Firewall

(computing)

In comput ing, a firewall is a net work securit y syst em t hat monit ors and cont rols
incoming and out going net work t raffic based on configurable securit y rules.[1][2] A
firewall t ypically est ablishes a barrier bet ween a t rust ed net work and an unt rust ed
net work, such as t he Int ernet ,[3] or bet ween several VLANs.

History
The t erm firewall originally referred t o a wall int ended t o confine a fire wit hin a line of
adjacent buildings.[4] Lat er uses refer t o similar st ruct ures, such as t he met al sheet
separat ing t he engine compart ment of a vehicle or aircraft from t he passenger
compart ment . The t erm was applied in t he 1980s t o net work t echnology[5] t hat
emerged when t he Int ernet was fairly new in t erms of it s global use and
connect ivit y.[6] The predecessors t o firewalls for net work securit y were rout ers used
in t he 1980s. Because t hey already segregat ed net works, rout ers could apply filt ering
t o packet s crossing t hem.[7]

Before it was used in real-life comput ing, t he t erm appeared in John Badham's 1983
comput er‑hacking movie WarGames, spoken by t he bearded and bespect acled
programmer named Paul Richt er, which possibly inspired it s lat er use.[8]
One of t he earliest commercially successful firewall and net work address t ranslat ion
(NAT) product s was t he PIX (Privat e Int ernet eXchange) Firewall, invent ed in 1994 by
Net work Translat ion Inc., a st art up founded and run by John Mayes. The PIX Firewall
t echnology was coded by Brant ley Coile as a consult ant soft ware developer.[9]
Recognizing t he emerging IPv4 address deplet ion problem, t hey designed t he PIX t o
enable organizat ions t o securely connect privat e net works t o t he public int ernet using
a limit ed number of regist ered IP addresses. The innovat ive PIX solut ion quickly
gained indust ry acclaim, earning t he prest igious "Hot Product of t he Year" award from
Dat a Communicat ions Magazine in January 1995. Cisco Syst ems, seeking t o expand
int o t he rapidly growing net work securit y market , subsequent ly acquired Net work
Translat ion Inc. in November 1995 t o obt ain t he right s t o t he PIX t echnology. The PIX
became one of Cisco's flagship firewall product lines before event ually being
succeeded by t he Adapt ive Securit y Appliance (ASA) plat form int roduced in 2005.

Types of firewall
Firewalls are cat egorized as a net work-based or a host -based syst em. Net work-
based firewalls are posit ioned bet ween t wo or more net works, t ypically bet ween t he
local area net work (LAN) and wide area net work (WAN),[10] t heir basic funct ion being
t o cont rol t he flow of dat a bet ween connect ed net works. They are eit her a soft ware
appliance running on general-purpose hardware, a hardware appliance running on
special-purpose hardware, or a virt ual appliance running on a virt ual host cont rolled by
a hypervisor. Firewall appliances may also offer non-firewall funct ionalit y, such as
DHCP [11][12] or VPN[13] services. Host -based firewalls are deployed direct ly on t he
host it self t o cont rol net work t raffic or ot her comput ing resources.[14][15] This can be
a daemon or service as a part of t he operat ing syst em or an agent applicat ion for
prot ect ion.

An illustration of a network-based
firewall within a network
Packet filter
The first report ed t ype of net work firewall is called a packet filt er, which inspect s
packet s t ransferred bet ween comput ers. The firewall maint ains an access-cont rol list
which dict at es what packet s will be looked at and what act ion should be applied, if
any, wit h t he default act ion set t o silent discard. Three basic act ions regarding t he
packet consist of a silent discard, discard wit h Int ernet Cont rol Message Prot ocol or
TCP reset response t o t he sender, and forward t o t he next hop.[16] Packet s may be
filt ered by source and dest inat ion IP addresses, prot ocol, or source and dest inat ion
port s. The bulk of Int ernet communicat ion in 20t h and early 21st cent ury used eit her
Transmission Cont rol Prot ocol (TCP) or User Dat agram Prot ocol (UDP) in conjunct ion
wit h well-known port s, enabling firewalls of t hat era t o dist inguish bet ween specific
t ypes of t raffic such as web browsing, remot e print ing, email t ransmission, and file
t ransfers.[17][18]

The first paper published on firewall t echnology was in 1987 when engineers from
Digit al Equipment Corporat ion (DEC) developed filt er syst ems known as packet filt er
firewalls. At AT&T Bell Labs, Bill Cheswick and St eve Bellovin cont inued t heir research
in packet filt ering and developed a working model for t heir own company based on
t heir original first -generat ion archit ect ure.[19] In 1992, St even McCanne and Van
Jacobson released a paper on BSD Packet Filt er (BPF) while at Lawrence Berkeley
Laborat ory.[20][21]

Connection tracking

Flow of network packets through

Netfilter, a Linux kernel module
From 1989–1990, t hree colleagues from AT&T Bell Laborat ories, Dave Presot t o,
Janardan Sharma, and Kshit ij Nigam, developed t he second generat ion of firewalls,
calling t hem circuit -level gat eways.[22]

Second-generat ion firewalls perform t he work of t heir first -generat ion predecessors
but also maint ain knowledge of specific conversat ions bet ween endpoint s by
remembering which port number t he t wo IP addresses are using at layer 4 (t ransport
layer) of t he OSI model for t heir conversat ion, allowing examinat ion of t he overall
exchange bet ween t he nodes.[23]

Application layer
Marcus Ranum, Wei Xu, and Pet er Churchyard released an applicat ion firewall known as
Firewall Toolkit (FWTK) in Oct ober 1993.[24] This became t he basis for Gaunt let
firewall at Trust ed Informat ion Syst ems.[25][26]

The key benefit of applicat ion layer filt ering is t hat it can underst and cert ain
applicat ions and prot ocols such as File Transfer Prot ocol (FTP), Domain Name
Syst em (DNS), or Hypert ext Transfer Prot ocol (HTTP). This allows it t o ident ify
unwant ed applicat ions or services using a non st andard port , or det ect if an allowed
prot ocol is being abused.[27] It can also provide unified securit y management including
enforced encrypt ed DNS and virt ual privat e net working.[28][29][30]

As of 2012, t he next -generat ion firewall provides a wider range of inspect ion at t he
applicat ion layer, ext ending deep packet inspect ion funct ionalit y t o include, but is not
limit ed t o:

Web filtering
Intrusion prevention systems
User identity management
 Web application firewall
Content inspection and heuristic
analysis[31]
TLS Inspection

Endpoint specific
Endpoint -based applicat ion firewalls funct ion by det ermining whet her a process
should accept any given connect ion. Applicat ion firewalls filt er connect ions by
examining t he process ID of dat a packet s against a rule set for t he local process
involved in t he dat a t ransmission. Applicat ion firewalls accomplish t heir funct ion by
hooking int o socket calls t o filt er t he connect ions bet ween t he applicat ion layer and
t he lower layers. Applicat ion firewalls t hat hook int o socket calls are also referred t o
as socket filt ers.

Firewall Policies
At t he core of a firewall's operat ion are t he policies t hat govern it s decision-making
process. These policies, collect ively known as firewall rules, are t he specific
guidelines t hat det ermine t he t raffic allowed or blocked across a net work's
boundaries. [32][33]

Firewall rules are based on t he evaluat ion of net work packet s against predet ermined
securit y crit eria. A net work packet , which carries dat a across net works, must mat ch
cert ain at t ribut es defined in a rule t o be allowed t hrough t he firewall. These at t ribut es
commonly include:
Direction: Inbound or outbound
traffic
Source: Where the traffic originates
(IP address, range, network, or
zone)
Destination: Where the traffic is
headed (IP address, range, network,
or zone)
Port: Network ports specific to
various services (e.g., port 80 for
HTTP)
Protocol: The type of network
protocol (e.g., TCP, UDP, ICMP)
Applications: L7 inspection or
grouping av services.
 Action: Whether to allow, deny,
drop, or require further inspection
for the traffic

Zones
Zones are logical segment s wit hin a net work t hat group t oget her devices wit h similar
securit y requirement s. By part it ioning a net work int o zones, such as "Technical",
"WAN", "LAN", "Public," "Privat e," "DMZ", and "Wireless," administ rat ors can enforce
policies t hat cont rol t he flow of t raffic bet ween t hem. Each zone has it s own level of
t rust and is governed by specific firewall rules t hat regulat e t he ingress and egress of
dat a.

I t ypical default is t o allow all t raffic from LAN t o WAN, and t o drop all t raffic from
WAN t o LAN.

Services
In net working t erms, services are specific funct ions t ypically ident ified by a net work
port and prot ocol. Common examples include HTTP/HTTPS (web t raffic) on port s 80
and 443, FTP (file t ransfer) on port 21, and SMTP (email) on port 25. Services are t he
engines behind t he applicat ions users depend on. From a securit y aspect , cont rolling
access t o services is crucial because services are common t arget s for exploit at ion.
Firewalls employ rules t hat st ipulat e which services should be accessible, t o whom,
and in what cont ext . For example, a firewall might be configured t o block incoming
FTP request s t o prevent unaut horized file uploads but allow out going HTTPS
request s for web browsing.
Applications
Applicat ions refer t o t he soft ware syst ems t hat users int eract wit h while on t he
net work. They can range from web browsers and email client s t o complex dat abase
syst ems and cloud-based services. In net work securit y, applicat ions are import ant
because different t ypes of t raffic can pose varying securit y risks. Thus, firewall rules
can be craft ed t o ident ify and cont rol t raffic based on t he applicat ion generat ing or
receiving it . By using applicat ion awareness, firewalls can allow, deny, or limit t raffic for
specific applicat ions according t o organisat ional policies and compliance
requirement s, t hereby mit igat ing pot ent ial t hreat s from vulnerable or undesired
applicat ions.

Applicat ion can bot h be a grouping of services, or a L7 inspect ion.

USER ID
Implement ing firewall rules based on IP addresses alone is oft en insufficient due t o
t he dynamic nat ure of user locat ion and device usage. [34][35] User ID will be t ranslat e
t o a IP address.

This is where t he concept of "User ID" makes a significant impact . User ID allows
firewall rules t o be craft ed based on individual user ident it ies, rat her t han just fixed
source or dest inat ion IP addresses. This enhances securit y by enabling more granular
cont rol over who can access cert ain net work resources, regardless of where t hey are
connect ing from or what device t hey are using.

The User ID t echnology is t ypically int egrat ed int o firewall syst ems t hrough t he use
of direct ory services such as Act ive Direct ory, LDAP, RADIUS or TACACS+. These
services link t he user's login informat ion t o t heir net work act ivit ies. By doing t his, t he
firewall can apply rules and policies t hat correspond t o user groups, roles, or individual
user account s inst ead of purely relying on t he net work t opology.
Example of Using User ID in Firewall
Rules
Consider an school t hat want s t o rest rict access t o a social media server from
st udent s. They can creat e a rule in t he firewall t hat ut ilises User ID informat ion t o
enforce t his policy.

1. Directory Service Configuration —

First, the firewall must be
configured to communicate with
the directory service that stores
user group memberships. In this
case, an Active Directory server.
2. User Identification — The firewall
maps network traffic to specific
user IDs by interpreting
authentication logs. When a user
logs on, the firewall associates
 that login with the user's IP
address.
3. Define User Groups — Within the
firewall's management interface,
define user groups based on the
directory service. For example,
create groups such as
"Students".
4. Create Firewall Rule:
Source: User ID (e.g.,
Students)
Destination: list of IP
addresses
Service/Application:
Allowed services (e.g.,
 HTTP, HTTPS)
Action: Deny
5. Implement Default Allow Rule:
Source: LAN zone
Destination: WAN zone
Service/Application: Any
Action: Allow
Wit h t his set up, only users who aut hent icat e and are ident ified as members of
"St udent s" are deny t o access social media servers. All ot her t raffic, st art ing from
LAN int erfaces, will be allowed.

Most common firewall log

types
Traffic Logs:

Description: Traffic logs record

comprehensive details about data
traversing the network. This
 includes source and destination IP
addresses, port numbers, protocols
used, and the action taken by the
firewall (e.g., allow, drop, or reject).
Significance: Essential for network
administrators to analyze and
understand the patterns of
communication between devices,
aiding in troubleshooting and
optimizing network performance.
Threat Prevention Logs:

Description: Logs specifically

designed to capture information
related to security threats. This
encompasses alerts from intrusion
prevention systems (IPS), antivirus
 events, anti-bot detections, and
other threat-related data.
Significance: Vital for identifying
and responding to potential security
breaches, helping security teams
stay proactive in safeguarding the
network.
Audit Logs:

Description: Logs that record

administrative actions and changes
made to the firewall configuration.
These logs are critical for tracking
changes made by administrators
for security and compliance
purposes.
 Significance: Supports auditing and
compliance efforts by providing a
detailed history of administrative
activities, aiding in investigations
and ensuring adherence to security
policies.
Event Logs:

Description: General event logs that

capture a wide range of events
occurring on the firewall, helping
administrators monitor and
troubleshoot issues.
Significance: Provides a holistic
view of firewall activities,
facilitating the identification and
resolution of any anomalies or
 performance issues within the
network infrastructure.
Session Logs:

Description: Logs that provide

information about established
network sessions, including session
start and end times, data transfer
rates, and associated user or
device information.
Significance: Useful for monitoring
network sessions in real-time,
identifying abnormal activities, and
optimizing network performance.
DDoS Mitigation Logs:

Description: Logs that record

events related to Distributed Denial
of Service (DDoS) attacks including
 mitigation actions taken by the
firewall to protect the network.
Significance: Critical for identifying
and mitigating DDoS attacks
promptly, safeguarding network
resources and ensuring
uninterrupted service availability.
Geo-location Logs:

Description: Logs that capture

information about the geographic
locations of network connections.
This can be useful for monitoring
and controlling access based on
geographical regions.
Significance: Aids in enhancing
security by detecting and preventing
 suspicious activities originating
from specific geographic locations,
contributing to a more robust
defense against potential threats.
URL Filtering Logs:

Description: Records data related

to web traffic and URL filtering. This
includes details about blocked and
allowed URLs, as well as categories
of websites accessed by users.
Significance: Enables organizations
to manage internet access, enforce
acceptable use policies, and
enhance overall network security by
monitoring and controlling web
activity.
User Activity Logs:
 Description: Logs that capture
user-specific information, such as
authentication events, user
login/logout details, and user-
specific traffic patterns.
Significance: Aids in tracking user
behavior, ensuring accountability,
and providing insights into potential
security incidents involving specific
users.
VPN Logs:

Description: Information related to

Virtual Private Network (VPN)
connections, including events like
connection and disconnection,
 tunnel information, and VPN-
specific errors.
Significance: Crucial for monitoring
the integrity and performance of
VPN connections, ensuring secure
communication between remote
users and the corporate network.
System Logs:

Description: Logs that provide

information about the overall
health, status, and configuration
changes of the firewall system.
This may include logs related to
high availability (HA), software
updates, and other system-level
events.
 Significance: Essential for
maintaining the firewall
infrastructure, diagnosing issues,
and ensuring the system operates
optimally.
Compliance Logs:

Description: Logs specifically

focused on recording events
relevant to regulatory compliance
requirements. This may include
activities ensuring compliance with
industry standards or legal
mandates.
Significance: Essential for
organizations subject to specific
regulations, helping to demonstrate
 adherence to compliance
standards and facilitating audit
processes.

Configuration
Set t ing up a firewall is a complex and error-prone t ask. A net work may face securit y
issues due t o configurat ion errors.[36]

Firewall policy configurat ion is based on specific net work t ype (e.g., public or privat e),
and can be set up using firewall rules t hat eit her block or allow access t o prevent
pot ent ial at t acks from hackers or malware.[37]

See also

Air gap (networking)

Distributed firewall
DMZ (computing)
Firewall pinhole
Firewalls and Internet Security
 Golden Shield Project
Intrusion detection system
Mobile security § Security software
Windows Firewall

References

1. Boudriga, Noureddine (2010).

Security of mobile
communications (https://archive.
org/details/securitymobileco00b
oud) . Boca Raton: CRC Press.
pp. 32 (https://archive.org/detail
s/securitymobileco00boud/pag
e/n66) –33. ISBN 978-
0849379420.
2. Macfarlane, Richard; Buchanan,
William; Ekonomou, Elias;
Uthmani, Omair; Fan, Lu; Lo, Owen
(2012). "Formal security policy
implementations in network
firewalls" (https://linkinghub.elsev
ier.com/retrieve/pii/S016740481
1001192) . Computers &
Security. 31 (2): 253–270.
doi:10.1016/j.cose.2011.10.003
(https://doi.org/10.1016%2Fj.cos
e.2011.10.003) .
3. Oppliger, Rolf (May 1997).
"Internet Security: FIREWALLS
and BEYOND" (https://doi.org/10.
1145%2F253769.253802) .
Communications of the ACM. 40
(5): 94.
doi:10.1145/253769.253802 (htt
ps://doi.org/10.1145%2F253769.
253802) . S2CID 15271915 (http
s://api.semanticscholar.org/Corp
usID:15271915) .
4. Canavan, John E. (2001).
Fundamentals of Network
Security (1st ed.). Boston, MA:
Artech House. p. 212.
ISBN 9781580531764.
5. Cheswick, William R.; Bellovin,
Steven M. (1994). Firewalls and
Internet Security: Repelling The
Wily Hacker. Addison-Wesley.
ISBN 978-0201633573.
6. Liska, Allan (Dec 10, 2014).
Building an Intelligence-Led
Security Program. Syngress. p. 3.
ISBN 978-0128023709.
7. Ingham, Kenneth; Forrest,
Stephanie (2002). "A History and
Survey of Network Firewalls" (http
s://web.archive.org/web/200609
02171316/http://www.cs.unm.ed
u/~treport/tr/02-12/firewall.pdf)
(PDF). Archived from the original
(http://www.cs.unm.edu/~trepor
t/tr/02-12/firewall.pdf) (PDF) on
2006-09-02. Retrieved
2011-11-25.
8. Boren, Jacob (2019-11-24). "10
Times '80s Sci-Fi Movies
Predicted The Future" (https://scr
eenrant.com/80s-sci-fi-movies-pr
edicted-the-future/) . ScreenRant.
Retrieved 2021-03-04.
9. Mayes, John (2022-11-24). "NTI -
JMA" (http://www.jma.com/nti.ht
ml) . Wikipedia. Retrieved
2023-03-04.
10. Naveen, Sharanya. "Firewall" (http
s://web.archive.org/web/201605
21201820/https://www.paloalton
etworks.com/documentation/glo
ssary/what-is-a-firewall) .
Archived from the original (http
s://www.paloaltonetworks.com/d
ocumentation/glossary/what-is-a-
firewall) on 21 May 2016.
Retrieved 7 June 2016.
11. "Firewall as a DHCP Server and
Client" (https://paloaltonetworks.c
om/documentation/70/pan-os/pa
n-os/networking/firewall-as-a-dhc
p-server-and-client.html) . Palo
Alto Networks. Retrieved
2016-02-08.
12. "DHCP" (http://www.shorewall.ne
t/dhcp.htm) . www.shorewall.net.
Retrieved 2016-02-08.
13. "What is a VPN Firewall? –
Definition from Techopedia" (http
s://www.techopedia.com/definitio
n/30753/vpn-firewall) .
Techopedia.com. Retrieved
2016-02-08.
14. Vacca, John R. (2009). Computer
and information security
handbook. Amsterdam: Elsevier.
p. 355. ISBN 9780080921945.
15. "What is Firewall?" (https://person
alfirewall.comodo.com/what-is-fir
ewall.html) . Retrieved
2015-02-12.
16. Peltier, Justin; Peltier, Thomas R.
(2007). Complete Guide to CISM
Certification. Hoboken: CRC
Press. p. 210.
ISBN 9781420013252.
17. "TCP vs. UDP : The Difference
Between them" (http://www.skullb
ox.net/tcpudp.php) .
www.skullbox.net. Retrieved
2018-04-09.
18. Cheswick, William R.; Bellovin,
Steven M.; Rubin, Aviel D. (2003).
Firewalls and Internet Security
repelling the wily hacker (2 ed.).
Addison-Wesley Professional.
ISBN 9780201634662.
19. Ingham, Kenneth; Forrest,
Stephanie (2002). "A History and
Survey of Network Firewalls" (http
s://web.archive.org/web/200609
02171316/http://www.cs.unm.ed
u/~treport/tr/02-12/firewall.pdf)
(PDF). p. 4. Archived from the
original (http://www.cs.unm.edu/
~treport/tr/02-12/firewall.pdf)
(PDF) on 2006-09-02. Retrieved
2011-11-25.
20. McCanne, Steven; Jacobson, Van
(1992-12-19). "The BSD Packet
Filter: A New Architecture for
User-level Packet Capture" (http
s://web.archive.org/web/200009
16155334/http://www.tcpdump.o
rg/papers/bpf-usenix93.pdf)
(PDF). Archived from the original
(http://www.tcpdump.org/papers/
bpf-usenix93.pdf) (PDF) on
2000-09-16.
21. McCanne, Steven; Jacobson, Van
(January 1993). "The BSD Packet
Filter: A New Architecture for
User-level Packet Capture" (http
s://www.usenix.org/conference/u
senix-winter-1993-conference/bs
d-packet-filter-new-architecture-u
ser-level-packet) . USENIX.
22. M. Afshar Alam; Tamanna
Siddiqui; K. R. Seeja (2013).
Recent Developments in
Computing and Its Applications (h
ttps://books.google.com/books?i
d=TnJk09xmdFsC&pg=PA513) .
I. K. International Pvt Ltd. p. 513.
ISBN 978-93-80026-78-7.
23. "Firewalls" (http://www.tech-faq.c
om/firewall.html) . MemeBridge.
Retrieved 13 June 2014.
24. "Firewall toolkit V1.0 release" (htt
p://www.avolio.com/papers/FWT
Kv1.0Announcement.html) .
Retrieved 2018-12-28.
25. John Pescatore (October 2,
2008). "This Week in Network
Security History: The Firewall
Toolkit" (https://web.archive.org/
web/20160429131516/http://blo
gs.gartner.com/john_pescatore/2
008/10/02/this-week-in-network-
security-history-the-firewall-toolki
t/) . Archived from the original (ht
tps://blogs.gartner.com/john_pes
catore/2008/10/02/this-week-in-
network-security-history-the-firew
all-toolkit/) on April 29, 2016.
Retrieved 2018-12-28.
26. Marcus J. Ranum; Frederick
Avolio. "FWTK history" (http://ww
w.avolio.com/papers/fwtk-histor
y.html) .
27. "What is Layer 7? How Layer 7 of
the Internet Works" (https://www.
cloudflare.com/learning/ddos/wh
at-is-layer-7/) . Cloudflare.
Retrieved Aug 29, 2020.
28. "5 Firewall Features you Must-
Have" (https://www.checkpoint.co
m/cyber-hub/network-security/w
hat-is-firewall/5-firewall-features-y
ou-must-have/) . Check Point
Software. Retrieved 2021-11-08.
29. Stanfield, Nathan (2019-12-04).
"11 Firewall Features You Can't
Live Without" (https://www.stanfie
ldit.com/11-firewall-features/) .
Stanfield IT. Retrieved
2021-11-08.
30. "Safing Portmaster" (https://safin
g.io/portmaster/) . safing.io.
Retrieved 2021-11-08.
31. Liang, Junyan; Kim, Yoohwan
(2022). Evolution of Firewalls:
Toward Securer Network Using
Next Generation Firewall (https://i
eeexplore.ieee.org/document/97
20435) . pp. 0752–0759.
doi:10.1109/CCWC54503.2022.9
720435 (https://doi.org/10.110
9%2FCCWC54503.2022.972043
5) . ISBN 978-1-6654-8303-2.
Retrieved 2024-02-02.
32. "Policy" (https://docs.paloaltonet
works.com/pan-os/10-1/pan-os-a
dmin/policy) .
docs.paloaltonetworks.com.
Retrieved 2024-11-21.
33. "Creating Firewall Policy Rules |
Juniper Networks" (https://www.j
uniper.net/documentation/us/en/
software/nm-apps24.1/junos-spa
ce-security-director/topics/task/j
unos-space-firewall-policy-rule-cr
eating.html) . www.juniper.net.
Retrieved 2024-11-21.
34. "Creating Firewall Policy Rules |
Juniper Networks" (https://www.j
uniper.net/documentation/us/en/
software/nm-apps24.1/junos-spa
ce-security-director/topics/task/j
unos-space-firewall-policy-rule-cr
eating.html) . www.juniper.net.
Retrieved 2024-11-21.
35. "User-ID" (https://docs.paloaltone
tworks.com/pan-os/10-1/pan-os-
admin/user-id) .
docs.paloaltonetworks.com.
Retrieved 2024-11-21.
36. Voronkov, Artem; Iwaya,
Leonardo Horn; Martucci,
Leonardo A.; Lindskog, Stefan
(2018-01-12). "Systematic
Literature Review on Usability of
Firewall Configuration" (https://dx.
doi.org/10.1145/3130876) . ACM
Computing Surveys. 50 (6): 1–35.
doi:10.1145/3130876 (https://do
i.org/10.1145%2F3130876) .
ISSN 0360-0300 (https://search.
worldcat.org/issn/0360-0300) .
S2CID 6570517 (https://api.sema
nticscholar.org/CorpusID:65705
17) .
37. "What is Firewall Configuration
and Why is it Important?" (https://
www.fortinet.com/resources/cyb
erglossary/firewall-
configuration) . Fortinet.

External links

Evolution of the Firewall Industry (ht

tp://docstore.mik.ua/univercd/cc/t
d/doc/product/iaabu/centri4/user/
scf4ch3.htm) – discusses
different architectures, how packets
are processed and provides a
timeline of the evolution.
 A History and Survey of Network
Firewalls (http://www.cs.unm.edu/
~treport/tr/02-12/firewall.pdf) –
provides an overview of firewalls at
various ISO levels, with references
to original papers where early
firewall work was reported.

Retrieved from
"https://en.wikipedia.org/w/index.php?
title=Firewall_(computing)&oldid=126396547
9"

This page was last edited on 19 December

2024, at 16:58 (UTC). •
Content is available under CC BY-SA 4.0
unless otherwise noted.