Skip to content

Commit 694841f

Browse files
llpetersonllpeterson
committed
context for firewalls
1 parent 3165ffb commit 694841f

File tree

1 file changed

+19
-6
lines changed

1 file changed

+19
-6
lines changed

firewall.rst

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,20 @@ help you if your machine has unpatched vulnerabilities. So other
1111
approaches are often used to keep out various forms of potentially
1212
harmful traffic. Firewalls are one of the most common ways to do this.
1313

14+
To provide a little more context for this chapter, it is helpful to
15+
understand that writing software that is not vulnerable to being
16+
hacked is an important part of the overall security landscape. It is
17+
also a broad topic, starting with questions about the programming
18+
language you use (e.g., memory-safe languages like Rust are less
19+
susceptible than, say, C). Such topics are outside the scope of this
20+
book, where we instead take a network-centric view, and ask: *"What can
21+
we do in the network to either minimize opportunities for malware to
22+
exploit vulnerable software, or to mitigate the impact of such an
23+
exploit succeeding."* Firewalls, and more generally *security
24+
appliances*, are part of the answer. They are devices placed at
25+
strategic points throughout the network that identify and respond to
26+
malicious traffic.
27+
1428
9.1 Basic Principles of Firewalls
1529
-----------------------------------
1630

@@ -426,12 +440,11 @@ we recommend our companion book on software-defined networks.
426440
9.4 Security Appliances
427441
------------------------------
428442

429-
Firewalls are often placed inside a larger category of *security
430-
appliances*—devices placed at some strategic point in the network to
431-
perform a security function. Such appliances generally watch for and
432-
respond to unwanted traffic, where the main challenge is how to
433-
distinguish between good and bad traffic. This section looks at two
434-
examples.
443+
As introduced at the beginning of this chapter, *security appliances*
444+
are a generalization of firewalls. Such appliances are placed
445+
throughout the network, watching for and responding to unwanted
446+
traffic. The main challenge they face is how to distinguish between
447+
good and bad traffic. This section looks at two examples.
435448

436449
9.4.1 Intrusion Detection and Prevention
437450
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

0 commit comments

Comments
 (0)