An example of a security feature is a firewall, which is a device or set of devices designed to permit or deny network transmissions based upon a set of rules, and it is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. Other examples of security functions include storing and protecting sensitive material such as cryptographic keys, and the enforcement of white lists. A safety manager is a device that monitors a process, and shuts down that process if the parameters, variables, or output of the process strays into an unsafe condition.
Regarding firewalls, a traditional perimeter firewall normally takes a generalist, common denominator approach to protecting servers on the network. During the early years of the Internet, a perimeter firewall provided organizations with a reasonable level of protection from external attack. However, the age of mobile devices (Laptops, iPads, smart phones, etc.) has given rise to several issues. Employees frequently carry their computing devices outside of the corporate network (literally carrying them past the perimeter firewall), access networks from outside the corporate perimeter firewall, carry their devices back inside the perimeter firewall, and then plug them into the corporate network. This movement of devices outside of the perimeter firewall exposes the organization to risk because a compromised device can be brought back inside the enterprise network. This type of security model is often referred to as a hard crunchy outside with a soft chewy inside. Once inside the perimeter firewall, the attackers have access to a vast set of resources.
In response to such a security issue, distributed firewalls were proposed and developed. A distributed firewall can be deployed behind a traditional perimeter firewall, thereby providing a second layer of defense. Whereas a perimeter firewall takes a generalist approach, a distributed firewall can serve as a specialist. Additionally, a distributed firewall, like a perimeter firewall, protects an enterprise network's servers and end-user machines against unwanted intrusion. A distributed firewall is a host-resident security software application, and it offers the advantage of filtering traffic from both the Internet and the internal network, thereby preventing hacking attacks that originate from both the Internet and the internal network. This can be important because the attacks that originate from within an organization may be the most costly and destructive.
Distributed firewalls are very much like perimeter firewalls, except that they offer several important advantages like central management, logging, and in some cases, access-control granularity. The ability of a distributed firewall to gather reports and maintain updates centrally makes distributed security practical. Distributed firewalls can assist to accomplish this in at least two ways. First, remote end-user machines can be secured. Second, critical servers on the network can be secured, thereby preventing intrusion by malicious code and “jailing” other such code by not letting the protected server be used as a launch pad for expanded attacks.