
Firewalls, Routers and VPNs
A firewall is a hardware/software "device" designed to secure a computer or network from unauthorized access from an outside network.
A firewall prevents "outsiders" from entering your network by blocking certain types of communications whilst still allowing your contact with the outside world eg. web sites, email etc.
Windows XP SP2 has a good built-in firewall which should be switched ON if you have no other devices performing this function. There are also other software firewall packages available, both commercial and freeware.
Most firewalls can be configured to block specific addresses and ports (a channel on which a program "listens"). Some firewalls can even be configured to allow virtual private networks (VPN) to operate or permit a server for web and email to be visible in a demilitarised zone (DMZ).
A router is a device that provides a path from one network to another - in most cases, your LAN to the internet and back again. Most routers provide insulation from the outside world by performing Network Address Translation (NAT). This process involves taking the IP address of a packet of data from an internal PC and "substituting" it with it's own IP address whilst adding some tracking data of it's own. When the response comes back from the server that was the target of the communication, the router "knows" which PC originated the request and applies the IP address back to the data packet. The originating PC picks this data up as if it had direct contact with the server.
For those users with a router between your internet connection and your PC, you will have very good protection because of Network Address Translation (NAT) that is on most routers. The outside world will only "see" one IP address (that of your router) whilst your PC's IP address will not be visible. In this case, the router IS the firewall.
Extra protection can be gained by using a VPN (Virtual Private Network) connection between the PC and the network with which you wish to connect. Be careful, some older routers do not support this very well, if at all. VPN software must be in place at both "ends" of the communication. This software permits a secure connection with a network across the internet.
Go back to Previous Page