Network Sales and Services Handbook (Cisco Press Networking Technology)

A firewall is a system controlling network traffic flow between a local area network (LAN) and a public network like the Internet (see Figure 15-3).

Firewalls enforce the security policy of a particular network site and can provide a more efficient method of securing hosts on a network than securing each host individually. On networks protected by a firewall, each host does not need to be 100 percent secure because the firewall makes access to those hosts from outside nearly impossible.

Firewalls can prevent unwanted traffic generated by unsuccessful attacks against the network to which the firewall is protecting. In addition to protecting network resources from attackers, firewalls can log Internet traffic, eavesdrop on communication (as appropriate or necessary), and create virtual private network (VPN) connections.

Firewalls cannot protect against viruses, prevent attacks occurring from within the network, or protect against undiscovered threats. Firewalls can prevent and protect against only known threats. An attacker can discover a new threat, such as a bug in a server program, and exploit the bug to attach the system.