What is a Firewall?
When builders started to build houses in terraces or as semi-detached, there was always the possible problem of a fire in one house moving to the next house and the rest of the terrace via the roof space. To prevent this dividing wall between the houses is taken to the top of the roof, and is generally made of more substantial brick. This wall is called the Firewall, and cannot be tampered with in any way.

What does a firewall do?
An Internet firewall examines all traffic routed between your network and the Internet to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A network firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

What is the best firewall for me, and how can it improve Internet security?
The Internet has made large amounts of information available to the average computer user in business, in education and at home. For many people, having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world and raises serious Internet security questions. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both corporate networks and individual computers from hostile intrusion from the Internet, but must be understood to be used correctly. This document is intended to help you achieve this understanding, and to help you choose the best firewall for your needs.

Who needs firewall protection?
Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial-up users who have been victims of malicious attacks and who have lost days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.

What different types of firewalls are there?
Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls are usually part of a router firewall. A router is a device that receives packets from one network and forwards them to another. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it, or send a message to the originator. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
Circuit level gateways monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer.
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.