A firewall does a similar job to a physical firewall found in buildings, hence the name. The firewall is made up of hardware and software that control the flow of data between the internal network and external network. All data that leaves the network can also be checked, just like the data that comes in.

Firewalls are usually used by companies. After all, it is particularly important to businesses that they do not have computers connected to the Internet without protection. By using a firewall, companies do not have to protect every single PC, just the computers and servers that are directly connected to the external network. These computers are configured in such a way that they can monitor the data passing through them. The firewall uses the computer's IP address, for example, to check whether the data packet attempting to enter the network has the authorisation to do so. The firewall administrator creates lists of allowed senders (addresses) for this purpose. Only data from these senders is permitted to pass through the wall.

Personal Firewall

In principle, the firewalls described above and the slimmed-down personal firewalls intended for private users do not have much in common. With a standard firewall, certain specific computers protect a large number of other computers, whereas with a personal firewall, a PC attempts to protect itself. As the name suggests, a personal firewall runs on a personal computer.

Its job, just like a standard firewall, is to protect the computer against attacks from the outside and stop certain programs such as spyware from connecting to the Internet from the computer. It does this by monitoring all connections with other networks and checking both requests sent to the Internet and data received by the computer.

A personal firewall will usually have the following functionalities:

• Packet filter: this monitors whether the data in the incoming and outgoing packets complies with the rules defined by the user.
• Sandboxing: in this scenario, individual programs are 'caged' within a restricted environment. Programs are executed inside this implemented protection area. If any of these programs contain malware, they cannot do any damage because they are insulated from the rest of the system and so do not affect it.

Firewall configuration

As with any program, the question of how you configure the firewall when you install it is crucial.

• Define your filter rules in such a way that only access that is really necessary is permitted.
• Review the settings regularly.
• Ports that are not needed must be blocked.
• The latest virus scanner should always be installed and used.
• Patches should be applied immediately after the disclosure of vulnerabilities.
• Security-relevant events should be logged and evaluated.

In order to understand the warnings issued by your firewall, you should know about the meaning of IP addresses and host/computer names as well as about the reported ports.

Some personal firewalls offer the option of a self-learning configuration. Any application that requires a specific connection for the first time is initially prevented and the personal firewall asks the user whether the connection should be allowed. This gradually builds up a set of rules. This configuration has the advantage of being reasonably understandable, even for those who are not technical experts. The disadvantage, however, is that security-critical misconfigurations can happen quickly this way.

In addition, you should pay attention to the correct configuration of the web browser, the mail client, the operating system and the applications. To understand the warnings given by your firewall, you need to know about the meaning of Internet Protocol (IP) addresses and host/computer names as well as the reports or warnings about Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) ports.

The following applies in general: IT security cannot be achieved by a single software program; it is only ever possible by combining a range of techniques.

Proxy server

'Proxy server' is another term you will often come across in this context. This can be part of a firewall. Actually, a proxy server (e.g. for the world wide web) is a computer that caches web pages which web users frequently request. When a user selects a web page, the proxy server checks whether it already has access to the required data. If it does, the user just receives a 'copy' of the web page, which can be transferred faster than the 'original' page. However, if the proxy server does not yet have access to the data, it loads the page in question, saves it (in its cache) and sends it to the user.

The user will not normally notice where the data has come from. Although a proxy server's usual aim is simply to speed up access to the requested pages, in a firewall configuration it monitors whether the data being transferred is as it should be too. It is also possible to stop certain things being transferred. Active content in web pages, for example, can be blocked by the firewall.