The FirewallWHAT IS A NETWORK FIREWALL? A firewall is a system or group of systems that applies an access control policy between two or more networks. The means by which this control is accomplished varies widely, but in principle the firewall consists of a pair of mechanisms, one that blocks traffic and the other that allows it. Some firewalls emphasize blocking traffic, while others emphasize allowing traffic. The most important thing to recognize about a firewall is that it implements an access control policy. If you don't know what kind of access you want to allow or deny, or you let someone else or some product configure a firewall based on a different judgment than yours, that entity is setting policy for the entire organization. WHY DO I WANT A FIREWALL? The Internet is a fun little playground and at the same time a hostile environment. Like any other society, it is plagued by the kind of people who enjoy the electronic equivalent of writing on other people's walls with spray paint, ripping up their mailbox, or just sitting in the street honking their horns. Some people do their work over the Internet, while others need to protect sensitive or proprietary data. Typically, the purpose of a firewall is to keep intruders off your network while allowing you to do your job. Many traditional companies and data centers have cybersecurity policies and practices that users must follow. If a company's policies dictate how to protect data, a firewall is very important because it embodies company policy. Often, the hardest part of connecting a large company to the Internet is not justifying the expense or effort, but rather convincing management that it is safe to do so. A firewall not only provides real security, but also plays an important role as a security cover for management. Finally, a firewall can act as a corporate ambassador to the Internet. Many companies use their firewall systems to store public information about company products and services, files for download, bug fixes, and so on. Many of these systems (such as uunet.uu.net, whitehouse.gov, gatekeeper.dec.com) have become important parts of the Internet service structure and reflect well on their organizational sponsors. WHAT CAN A FIREWALL PROTECT FROM? Some firewalls only allow email traffic, thus protecting the network from attacks from...half of paper......that crash, crash, or flood it. Denial of service is impossible to prevent due to the distributed nature of the network: each node in the network is connected via other networks, which in turn connect to other networks. A firewall administrator or ISP has control over only some of the local elements at hand. An attacker can always sever an "upstream" connection from where the victim controls it. In other words, someone who wants to take a network out of the air can take the network out of the air directly, or take out of the air the network it connects to, or the network that connects to that network out of the air, ad infinitum. Hackers can deny service in many ways, from complex to brute force. If you are planning on using the Internet for an absolutely time- or mission-critical service, you should consider your backup location in case the network is down or damaged. Microsoft has released hotfixes that address some types of denial of service attacks such as SYN Flooding and giant Ping packets. Be sure to check out new Service Packs regularly, as they offer new security improvements that you should include in your systems.