Firewall pinhole

Firewall pinhole

In computer networking, the term firewall pinhole is used to describe a port that is opened through a firewall to allow a particular application to gain controlled access to the protected network.

Leaving open gaps in a firewall exposes the protected system to malicious abuse. Obviously, a fully closed firewall would prevent applications from accessing information on the other side of the firewall. Thus, it is necessary to carefully open holes in firewalls that are very small and restricted (hence the term "pinhole"). For best protection, the mechanism for opening the pinhole in the firewall must implement some form of validation and security that will protect the system behind the firewall.

For firewalls performing a network address translation (NAT) function, the mapping between the "{external address, external port}" tuple and the "{internal address, internal port}" tuple is often called a pinhole.

Pinholes can be created manually or programmatically. They can be temporary (created dynamically for a specific duration such as for a dynamic connection) or permanent (such as for signalling functions).

Firewalls sometimes automatically close pinholes after a period of time (typically a few minutes) to minimize the security exposure. Applications that require a pinhole to be kept open often need to generate artificial traffic through the pinhole in order to cause the firewall to restart its timer.

ee also

*NAT hole punching
*UPnP


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Pinhole — A pinhole is a small hole in the surface or interior of a material. Pinhole can also mean:*Pinhole (band), a rock band from Liverpool, England, later to become The Dead 60s * Pinhole camera, a camera that uses a pinhole to form an image instead… …   Wikipedia

  • Firewall (computing) — This article is about the network security device. For other uses, see Firewall. An illustration of where a firewall would be located in a network …   Wikipedia

  • Firewall — A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all… …   Wikipedia

  • Application-level gateway — In the context of computer networking, an application level gateway [RFC 2663 ALG: official definition (refer section 2.9)] (also known as ALG or application layer gateway) consists of a security component that augments a firewall or NAT employed …   Wikipedia

  • Hole punching — is a computer networking technique for establishing communications between two parties in separate organizations who are both behind restrictive firewalls. Used for applications such as online gaming, P2P and VoIP, both clients establish a… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”