The IT Law Wiki


A firewall

[is] [c]omputer hardware and software that block unauthorized communications between an institution's computer network and external networks.[1]
allows or blocks traffic into and out of a private network or a user's computer, and is the primary method for keeping a computer secure from intruders. Also used to separate a company's public Web server from its internal network and to keep internal network segments secure.[2]
[is a] security solution that segregates one portion of a network from another portion, allowing only authorized network traffic to pass through according to traffic-filtering rules.[3]
[is a] network device[] or system[] running special software that control[s] the flow of network traffic between networks or between a host and a network.[4]
[is a] a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.[5]
[is a] network security device that monitors incoming and outgoing network traffic and helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. A firewall can be hardware, software, or both.[6]

How it works[]

A firewall is a staple of security in today's IP networks. Whether protecting a LAN, WAN, encapsulating a DMZ, or just protecting a single computer, a firewall is usually the first line of defense against would be attackers.

At one time, most firewalls were deployed at network perimeters.[7] This provided some measure of protection for internal hosts, but it could not recognize all instances and forms of attack, and attacks sent from one internal host to another often do not pass through network firewalls. Because of these and other factors, network designers now often include firewall functionality at places other than the network perimeter to provide an additional layer of security, as well as to protect mobile devices that are placed directly onto external networks.

There are several types of firewall techniques:

In practice, many firewalls use two or more of these techniques in concert.

"Firewalls, in the context of computer networking, are similar to that of a firewall in an office building or hotel. They operate to automatically put a 'wall' between valuable assets and any potential danger. Therefore, data entering a network is often transmitted in through a firewall and the firewall can perform a variety of functions, such as disallowing the data to enter the network by blocking it.[8]

"[F]irewalls often sit at the edge of individual networks to control the entry of data from the internet. As technology develops, firewall type functionality is often now included inside of other devices such as routers and switches. These devices may be located at different locations within a network — not just at the outside barrier. This inclusion of firewall functionality in other devices is in contrast with older network technology where firewalls were responsible for the security of the network, by blocking malicious packets from entering it, while the routers and switches focused on speed and performance in the transmitting data."[9]

"The combination of thousands of these networking devices into larger and larger networks is responsible for the creation of nationwide networks and the global internet. Therefore, the global internet as we know it is a network of networks. Internet providers, such as Earthlink, Verizon, AT&T, and Cox are in the business of creating large scale networks to connect users to other business networks in order to access data. Companies like Netflix, Facebook, Zoom, Google and Amazon operate their own independent networks that connect to the larger internet to send data across the internet to end-users."[10]

"Firewalls have two forms: a firewall may be software program running on your computer or it may be a separate piece of hardware that watches what is being sent and received over a network. Firewalls can block transmissions that are unexpected or disallowed."[11]

A firewall is set up as the single point through which communications must pass. This enables the firewall to act as a protective barrier between the protected network and any external networks. Any information leaving the internal network can be forced to pass through a firewall as it leaves the network or host. Incoming data can enter only through the firewall. Firewalls work by blocking traffic deemed to be invasive, intrusive, or just plain malicious from flowing through them. If networks are castles, firewalls are the drawbridges.

Traffic not meeting the requirements of the firewall is dropped. Processing of traffic is determined by a set of rules programmed into the firewall by the network administrator. These may include such commands as "Block all FTP traffic (port 21)" or "Allow all HTTP traffic (port 80)". Much more complex rule sets are available in almost all firewalls.

Firewalls are typically deployed where a corporate network connects to the Internet. A useful property of a firewall, in this context, is that it provides a central location for deploying security policies. It is the ultimate bottleneck for network traffic because when properly designed, no traffic can enter or exit the LAN without passing through the firewall.

Firewalls close unneeded ports through which Internet communications can enter the computer, and block incoming Internet communications — and sometimes outgoing communications — unless the consumer has authorized those communications. However, firewalls usually do not check the contents of the communications coming in or going out, so as to determine whether a file contains a virus, for example. That is generally left to a virus checker.

Firewalls can also be used internally, to guard areas of an organization against unauthorized internal access. For example, many corporate networks use firewalls to restrict access to internal networks that perform sensitive functions, such as accounting or personnel.

A properly configured firewall will stop the majority of publicly available cyberattacks. Firewalls may be client managed or centrally managed.

International usage[]

In several countries, including China and Iran, firewalls have been established on a national level to prevent Internet users from accessing certain content from abroad.


  1. Bringing Health Care Online: The Role of Information Technologies, at 219.
  2. Electronic Crime Scene Investigation: A Guide for First Responders, at 54.
  3. Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
  4. Technology Assessment: Cybersecurity for Critical Infrastructure Protection, at 149.
  5. ARSC Guide to Audio Preservation, Glossary, App. B, at 225.
  6. Cybersecurity A Primer for State Utility Regulators, App. B.
  7. "The process begins when a packet is sent from the internet to another smaller network. A firewall device, usually located at the entry of the network, operates by inspecting information in the packet to determine if that packet is malicious. This process is completed by matching information from the header or payload of the packet to rules that are pre-enabled in the firewall type device. These rules are comprised of previously known information about sources of malicious or otherwise unauthorized traffic. Thus, if information from a packet header is matched to a rule, then the packet is unauthorized to enter the network and is blocked/dropped. A blocked packet is virtually thrown away or could be re-routed to another location for additional inspection. If there is no rule that matches the packet, the packet is allowed to proceed into the network and to its final destination. Centripetal Networks, Inc. v. Cisco Sys., Inc., 2020 WL 5887916, at *6 (E.D. Va. Oct. 5, 2020)."
  8. Id. at 4.
  9. Id.
  10. Id.
  11. Information Technology Security Handbook, Annex 1, Glossary.

See also[]