Firewall Basics

While once strictly the domain of UNIX geeks and enterprise network administrators, almost all PC users today have at least heard of a firewall. At the most basic level, a firewall is a hardware device or software application that allows you to control the types of network traffic that travel into and out of a network. For example, a company might configure their firewall to allow internal users to connect to Web and FTP servers on the Internet, but block them from connecting to other services like MSN or Yahoo Messenger. In large companies, a firewall is typically a dedicated hardware device capable of handling anywhere from hundreds to thousands of simultaneous connections. For home users, firewall-type functionality is typically built into home Internet-sharing routers, or implemented using software such as ZoneAlarm. Windows XP also includes a dedicated software firewall in the form of its Windows Firewall feature.

The most common reason for implementing a firewall is to block external users from accessing systems on your internal network. The default configuration of most home firewall hardware and software allows all traffic that originates internally to access the Internet, but blocks all requests from external users by default. This is simply the most logical default configuration, especially for new users – it keeps the bad guys out, while allowing internal users to access Internet resources without issue. In some cases you may want to allow Internet users to connect to an internal system, such as an FTP or game server – we’ll explore how to address that need in a future article.

When implementing a home network that has any Internet connection (such as DSL, or even dial-up), a firewall should be considered mandatory, not optional. All internal network systems should be located “behind” the firewall. If you share an Internet connection through a device like a Linksys router, the router would act as your firewall. If you’re sharing an Internet connection with a Windows feature like Internet Connection Sharing (ICS), then the system running ICS should be configured with firewall software.

It’s one thing to have a firewall, and quite another to ensure it is functioning correctly. Almost all hardware and software firewalls (including ICF) support a “logging” function. This is usually disabled by default, but enabling it is a good idea – it will provide you with information about all external users who have attempted to connect to your network in a file called C:\Windows\pfirewall.log by default. Programs like ZoneAlarm can also be configured to display an on-screen message any time an external user attempts to connect to the firewall system.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.