Firewalls. The pocketknife for enforcing computer security

Add to my library

TE7550 V2 Article

Firewalls. The pocketknife for enforcing computer security

Author : Maryline LAURENT

Publication date: October 10, 2017, Review date: January 3, 2024 | Lire en français

Add to my library Add to my library

Logo Techniques de l'Ingenieur You do not have access to this resource.
Request your free trial access! Free trial

Already subscribed?

Overview

ABSTRACT

A firewall is the key security provision in a computer network for isolating and filtering ingoing and outgoing traffic. A firewall can use several filtering mechanisms such as stateless or stateful packet filtering, applicative proxies, circuit-level proxies, or packet inspection. This article also presents other classical functions embedded in a firewall, including Network Address Translation (NAT), Virtual Private Network (VPN), and intrusion detection and prevention systems (IDS/IPS). The article also places the firewall in a more global perspective of security policies and security architectures.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Maryline LAURENT : Professor Télécom-SudParis, Institut Mines-Télécom, Evry, France -

 INTRODUCTION

It doesn't take much of an interest in digital news to realize the importance, in terms of their number and consequences, of cyberattacks targeting companies and states. Let's recall the case that affected Ashley Madison in August 2016, a dating site whose hacking led to the theft of personal data from 37 million of its members (e-mails, phones, names, addresses, profiles, etc.), or the Locky malware in February 2016, whose modus operandi is to encrypt data without the owner's knowledge, then deliver, for a ransom, the decryption key enabling the owner to recover his or her data. Most of the time, this stolen data is resold on the dark web, a network parallel to the Internet reputed to facilitate illegal activities.

Since 2013, the revelations of Edward Snowden, the former CIA agent and NSA consultant, have raised public awareness of the power of IT tools, the latter enabling the massive collection of confidential, even secret, information. In 2016, for the first time in history, cyberattacks had political consequences. Donald Trump's election was largely the result of hacking that enabled the compromising publication of messages from Democratic Party officials.

Other, less publicized cyberattacks affect a large number of organizations, companies, local authorities... The cyber attacker's objectives are manifold: selling industrial secrets to the highest bidder, damaging an organization's image and reputation, weakening a company's financial position...

A whole arsenal of technical solutions exists to counter these cyberattacks, but their implementation in a company is only possible with the help of human resources to raise awareness and train employees, and legal experts for their knowledge of the European laws and directives to be complied with. The Information System Security Manager (ISSM) is the person who orchestrates the company's information system protection strategy. As shown by a study carried out by Clusif in 2016, out of 334 French companies with over 200 employees in the banking/insurance, commerce, industry/civil engineering, services and transport/telecoms sectors, 15% (resp. 18%) in 2016 said they were devoting more than 6% (resp. 3 to 6%) of their IT budget to security within the company. The expenditure item that has increased the most, up 4 points since 2014, is "setting up organizational elements", which accounts for 16% of spending.

This article looks at ISS from a technical angle, and more specifically at the function of the firewall, which is a central element in the protection of an organization's information system. A firewall isolates and filters all flows exchanged between two networks, thus protecting a private network from the public network. The firewall is configured to comply with...

You do not have access to this resource.
Logo Techniques de l'Ingenieur

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed?


KEYWORDS

filtering   |   firewall   |   security policy   |   security architecture

Ongoing reading
Firewalls. The pocketknife for enforcing computer security

Article included in this offer

"Networks and Telecommunications"

( 174 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details

Dans les ressources documentaires

Technologies VPN

Cet article présente succinctement les principales topologies et technologies utilisées pour mettre en pl...

SecSIP : un environnement de protection pour la voix sur IP

SecSIP est un environnement dédié à la protection des services basés sur le protocole SIP (Session Initia...

Virtualisation des réseaux locaux - Switch, hyperviseur et pare-feu

Le besoin d’hébergement des applications et de données ne cessent de croitre. Mais cette augmentation fai...

Mise en œuvre d’un pare-feu gratuit à base d’IP Filter

Dans les débuts de l’informatique, les méthodes d’accès se faisaient par des liens directs entre des term...

Tous les livres blancs
Article Internet décentralisé : retour au Web 1.0 !
10 October 2018
Internet décentralisé : retour au Web 1.0 !

Désinformation, surveillance étatique, fuites de données... Le web actuel souffre de différents maux. Avec des réseaux décentralisés, les utilisateurs garderaie...

Toutes les actualités
Contact us