Network Security:
Network security is a big issue today, as schools, businesses, and corporations are all getting online. The key problem is not getting online, but protecting data once it is online. This means that if John Doe is working on the computer in his corporation's network and needs to go online, he would get online through the network. If there were no protection, anyone could access John's files on his computer while he is on the Internet. This is why the use of firewalls and encryption is essential to protect against viruses and unauthenticated logins. But the best kind of protection against data loss and corruption is common sense.
Firewalls consist of a system or group of systems that enforce access control between two networks. The way that this is achieved varies, but a firewall can be thought of as a pair of devices: one to block traffic, and the other to permit. Some firewalls place a greater importance on blocking traffic, while others emphasize permitting. Probably the most important thing to know about a firewall is that it implements an access control policy.
Why do you need a firewall?
The Internet, like any other society, is full of people who enjoy the electronic equivalent of graffiti, smashing mailboxes, or sitting in the street blaring their car stereos. Some people try to get real work done over the Internet, and have sensitive or exclusive data they must protect. Usually, a firewall's purpose is to keep those types of people out of your network while still letting you get your job done.
Company policies may vary when it comes to mandating how their data is protected. Whatever policy a company has in place, a firewall is very important, since this data is the embodiment of the corporation. Often, the hardest part of connecting to the Internet in a large company is not justifying the expense or effort, but convincing the company that it's safe to do so.
How can a firewall protect me?
Some firewalls permit only e-mail traffic through them, therefore protecting the network from any attacks not related to the e-mail service. Other firewalls provide fewer protections and block services that are known to be problems.
Generally, firewalls are configured to protect against unauthenticated interactive logins from the "outside" world. This, more than anything, helps prevent unauthorized persons from logging into machines on your network. More complex firewalls block traffic from the outside, but permit users on the inside to communicate unhindered with the outside. The firewall can protect you against any type of network-borne attack.
Firewalls are also important since they can provide a single "choke point" from which security can be imposed. Unlike a situation where a computer system is being attacked by someone dialing in with a modem, the firewall can act as an effective "phone tap" and tracing tool. Firewalls provide an important logging function; often they provide summaries to the administrator about the kinds and volume of traffic that have passed through the firewall, how many attempts there were to break into it, etc.
What can't a firewall protect me against?
Firewalls can't protect against attacks that don't go through the firewall. Many corporations that connect to the Internet are very concerned about important data leaking out of the company that way. Unfortunately, a magnetic tape can just as effectively be used to export data. Many organizations that are terrified of Internet connections have no coherent policy about how dial-in access via modems should be protected. It's silly to build a 6-foot thick steel door when you live in a wooden house, but there are a lot of corporations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. For a firewall to work, it must be a part of a larger and comprehensive organizational security setup. Firewall policies must be realistic and handle the level of security needed in the entire network. For example, a site with top-secret or classified data does not need a firewall at all: with classified information like that, the company should not be hooking up to the Internet in the first place, or the systems with the secret data should be isolated from the rest of the network.