|
Application Layer Firewall
An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The two primary categories of application firewalls are ''network-based'' and ''host-based''. History Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories, and Marcus Ranum described a third-generation firewall known as an application layer firewall. Marcus Ranum's work, based on the firewall created by Paul Vixie, Brian Reid, and Jeff Mogul, spearheaded the creation of the first commercial product. The product was released by DEC, named the DEC SEAL by Geoff Mulligan - Secure External Access Link. DEC's first major sale was on June 13, 1991, to Dupont. Under a broader DARPA contract at TIS, Marcus Ranum, Wei Xu, and Peter Churchyard developed the Firewall Toolkit (FWTK) and made it freely available un ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Firewall (computing)
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on configurable security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet or between several VLANs. Firewalls can be categorized as network-based or host-based. History The term '' firewall'' originally referred to a wall to confine a fire within a line of adjacent buildings. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. The term was applied in the 1980s to network technology that emerged when the Internet was fairly new in terms of its global use and connectivity. The predecessors to firewalls for network security were routers used in the 1980s. Because they already segregated networks, routers could filter packets crossing them. Before it was used in real-life comput ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
TLS Acceleration
TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator. Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more coprocessors able to handle much of the SSL processing. TLS accelerators may use off-the-shelf CPUs, but most use custom ASIC and RISC chips to do most of the difficult computational work. Principle of TLS acceleration operation The most computationally expensive part of a TLS session is the TLS handshake, where the TLS server (usually a webserver) and the TLS client (usually a web browser) agree on a number of parameters that establish the security of the connection. During the TLS handshake the server and the client establish session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Systrace
Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems. Systrace is particularly useful when running untrusted or binary-only applications and provides facilities for privilege elevation on a system call basis, helping to eliminate the need for potentially dangerous setuid programs. It also includes interactive and automatic policy generation features, to assist in the creation of a base policy for an application. Systrace used to be integrated into OpenBSD, but was removed in April 2016 (in favour of ''pledge'' post OpenBSD 5.9). It is available for Linux and Mac OS X, although the OS X port is currently unmaintained. It was removed from NetBSD at the end of 2007 due to several unfixed implementation issues. As of version 1.6f Sy ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sectors of the computing industry – Windows (unqualified) for a consumer or corporate workstation, Windows Server for a Server (computing), server and Windows IoT for an embedded system. Windows is sold as either a consumer retail product or licensed to Original equipment manufacturer, third-party hardware manufacturers who sell products Software bundles, bundled with Windows. The first version of Windows, Windows 1.0, was released on November 20, 1985, as a graphical operating system shell for MS-DOS in response to the growing interest in graphical user interfaces (GUIs). The name "Windows" is a reference to the windowing system in GUIs. The 1990 release of Windows 3.0 catapulted its market success and led to various other product families ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Unix
Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others. Initially intended for use inside the Bell System, AT&T licensed Unix to outside parties in the late 1970s, leading to a variety of both academic and commercial Unix variants from vendors including University of California, Berkeley ( BSD), Microsoft (Xenix), Sun Microsystems ( SunOS/ Solaris), HP/ HPE ( HP-UX), and IBM ( AIX). The early versions of Unix—which are retrospectively referred to as " Research Unix"—ran on computers such as the PDP-11 and VAX; Unix was commonly used on minicomputers and mainframes from the 1970s onwards. It distinguished itself from its predecessors as the first portable operating system: almost the entire operating system is written in the C programming language (in 1973), which allows U ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Oracle Solaris
Oracle Solaris is a proprietary Unix operating system offered by Oracle for SPARC and x86-64 based workstations and servers. Originally developed by Sun Microsystems as Solaris, it superseded the company's earlier SunOS in 1993 and became known for its scalability, especially on SPARC systems, and for originating many innovative features such as DTrace, ZFS and Time Slider. After the Sun acquisition by Oracle in 2010, it was renamed Oracle Solaris. Solaris was registered as compliant with the Single UNIX Specification until April 29, 2019. Historically, Solaris was developed as proprietary software. In June 2005, Sun Microsystems released most of the codebase under the CDDL license, and founded the OpenSolaris open-source project. Sun aimed to build a developer and user community with OpenSolaris; after the Oracle acquisition in 2010, the OpenSolaris distribution was discontinued and later Oracle discontinued providing public updates to the source code of the Solaris kernel, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ModSecurity
ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server, Microsoft IIS and Nginx. It is free software released under the Apache license 2.0. The platform provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules. Although not its only configuration, ModSecurity is most commonly deployed to provide protections against generic classes of vulnerabilities using the OWASP ModSecurity Core Rule Set (CRS). This is an open-source set of rules written in ModSecurity's SecRules language. The project is part of OWASP, the Open Web Application Security Project. Several ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kerio Technologies
Kerio Technologies, Inc. is a former technology company specializing in collaboration software and unified threat management for small and medium organizations. Founded in 1997, Kerio is headquartered in San Jose, California. In January 2017, GFI Software acquired Kerio. GFI Software is owned by Aurea SMB Solutions, which in turn is owned by ESW Capital Group. History Kerio Technologies incorporated in 2001, but its first product WinRoute Pro entered the Internet security market in 1997, as it was owned and maintained by Tiny Software until February 1, 2002. Tiny Software then transferred sales and development of its software to Kerio, where the developers continued to work on it under the Kerio brand. Kerio's main products (in the early 2000s) were Kerio Personal Firewall and Kerio WinRoute Firewall and the company focused on collaboration software with Kerio MailServer. Kerio discontinued its Personal Firewall in late 2005, which was then acquired by Sunbelt Software. Starti ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
AppArmor
AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It has been partially included in the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009. Details In addition to manually creating profiles, AppArmor includes a learning mode, in which profile violations are logged, but not prevented. This log can then be used for generating an AppArmor profile, based on the program's typical behavior. AppArmor is implemented using the Linux Security Modules (LSM) kernel interface. AppArmor is offered in part as an alternative to SELinux, which critics conside ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mac Operating Systems
Mac operating systems were developed by Apple Inc. in a succession of two major series. In 1984, Apple debuted the operating system that is now known as the classic Mac OS with its release of the System 1, original Macintosh System Software. The system, rebranded Mac OS in 1997, was pre-installed on every Macintosh until 2002 and offered on Macintosh clones shortly in the 1990s. It was noted for its ease of use, and also criticized for its lack of modern technologies compared to its competitors. The current Mac operating system is macOS, originally named Mac OS X until 2012 and then OS X until 2016. It was developed between 1997 and 2001 after Apple's purchase of NeXT. It brought an entirely new architecture based on NeXTSTEP, a Unix system, that eliminated many of the technical challenges that the classic Mac OS faced, such as problems with memory management. The current macOS is pre-installed with every Mac and receives a major update annually. It is the basis of Apple's curre ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sandbox (computer Security)
In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The sandbox metaphor derives from the concept of a child's sandbox—a play area where children can build, destroy, and experiment without causing any real-world damage. It is often used to kill untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted. In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
System Call
In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive or accessing the device's camera), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system. In most systems, system calls can only be made from userspace processes, while in some systems, OS/360 and successors for example, privileged system code also issues system calls. For embedded systems, system calls typically do not change the privilege mode of the CPU. Privileges The architecture of most modern processors, with the exception of some embedded systems, involves a security model. For example, the '' rings'' model specifies multiple privilege levels under which software may be e ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
