ate users’ lives, make Web server administrators’ jobs harder, rob network performance, add an extra point of failure, cost money, and make networks more complex to manage.Firewall technologies, like all other Internet technologies, are rapidly changing. There are two main types of firewalls, plus many variations. The main types of firewalls are proxy and network-layer. The idea of a proxy firewall is simple: Rather than have users log into a gateway host and then access the Internet from there, give them a set of restricted programs running on the gateway host and let them talk to those programs, which act as proxies on behalf of the user. The user never has a account or login on the firewall itself, and he or she can interact only with a tightly controlled restricted environment created by the firewall’s administrator.This approach greatly enhances the security of the firewall itself because it means that users do not have accounts or shell access to the operating system. Most UNIX bugs require that the attacker have a login on the system to exploit them. By throwing the users off the firewall, it becomes just a dedicated platform that does nothing except support a small set of proxies-it is no longer a general-purpose computing environment. The proxies, in turn, are carefully designed to be reliable and secure because they are the only real point of the system against which an attack can be launched.Proxy firewalls have evolved to the point where today they support a wide range of services and run on a number of different UNIX and Windows NT platforms. Many security experts believe that proxy firewall is more secure than other types of firewalls, largely because the first proxy firewalls were able to apply additional control on to the data traversing the proxy. The real reason for proxy firewalls was their ease of implementation, not their security properties. For security, it does not really matter wher...
