Structure

• The purpose of a firewall is to keep your computer isolated from incoming network traffic until a connection is deemed safe. There are multiple options for structuring a firewall to achieve this task, including a screened host, subnetwork or multi-homed host. In screened hosting, incoming traffic is directed to an external defensive wall, known as a bastion host, instead of connecting directly to your computer's internal host. Subnetworks operate on a similar principle, erecting a separate perimeter network around the bastion host that engages with other computers. A multi-homed host involves two or more network interfaces that simultaneously interact with the firewall. The interfaces are labeled trusted or un-trusted, and external connections are not allowed to communicate with the trusted network environment.
  
  

Function

• An effective firewall uses varying levels of security to block Internet threats. Packet filtering is the most basic function of a firewall. Computers communicate by transferring small packets of data that are assessed by the firewall based on the IP address and protocol, or its digital language. Higher levels of security require evaluation of the traffic's destination, user authentication, passwords and other details. An advanced firewall can screen your computer's identity from external connections, while limiting access to your system even when another user is authenticated. A computer's administrator also has the authority to apply settings that allow traffic from specific sites and users that are considered trustworthy.
  
  

Limitations

• The knowledge that firewalls have major limitations leads many users to believe that they are not useful. Firewalls are sensitive to incoming traffic that doesn't meet its definition of a safe connection, but viruses and spyware are frequently hidden in files, emails or downloads that require manual authentication by the user. Hacking techniques such as IP spoofing are also able to circumvent the firewall to gain access to your computer. Firewalls are meant to work in conjunction with anti-virus software and other security features to cover any weaknesses in your system. As with any security team, the firewall can't identify every threat, but it significantly reduces the amount of harmful data that is able to reach the next level of security.
  
  

Considerations

• Firewalls are a built-in component of Windows and Macintosh computers, so enabling it requires no additional cost or installation. Many network routers and anti-virus programs also include firewalls, but you can purchase additional software from a third-party if desired. A firewall may slow down network processing at times as it assesses a heavy load of traffic, but there are few or no disadvantages to using it. It not only protects your computer, but prevents worms in your system from reaching other users on your network. Microsoft Windows recommends maintaining a firewall that blocks all inbound connections at all times, except for connections allowed specifically by the user. If you prefer not to use the built-in firewall on your computer, it is beneficial to install another firewall with an equivalent level of protection.