Firewalls

As stated in the beginning of the chapter, numerous tools, techniques, systems, services, and processes are available to protect your data in today's challenging network environment. Firewalls are particularly important strategic elements at the core of the security policy implementation. Figure 3-6 shows a firewall as a device that separates different functional areas of a network. These functional areas are often referred to as secure areas. In general, these functional areas are private networks, public networks, and demilitarized zone (DMZ) networks.

Cisco Press's Dictionary of Internetworking Terms and Acronyms defines a firewall as "a router or access server, or several routers or access servers, designed as a buffer between any connected public networks and private network. A firewall router uses access lists and other methods to ensure the security of the private network."

As shown in Figure 3-6, the inside interface of the PIX is connected to a private or corporate intranet. The outside interface is connected to the Internet (untrusted network). The DMZ is an isolated network hosting web servers and mail servers.

Different types of firewalls, their functionality, firewall packet flow and processing, and firewall features are discussed in Part III of this book in Chapter 9, "Firewalls."