Firewalls are hardware or software used to filter traffic between networks. Often it is used to control traffic from the internet to the organisation's network, but this need not be the case.
The firewall can be configured to deny all with exceptions or accept all with exceptions. The former is the most secure, but bear in mind the costs associated with checking false negatives. The objectives of the firewall ought to be documented. These might include ;
- Rules about no services being run on the firewall other than those required to provide firewall services
- What may or may not be allowed to cross the firewall.
Public services should be placed on the outside of the firewall to prevent denial of service threats affecting the internal network.
Behind the firewall a demilitarised zone can be created. In this zone, the types of software tools operating may include the following;
- Hostile applet scare
- Authentication software for users trying to access the LAN remotely or from the internet.
- Net nanny
- Virus scanner
Another alternative way of controlling traffic from the internet is to have an air gap in which just one computer is connected to the internet. Items are screened there, before being transmitted via a mobile device to computers on the internal network. This does have the disadvantage of being slower.