Firewall

A firewall is a piece of hardware or software that sits between two networks for security purposes. Typically, an organization might have its own computers linked in an Internet-like network called an intranet. A firewall is placed between this intranet and the Internet to prevent unauthorized users from gaining access to all the resources of the intranet. If you communicate with the Internet through a firewall, you must configure your Web browser to request Web pages from the firewalls proxy server, the program that filters packets of information between the intranet and the Internet. Ask your intranet or LAN administrator for instructions.

A firewall can serve the following functions:

• Limit Internet access to E-mail only, so that no other types of information can pass between the intranet and the Internet.
• Control who can telnet into your intranet (a method of logging in remotely).
• Limit what other kinds of traffic can pass between your intranet and the Internet etc.

A firewall can be simple or complex, depending on how specifically you want to control your Internet traffic. A simple firewall might require only that you configure the software in the router that connects your intranet to your ISP. A more complex firewall might be a computer running UNIX and specialized software. Firewall systems fall into two categories, network-level and application-level.

Network-Level Firewalls
These firewalls examine only the headers of each packet of information passing to or from the Internet. The firewall accepts or rejects packets based on the packets sender, receiver, and port. (Each Internet service, such as e-mail or the Web, has a different port number.) For example, the firewall might allow e-mail and Web packets to and from any computer on the intranet, but allow telnet (remote login) packets to and from only selected computers.

Application-Level Firewalls
These firewalls handle packets for each Internet service separately, usually by running a program called a proxy server, which accepts e-mail, Web, chat, newsgroup, and other packets from computers on the intranet, strips off the information that identifies the source of the packet, and passes it along to the Internet (or vice versa). When the replies return, the proxy server passes the replies back to the computer that sent the original message. To the rest of the Internet, all packets appear to be from the proxy server, so no information leaks out about the individual computers on your intranet. You can configure your proxy server to limit access to Internet services; for example, you can permit outbound telnet packets, so that your users can use telnet to log in to other computers, but refuse inbound telnet packets, so that no one on the Internet can log in to your intranets computers. A proxy server can also log all the packets that pass by, so that you have a record of who has access to your intranet from the Internet, and vice versa.