Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
ways to make money
The Internet is an insecure place. Many of the protocols used in the
Internet do not provide any security. Tools to "sniff" passwords off of
the network are in common use by malicious hackers. Thus, applications
which send an unencrypted password over the network are extremely
vulnerable. Worse yet, other client/server applications rely on the
client program to be "honest" about the identity of the user who is
using it. Other applications rely on the client to restrict its
activities to those which it is allowed to do, with no other enforcement
by the server.
receipes
Some sites attempt to use firewalls to solve their network security
problems. Unfortunately, firewalls assume that "the bad guys" are on the
outside, which is often a very bad assumption. Most of the really
damaging incidents of computer crime are carried out by insiders.
Firewalls also have a significant disadvantage in that they restrict how
your users can use the Internet. (After all, firewalls are simply a less
extreme example of the dictum that there is nothing more secure then a
computer which is not connected to the network --- and powered off!) In
many places, these restrictions are simply unrealistic and unacceptable.
Aaro to Afi - Afla to Alte - Alto to Amy - Anac to Apc
Kerberos was created by MIT as a solution to these network security
problems. The Kerberos protocol uses strong cryptography so that a
client can prove its identity to a server (and vice versa) across an
insecure network connection. After a client and server has used Kerberos
to prove their identity, they can also encrypt all of their
communications to assure privacy and data integrity as they go about
their business.
Appa to Aven - Aven to Ball - Ball to Benn - Bent to Bill - Bill to Blea
A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.
A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is (and should be) a zone with high trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle and separation of duties.
Bles to Body - Boei to Brat - Brat to Buel - Bugs to Camo - Cand to Carr - Cart to Celi
A firewall is also called a Border Protection Device (BPD) in certain military contexts were a firewall separates networks by creating perimeter networks in a DMZ. In a BSD context they are also known as a packet filter. A firewall's function is analogous to firewalls in building construction.
Proper configuration of firewalls demands skill from the firewall administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.
History
Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s. In 1988 an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues that read, "We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames." This virus known as the Morris Worm was carried by e-mail. The Morris Worm was the first large scale attack on Internet security; the online community was neither expected an attack nor prepared to deal with one.
Cels to Char - Char to Chin - Chin to Circ - Circ to Conn
First generation - packet filters
The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what would become a highly evolved and technical internet security feature. At AT&T Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based upon their original first generation architecture.
Second generation - circuit level
From 1980-1990 two colleagues from AT&T Bell Laboratories, Dave Presetto and Howard Trickey, developed the second generation of firewalls known as circuit level firewalls.
Cons to Curr - Cust to Dayt - Ddr to Desk - Desk to Disk - Disn to Dog - Dog to Drag
Third generation - applicaton layer
Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories and Marcus Ranum described a third generation firewall known as application layer firewall, also known as proxy based firewalls. Marcus Ranum's work on the technology spearheaded the creation of the first commercial product. The product was released by DEC who named it the SEAL product. DEC’s first major sale was on June 13, 1991 to a chemical company based on the East Coast of the USA.
Drag to Drun - Drun to Dvd - Dvd to Emma - Emot to Fair - Falc to Fift - Figh to Flui - Fly to Fren - Frid to Gara
Subsequent generations
In 1992, Bob Braden and Annette DeSchon at the University of Southern California (USC) were developing their own fourth generation packet filter firewall system. The product known as “Visas” was the first system to have a visual integration interface with colours and icons, which could be easily implemented to and accessed on a computer operating system such as Microsoft's Windows or Apple's MacOS. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1.
A second generation of proxy firewalls was based on Kernel Proxy technology. This design is constantly evolving but its basic features and codes are currently in widespread use in both commercial and domestic computer systems. Cisco, one of the largest internet security companies in the world released their PIX product to the public in 1997.
Gara to Ghos - Gibs to Grap - Grap to Gyne - Habb to Harv
The new Next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an Intrusion-prevention system (IPS).
Types
There are three basic types of firewalls depending on:
Whether the communication is being done between a single node and the network, or between two or more networks.
Whether the communication is intercepted at the network layer, or at the application layer.
Whether the communication state is being tracked at the firewall or not.
Hawa to Hois - Holl to Host - Hot to Inse - Insp to Jame - Jami to Jodi - John to Keane
Personal firewalls, a software application which normally filters traffic entering or leaving a single computer.
Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking.
In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist:
Kegs to Lanc - Land to Loui - Love to Maha - Mail to Mass - Mass to Mena - Meni to Mili - Mili to Moto - Moto to My h - My l to Naut - Ne y to Nort
Network layer firewalls. An example would be iptables.
Application layer firewalls. An example would be TCP Wrappers.
Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file
These network-layer and application-layer types of firewall may overlap, even though the personal firewall does not serve a network; indeed, single systems have implemented both together.
There's also the notion of application firewalls which are sometimes used during wide area network (WAN) networking on the world-wide web and govern the system software. An extended description would place them lower than application layer firewalls, indeed at the Operating System layer, and could alternately be called operating system firewalls.
Noth to Opra - Opra to Pani - Pani to Pean - Pear to Picn
Lastly, depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist:
Stateful firewalls
Stateless firewalls
Network layer
Main article: network layer firewall
Network layer firewalls operate at a (relatively) low level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems).
- Pict to Pneu - Pock to Post - Pota to Pris- Priy to Quar - Quee to Refl
A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating systems and network appliances.
Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
Refr to Riha
Application-layer
Main article: application layer firewall
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.
Rikk to Rubb - Rubb to Salv - Sami to Sate - Sate to Sear - Sear to Shan - Shan to Simp - Simp to Socc - Soci to Spec - Spee to Stap - Star to Sufj - Sump to Tact
By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach.
Taki to Thom - Thom to Timo - Tink to Top - Top to Trac - Trai to Tubi - Tuls to Uhf - Ulti to Util - Vacc to Warr - Wash to Wedd - Wedd to Winr - Wint to Yama - Yama to
The XML firewall exemplifies a more recent kind of application-layer firewall.
