IT Security

In building structural terms, a firewall is designed to resist the passage of something undesirable, i.e., a fire, from one side to the other. In technology, a network firewall serves a similar purpose. A network firewall is a network device that is designed to resist the passage of undesirable network traffic from one side to another. Unlike building firewalls, network firewalls actually can have many "sides" and can protect devices on any one side from those on any other side.

• A network-based firewall is a dedicated piece of hardware and software installed on a network to protect a number of computer servers and/or workstations.
• A personal firewall is a piece of software that resides on an individual workstation primarily to protect that workstation.

While the two types of firewalls perform similar functions, this discussion will focus on network-based firewalls which are functionally more robust than personal firewalls.

• A perimeter firewall is placed at the point at which the campus network connects to outside entities, such as the Internet, private leased lines to other institutions and businesses, etc. The purpose of a perimeter firewall is to control the network traffic between off-campus devices and those on-campus.
• An interior firewall is positioned within the campus network to control network traffic between the general campus population and specific groups of devices (e.g., institutional servers, devices associated with a specific department, etc.).

Whenever a firewall is placed between groups of devices, every piece of network traffic between any device on any one side of the firewall and one on any other side must pass through and be analyzed by the firewall. If the firewall fails, all traffic between devices on opposite sides of the firewall is interrupted. Therefore, when implementing a firewall, it is important to consider network performance and to plan how you will restore network connectivity in case of a firewall failure.