Firewall pinhole

In computer networking, a firewall pinhole is a port that is not protected by a firewall to allow a particular application to gain access to a service on a host in the network protected by the firewall.

Leaving ports open in firewall configurations exposes the protected system to potentially malicious abuse. A fully closed firewall prevents applications from accessing services on the other side of the firewall. For protection, the mechanism for opening a pinhole in the firewall should implement user validation and authorization.

For firewalls performing a network address translation (NAT) function, the mapping between the external {IP address, port} socket and the internal {IP address, port} socket is often called a pinhole.

Pinholes can be created manually or programmatically. They can be temporary, created dynamically for a specific duration such as for a dynamic connection, or permanent, such as for signaling functions.

Firewalls sometimes automatically close pinholes after a period of time (typically a few minutes) to minimize the security exposure. Applications that require a pinhole to be kept open often need to generate artificial traffic through the pinhole in order to cause the firewall to restart its timer.

See also

This article is issued from Wikipedia - version of the 10/21/2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.