The primary function of a firewall is to prevent network computers from accessing a computer located behind the firewall. A network consists of wires, connectors, computer interface boards and communication software which tie computers together forming a network of interconnected PCs. The network can be a Local Area Network (LAN) which consists of several computers connected together within the same home or business place. Or a network can be a Wide Area Network (WAN) which is the internet itself consisting of millions of computers all connected together and capable of sharing information.

A firewall can be either a software program or a hardware device such as a router. The difference between the two of course is features and capabilities. But before describing any capabilities, first understand the two jobs a firewall does for a network.

Job 1 - As mentioned, is to prevent other computers from accessing your computer. A computer is capable of communication in two directions the second it is connected to a network. This can be your local home network or the internet network. By plugging into a network, you allow anyone to access your computer unless passwords and access rights have been properly set up. But there is always room left for hackers who enjoy the challenge of figuring out how to get in.

Job 2 - Is to prevent some programs which are installed in your computer from having access to the network particularly other computers or the internet. So why are there programs in your PC which you wouldn’t want to have access the internet? There are many off the shelf programs purchased which access the internet to automatically send user information back to the manufacturer. Example: a large printer manufacturer implants spyware in their printer driver for the purpose of collecting usage statistics for marketing. You need to use the driver to print but it really doesn’t require internet access to function. A firewall program can scan all installed applications to find those with internet access capabilities and allow you to set their access rights to the internet.

A software firewall can perform these two job functions as it has the ability to control network communications in both directions. Software firewalls can also be set up so only specific computers within a local network will be allowed to access the computer running the firewall and then must still enter a user name and password for final access. And as mentioned, software firewalls can scan all programs installed in a computer and can be set up to allow only specific programs to access the network or the internet and how they can access it.

A hardware firewall typically comes in the form of a router and offers the best protection from the internet when using a cable or DSL service. This is because routers perform what is called “Network Address Translation” (NAT). When a PC is connected to a cable modem, the PC is issued an Internet Protocol (IP) address by the public Internet Service Provider (ISP) or cable company. Your PC's IP address is public and hackers can find it and explore your PC for vulnerabilities. Even if you have all the latest Microsoft security updates!! By placing a router between the cable modem and the PC, the router takes on the public IP address and issues a different IP address to the PC. Now the hacker is stuck with trying to attack a dumb box which has no software or data to hack. Your PC's IP address is hidden from view thus a hacker can't find the IP address to attack! Some more advanced routers also have the capability of examining passing data packets and deleting those which contain undesirable code before it reaches your PC. This technology still has a long way to go unfortunately.