The use of firewalls to manage Internet, intranet, and extranet security is exploding in popularity. Firewalls are collections of filters and gateways or protocol translators that shield a trusted network within a fence or perimeter from untrusted networks. Thus, firewalls represent the boundary or moat around a trusted network.

Packet filter firewalls function by examining the header of each packet of information arriving at the firewall. The packet filter firewall then applies a set of firewall rules to the header information to decide whether or not to let the packet pass through the firewall from an untrusted network to a trusted network. The order in which the rules are applied is crucial because the first rule met which permits or blocks passage of a packet decides the fate of that packet. Often, different rules apply to packets moving from trusted to untrusted networks versus packets moving from untrusted to trusted networks. If the header information in a packet does not map to any packet filtering rule, then the packet is generally blocked and does not pass through the firewall. Packet filters or screening routers often come bundled with router software and can be implemented by configuring and setting up the router. Screening routers usually operate at the IP layer with only occasional looks at the transport layer of the TCP/IP network protocol.

Screening routers and packet filters offer a wide variety of functionality that can be extremely useful for enhancing extranet security. For...