I REMEMBER being in a communications class at a college many years ago, and one of the assignments involved researching and investigating something that was outside of the scope of the class, so that the individual could attempt to communicate and inform an audience in their own words what this thing was. Someone was given a computing "firewall".  They described it, among other things, as being "like a wall of fire around your computer that keeps intruders out".  It painted an interesting picture, but wasn't entirely accurate.

The expression originates from firewalls used in the construction of buildings. These strategically placed barriers would, in the event of a blaze, provide limited containment that absorbed the heat and slowing the spread allowing critical time to evacuate and/or bring the situation under control.

Five hundred years on however, times have changed. In this changed world, not only are we living on the moon, eating space food and travelling to work in a pneumatic tube, but the expression "firewall" has also evolved a very different meaning. In its new IT context, not completely removed from its roots, it still describes a constructive and designed precaution in the construction of computer networks whereby areas of the network are sectioned with virtual barriers that can contain potentially damaging elements should they intrude or occur.

Their purposes are not only to keep bad things out, but also contain any bad things that might manage to sneak in, providing damage control. Before we look at how they do this, let's have a quick look at how networks operate.

Networking works on a basis of inbound and outbound connections. If you wish to retrieve something from somewhere, you must make an outbound connection from your computer to theirs. This occurs everytime you open a website, this one included. Your computer requests the data it wants, and the server sends it. Conversely, if you are running a server of some sort yourself, people will make inbound connections to you in order to retrieve whatever it is that you're sharing.

When data travels over a network, it functions in a similar fashion to an envelope through the postal system.  It has a destination address, a sender address, an indication of what its purpose is, and of course... the content/letter inside it. The data travels between network nodes the same as letters do with post offices. Generally speaking, any time the data moves from one network to another, in or out, it will be (should be) greeted at the door by a firewall. Think of it in this sense as a security guard.

There are two kinds of firewall in common usage: hardware and software. A hardware firewall is a plastic box with lights on it, cables going into it, heat and sweat coming out of it. The purpose of the firewall is to compare the data attempting to move through it to a set of rules that will determine if it is allowed to proceed, or if it will be blocked. A software firewall is a program on the receiver's computer that does ultimately the same thing, but runs only on that computer.

The firewall may check the source address, the destination address, the time of day, the quantity of data, what the data is for, if it's inbound or outbound... or all of the above. Depending on what is or is not allowed, it will allow it, disallow it, record that it happened, send an e-mail to the administrator, generate some kind of alert... or any number of other things.  It's all about control of what happens on the network.

Hardware firewalls are the prefered option in most cases, as they are completely independent of any computer.  They cannot be deactivated by a virus, compromised by malware, or accidentally switched off/uninstalled.  All computers that are behind the hardware firewall will all be equally protected by it.

What does all of this mean to you, the user?  Let's say... a particularly nasty user on the internet is wielding a malicious "hacking" tool like a child with a potato gun, and has decided to try and send some bits and bytes of trouble your way. Normally, this could be a problem. In this instance however, you're stting behind a firewall and it's set to automatically reject all inbound connections... in short, he's wasting his time. The firewall will simply disallow and drop the data, unconditionally because that's what the rule says, and your computer will never even know it happened. In fact, even if you were to deliberately install a Trojan horse virus onto your computer, which normally will covertly install a server on to your computer open to connections from people that want to remote control you, the firewall would block them from reaching it, neutralising what would normally be a serious concern.

As the firewall is a completely separate device, it's Untouchable. They send one of yours a virus, the firewall sends one of theirs to the Recycle Bin.  That's the Chicago way!

In terms of security, the benefits that this offers are incalculable. In a home user setting, other than the aforementioned examples, you and your computers are effectively unreachable from the internet. Your average business could blacklist certain undesirable websites, or even whitelist certain websites and block the rest.  During office hours, perhaps everything is blocked.

You're probably wondering now... where can I get one?  Well, good news: You probably already have one.  The integrated wireless router that your internet provider gave you when you joined contains a firewall that is fit for the purpose and needs of most home and small business users.  Unless you've configured it otherwise, it will be set to reject any inbound connections originating from the internet, only allowing the unrestricted outbound connections that you need to conduct your daily browsing/email/et al. Anyone who tries to pass through your firewall to anything on your local network will instead find a brick wall.

This brings me (eventually) to the main point... my suggestion for your (the home user's) configuration. Norton Internet Security. McAfee Internet Security. Other Random Internet Security. Completely ignore them. Don't pay for them. These applications function as software firewalls. They offer the benefits that software firewalls offer, even to those who do not have a hardware firewall, but what they fail to mention is that Windows has its own firewall built in and enabled by default. It doesn't announce itself on startup, it doesn't have an icon in the taskbar, it doesn't pester you with pop-up windows... so it's easy to think that it isn't there. It's basic, it is however completely adequete for your typical internet user. Especially if you have a hardware router, since it will be doing all of the work anyway.

If you want to see your Windows Firewall running, go into Windows Help and search for "firewall". One of the results will take you straight to the relevant Control Panel entry to view it.

Those of you who have an integrated wireless router... look at it lovingly. It's been doing all this work for you, and you didn't even know it.