Firewalls

While strictly an extension of the network elements section, firewalls are divergent enough to warrant their own discussion. The first thing to establish is that a firewall is more of an idea than it is a single device. Many network administrators, when asked to display their firewall, will proudly point to a box of some sort with a bunch of network interfaces on it and say, “That there is our firewall.” It would be more accurate to say, “That there is a box that is part of our firewall.” Being more than a semantic issue, a firewall is the sum total of devices that are used to protect an inside network from an outside network. Most companies have at least two pieces of hardware that serve as their firewall — an access router and a hardened bastion host that acts as a filter of some sort upon data. A company could also include a proxy server or mail relay/attachment scanning station as part of its firewall. In the end, the firewall is everything that a company uses to protect the “inside” from the “outside.” This distinction drives the configuration options of most firewalls, as rules can be independently configured for both traffic passing from the inside to the outside and vice versa.