LLMpediaThe first transparent, open encyclopedia generated by LLMs

Firewall (computing)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cisco ASA Hop 5
Expansion Funnel Raw 85 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted85
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Firewall (computing)
NameFirewall (computing)
Invented1980s
InventorDigital Equipment Corporation; AT&T Bell Labs; University of California, Berkeley
TypeNetwork security device/software

Firewall (computing) A firewall is a network security device or software that enforces an access control policy between trusted and untrusted networks. Firewalls mediate traffic using rule sets and state tracking to protect hosts, networks, and services while integrating with Internet Engineering Task Force, National Institute of Standards and Technology, European Union Agency for Cybersecurity, Microsoft, and Cisco Systems toolchains. Implementations range from embedded appliances sold by Palo Alto Networks and Fortinet to open-source projects hosted by The Apache Software Foundation, OpenBSD, and Debian.

Overview

Firewalls implement packet filtering, stateful inspection, and application-layer gateways to regulate flows between endpoints such as Windows NT, macOS, Linux kernel, iOS, and Android (operating system). Enterprises combine firewalls with Intrusion Detection System, Intrusion Prevention System, Security Information and Event Management, Virtual Private Network, and Content Delivery Network services to meet compliance frameworks like Health Insurance Portability and Accountability Act, General Data Protection Regulation, and Payment Card Industry Data Security Standard. Firewalls operate across layers defined by the Internet Protocol Suite and interact with protocols standardized by the Internet Engineering Task Force and bodies such as Institute of Electrical and Electronics Engineers.

History

Early work originated in the 1980s at research sites including Digital Equipment Corporation, AT&T Bell Labs, and academic groups connected to University of California, Berkeley and MIT. The term gained commercial traction in the 1990s as vendors like Check Point Software Technologies and Cisco Systems packaged stateful appliances while open-source projects such as Netfilter and pf (OpenBSD) matured. High-profile incidents involving Morris worm, ILOVEYOU (computer worm), and attacks on Estonia 2007 cyberattacks accelerated adoption alongside national initiatives led by United States Computer Emergency Readiness Team and policy work by European Commission.

Architecture and Types

Firewall architectures include packet-filtering routers, stateful inspection firewalls, proxy-based application-layer gateways, and next-generation firewalls integrating deep packet inspection with application awareness and threat intelligence. Appliances may be implemented on hardware from Intel or ARM vendors and run firmware from vendors such as Juniper Networks, Huawei Technologies, or open projects like pfSense. Virtualized forms appear as virtual network functions in platforms from VMware and OpenStack or as cloud-native services from Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Deployment Models and Topologies

Common deployments include perimeter firewalls at Internet edges, internal segmentation firewalls between data center zones, and host-based firewalls on endpoints such as Microsoft Windows Server, Red Hat Enterprise Linux, and macOS Server. Architectures leverage topologies like DMZs popularized by Sun Microsystems deployments, hub-and-spoke VPNs used by Cisco Systems customers, and microsegmentation strategies used by VMware NSX and Kubernetes clusters. Hybrid cloud models combine on-premises appliances with cloud firewall services offered by Amazon, Microsoft, and Google.

Features and Capabilities

Modern firewalls provide capabilities including stateful connection tracking, NAT, VPN termination with standards from Internet Engineering Task Force, application identification drawing on signatures from VirusTotal and MITRE ATT&CK, URL filtering tied to feeds managed by OpenDNS, and sandboxing integrations used by FireEye and CrowdStrike. Management features include centralized policy orchestration via Ansible and Terraform automation, logging to Splunk and ELK Stack, and role-based access control compatible with OAuth 2.0 and SAML.

Bypass, Evasion, and Limitations

Attackers employ techniques like protocol tunneling, encrypted command-and-control over Transport Layer Security, port hopping, use of content delivery networks such as Akamai Technologies, and fast flux facilitated by registrars linked to Domain Name System. Limitations include blind spots created by end-to-end encryption popularized by Signal (software), performance trade-offs on commodity hardware from vendors like Intel Corporation when deep inspection is enabled, and policy complexity that can introduce misconfiguration incidents similar to breaches investigated by Federal Bureau of Investigation and National Cyber Security Centre (UK). Research from Carnegie Mellon University and Massachusetts Institute of Technology continues to probe evasion and verification.

Standards, Regulation, and Certification

Standards relevant to firewalls include RFCs by the Internet Engineering Task Force and testing methodologies published by International Organization for Standardization, Common Criteria, and certification programs from Underwriters Laboratories. Regulatory compliance often references guidance from National Institute of Standards and Technology, European Union Agency for Cybersecurity, and sectoral regulators such as Federal Communications Commission and Office for Civil Rights (OCR). Industry certifications and evaluation programs from Common Criteria and vendor-specific labs such as NATO Communications and Information Agency testing facilities are commonly used to validate product claims.

Category:Computer security