With the rapid growth of interest in the Internet and network security has become a major concern to companies throughout the world. The fact that the information and tools needed to penetrate the security of corporate networks are widely available has only increased that concern. Basically, a firewall, working closely with a router program, filters all network packets to determine whether to forward them toward their destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.

Firewall
A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. The following list introduces five common methods of attack that present opportunities to compromise the information on your network:, network packet sniffers, IP spoofing, password attacks, distribution of sensitive internal information to, external sources, and man-in-the-middle attacks.

Netscreen Firewalls
NetScreen offers a new class of network products for the network security market. Defined as a Next Generation Security Solution, NetScreen offers the first solution that combines firewall, VPN and traffic management functionality on a single dedicated-hardware platform. The NetScreen acts as a bridge between networked client servers, PCs and industry-standard routers in corporate LAN environments.

What a firewall should have

1. The firewall should be able to support a ``deny all services except those specifically permitted'' design policy, even if that is not the policy used.
2. The firewall should support your security policy, not impose one.
3. The firewall should be flexible; it should be able to accommodate new services and needs if the security policy of the organization changes.
4. The firewall should contain advanced authentication measures or should contain the hooks for installing advanced authentication measures.
5. The firewall should employ filtering techniques to permit or deny services to specified host systems as needed. The IP filtering language should be flexible, user-friendly to program, and should filter on as many attributes as possible, including source and destination IP address, protocol type, source and destination TCP/UDP port, and inbound and outbound interface.
6. The firewall should use proxy services for services such as FTP and TELNET, so that advanced authentication measures can be employed and centralized at the firewall. If services such as NNTP, X, http, or gopher are required, the firewall should contain the corresponding proxy services.
7. The firewall should contain the ability to centralize SMTP access, to reduce direct SMTP connections between site and remote systems. This results in centralized handling of site e-mail.
8. The firewall should accommodate public access to the site, such that public information servers can be protected by the firewall but can be segregated from site systems that do not require the public access. The firewall should contain the ability to concentrate and filter dial-in access.
9. The firewall should contain mechanisms for logging traffic and suspicious activity, and should contain mechanisms for log reduction so that logs are readable and understandable. If the firewall requires an operating system such as UNIX, a secured version of the operating system should be part of the firewall, with other security tools as necessary to ensure firewall host integrity. The operating system should have all patches installed.
10. The firewall should be developed in a manner that its strength and correctness is verifiable. It should be simple in design so that it can be understood and maintained.
11. The firewall and any corresponding operating system should be updated with patches and other bug fixes in a timely manner.