In computer networking, a network firewall acts as
a barrier against potential malicious activity, while still allowing a "door" for people to communicate between your secured network and an open,
unsecured network. Originally, a firewall consisted of a single machine or "box," now referred to as a bastion
host, that sat between a private network and the Internet.
Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
Bastion host: Strongly secured devices that have a direct network connection to a public network such as the Internet. It can operate as any of the three types of firewalls.
A firewall is the most critical component of any security implementation and refers to the entire area between the internal network and the
Internet, usually consisting of a complex series of machines and programs.
The firewall should provide the following goals:
Create Choke Point used to monitor, filter, and verify all inbound and outbound traffic.
Implement a company's security policy. For example, a security policy may state that only the Internet mail server will transmit SMTP
traffic. You would enforce this policy feature directly at the firewall.
Log Internet activity. By placing logging services at the firewalls, security administrators can monitor all access to and from the external
network or Internet.
Limit network exposure. A firewall can also enhance privacy by "hiding" your internal systems and information from the public.
A gateway is a system that provides relay services between two devices. Gateways can range from an Internet application such as a Common Gateway Interface (CGI) to a firewall gateway that processes traffic between two
Demilitarized zones (DMZ) are networks that are between a company's internal network and the external network. A DMZ is used as an
additional buffer to further separate the public network from your internal private network. Routers generally begin and end the DMZ.
Choke point: An intersection between a company's private and a public network used to monitor, filter, and verify all inbound and outbound traffic.
Common Gateway Interface (CGI): A protocol that allows a Web server to pass control to a software application, based on a user request. It also allows that program to receive and organize that information, then return it to the user in a consistent format. A CGI script resides on a Web server, enabling the CGI process.