To connect to the Internet is to be under attack. Whether you're connected via a corporate network, via your home network, or via an ISP, hackers and others are constantly probing your system for vulnerabilities.
The most vulnerable are corporate networks and individuals who connect via high-speed connections such as with cable or DSL modems. Corporate networks have vast amounts of data and resources and are therefore big targets. They also have lots of bandwidth, which hackers can use to launch attacks against others. Cable modem and DSL users are targets because they have a lot of bandwidth as well.
Corporations and individuals can protect themselves in a number of ways, however. One of the most common ways is by using firewalls. There are two primary kinds of firewalls: personal firewalls and corporate firewalls. A personal firewall is an inexpensive or free piece of software, such as ZoneAlarm or Norton Personal Firewall, that protects computers from attack. Windows includes a free firewall as well. It's less effective than other personal firewalls, although the firewall built in to the newest version of WindowsVistais effective.
Corporate firewalls are much more sophisticated than personal firewalls. There are hardware and software combinations that are built using routers, servers, and a variety of software. They sit at the most vulnerable point between a corporate network and the Internet and can be as simple or as complex as system administrators want to build them.
One of the simplest kinds of firewalls utilizes packet filtering. In packet filtering, a screening router examines the header of every packet of data traveling between the Internet and the corporate network. Packet headers have information in them, such as the IP address of the sender and receiver, the protocol being used to send the packet, and other similar information. Based on that information, the router knows what kind of Internet servicesuch as FTP or rloginis being used to send the data, as well as the identities of the sender and receiver of the data. (The command rlogin is similar to Telnet, which enables someone to log in to a computer. It can be dangerous because it enables users to bypass having to type in a password.) After this information is determined, the router can bar certain packets from being sent between the Internet and the corporate network. For example, the router could block any traffic except for email. Additionally, it could block traffic to and from suspicious destinations or from certain users.
Proxy servers are also commonly used in firewalls. A proxy server is server software that runs on a host in a firewall, such as a bastion host. Because only the single proxy server (instead of the many individual computers on the network) interacts with the Internet, security can be maintained. That single server can be kept more secure than can hundreds of individual computers on a network.
Even more powerful than firewalls are intrusion protection systems, which constantly monitor network traffic, look for tell tale signs of an attack, and then either take action on their own or alert administrators that an attack is underway.