, Stateful firewall, Steven M. Bellovin, Telnet, Transmission Control Protocol, Trusted Information Systems, Unidirectional network, Unix, User Datagram Protocol, Virtual firewall, Virtual private network, Vulnerability scanner, Web application firewall, Wide area network, William Cheswick, Windows Firewall, Windows service. Expand index (41 more) » « Shrink index
An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object.
An air gap, air wall or air gapping is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.
An application firewall is a form of firewall that controls input, output, and/or access from, to, or by an application or service.
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks.
Nokia Bell Labs (formerly named AT&T Bell Laboratories, Bell Telephone Laboratories and Bell Labs) is an American research and scientific development company, owned by Finnish company Nokia.
Berkeley Software Distribution (BSD) was a Unix operating system derivative developed and distributed by the Computer Systems Research Group (CSRG) of the University of California, Berkeley, from 1977 to 1995.
A circuit-level gateway is a type of firewall.
The following is a comparison of notable firewalls, starting from simple home firewalls up to the most sophisticated Enterprise-level firewalls.
Cybersecurity, computer security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.
Computing is any goal-oriented activity requiring, benefiting from, or creating computers.
Cyberoam Technologies, a Sophos Company, is a global Network Security appliances provider, with presence in more than 125 countries.
In multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user.
In information security, de-perimeterisation is the removal of a boundary between an organisation and the outside world.
Deep packet inspection is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly.
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Digital Equipment Corporation, also known as DEC and using the trademark Digital, was a major American company in the computer industry from the 1950s to the 1990s.
A firewall is a system or group of systems (router, proxy, or gateway) that implements a set of security rules to enforce access control between two networks to protect the "inside" network from the "outside" network.
The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.
In computer networking, egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another.
The end-to-end principle is a design framework in computer networking.
Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices.
The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.
A firewall is a fire-resistant barrier used to prevent the spread of fire for a prescribed period of time.
In automotive engineering, the firewall is the part of the automobile body (unibody or body-on-frame) that separates the engine compartment from the passenger compartment (driver and passengers).
In computer networking, a firewall pinhole is a port that is not protected by a firewall to allow a particular application to gain access to a service on a host in the network protected by the firewall.
Firewalls and Internet Security: Repelling the Wily Hacker, a 1994 book by William R. Cheswick and Steve Bellovin, helped define the concept of a network firewall.
FreeBSD is a free and open-source Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD).
The Golden Shield Project, also named National Public Security Work Informational Project, is the Chinese nationwide network-security fundamental constructional project by the e-government of the People's Republic of China.
In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints.
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems.
Identity management, also known as identity and access management (IAM) is, in computer security, the security and business discipline that "enables the right individuals to access the right resources at the right times and for the right reasons".
Identity-based security is an approach to control access to a digital product or service based on the authenticated identity of an individual.
The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide.
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite.
The Internet protocol suite is the conceptual model and set of communications protocols used on the Internet and similar computer networks.
An intranet is a private network accessible only to an organization's staff.
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.
In computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system.
IP fragmentation is the process of breaking up a single Internet Protocol (IP) packet into multiple packets of smaller size.
Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter or firewall capabilities in the 2.2 series of Linux kernels.
IPFilter (commonly referred to as ipf) is an open-source software package that provides firewall services and network address translation (NAT) for many Unix-like operating systems.
ipfirewall or ipfw is a FreeBSD IP, stateful firewall, packet filter and traffic accounting facility.
Layered security, also known as layered defense, describes the practice of combining multiple mitigating security controls to protect resources and data.
Linux is a family of free and open-source software operating systems built around the Linux kernel.
This is a list of router and firewall distributions, which are operating systems designed for use as routers and/or firewalls.
This is a list of TCP and UDP port numbers used by protocols of the application layer of the Internet protocol suite for the establishment of host-to-host connectivity.
A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building.
macOS (previously and later) is a series of graphical operating systems developed and marketed by Apple Inc. since 2001.
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.
In computer networking, a mangled or invalid packet is a packet — especially IP packet — that either lacks order or self-coherence, or contains code aimed to confuse or disrupt computers, firewalls, routers, or any service present on the network.
NetBSD is a free and open source Unix-like operating system that descends from Berkeley Software Distribution (BSD), a Research Unix derivative developed at the University of California, Berkeley.
Netfilter is a framework provided by Linux that allows various networking-related operations to be implemented in the form of customized handlers.
A network address is an identifier for a node or host on a telecommunications network.
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble.
A network packet is a formatted unit of data carried by a packet-switched network.
Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
Network traffic or data traffic is the amount of data moving across a network at a given point of time.
A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS).
In telecommunications networks, a node (Latin nodus, ‘knot’) is either a redistribution point or a communication endpoint.
NPF is a BSD licensed stateful packet filter, a central piece of software for firewalling.
OpenBSD is a free and open-source Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Research Unix derivative developed at the University of California, Berkeley.
An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs.
The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology.
A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.
PF (Packet Filter, also written pf) is a BSD licensed stateful packet filter, a central piece of software for firewalling.
In computer networking, a port is an endpoint of communication in an operating system, which identifies a specific process or a type of network service running on that system.
The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family.
The red/black concept, sometimes called the red-black architecture or red/black engineering, refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information (red signals) from those that carry encrypted information, or ciphertext (black signals).
In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading.
In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall.
A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network.
A software appliance is a software application combined with just enough operating system (JeOS) to run optimally on industry-standard hardware (typically a server) or in a virtual machine.
In the context of network security, a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage.
In computing, a stateful firewall is a network firewall that tracks the operating state and characteristics of network connections traversing it.
Steven M. Bellovin is a researcher on computer networking and security.
Telnet is a protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.
The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite.
Trusted Information Systems (TIS) was a computer security research and development company during the 1980s and 1990s, performing computer and communications (information) security research for organizations such as NSA, DARPA, ARL, AFRL, SPAWAR, and others.
A unidirectional network (also referred to as a unidirectional security gateway or data diode) is a network appliance or device allowing data to travel only in one direction, used in guaranteeing information security.
Unix (trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, development starting in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.
In computer networking, the User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite.
A virtual firewall (VF) is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall.
A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for known weaknesses.
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application.
A wide area network (WAN) is a telecommunications network or computer network that extends over a large geographical distance/place.
William R. "Bill" Cheswick (also known as "Ches") is a computer security and networking researcher.
Windows Firewall (officially called Windows Defender Firewall in Windows 10), is a firewall component of Microsoft Windows.
In Windows NT operating systems, a Windows service is a computer program that operates in the background.
Computer firewall, Deep packet filtering, Firewall (computer), Firewall (networking), Firewall software, Host-based firewall, Network firewall, Network layer firewall, Packet filter, Packet filtering.