A casual news reader or watcher has probably heard about some data breach on some network where a company was compromised because someone hacked into the company's network and stole data. The hacker was able to take advantage of a hole or weakness in the company's Internet gateway, which granted access to resources on the network. If a corporation can be compromised, how much more easily could a home user be compromised.

An entire branch of the IT industry has been created to provide security solution for individuals and corporation alike. One of the primary products provided by security groups are firewalls. Firewalls are named after their counterparts in construction, which are designed to keep a fire from spreading between various sections of a building. A network firewall is designed to keep malicious threats on the Internet off of local area networks or personal computers. Firewalls are designed to stop viruses, filter content, stop hackers, control certain kinds of traffic, and detect and prevent intrusion on computer systems. Primitive computer firewalls basically allowed incoming and outgoing traffic on what are called "ports", but they blocked everything else. Suppose I had a firewall at home and I only wanted to allow computers on my network at home to access websites and check and send email. I would then set my firewall to allow traffic on ports for web sites (typically port 80 and 443) and email (typically ports 23 and 110). All other ports would be blocked. However, many people know that even if I block all other traffic, many threats can come through email and malicious websites. To answer this, many security providers implemented content filter to block bad emails and websites and virus protection to remove virus before they even entered the network. Such services in addition to primitive firewalls created the need to dedicated machine with the sole purpose of blocking and scanning Internet traffic.

There are several types of attacks that hackers use.

• Denial of Service (DoS) are attacks used by attackers to bring down networks by overwhelming the network with traffic and request. DoS attacks are usually staged from multiple computers, and the computers simultaneously make requests on a a single network. The massive volume of requests can overwhelm firewalls and routers, effectively disabling or causing them to crash. In turn, other users on the network gain access to resources accessed through the firewall or router. Many routers today are configured to detect DoS attacks and stop such attacks.
• Brute Force attacks are similar ato DoS attacks, rather than trying to disable networks, they try to hack networks by guessing passwords using a computer by generate passwords and testing those passwords against computers on the network. If successful, the hacker can gain access to resources on the network.
• Buffer Overflow attacks, also known as heap overflow, and stack overflow, and buffer overrun attacks, take advantage of certain communications programs. These computer programs waiting for data on a network expect data to come in a certain format. Attackers can send data in that format, but manipulate the data such that the program accepts it, but in addition to the the "good" data, there is extra data that takes advantage of a weakness in the programs memory management. The extra data will contain program that allows the hacker to gain access to the computer.
• Port Scan attacks are that look for open ports on a computer and attempts to exploit them. Every computer on a network has an address, and at that address are a number of virtual "ports" that other computer connect to to communicate over a network. For instance, A computer is running a web server and an email server. The computer has an address of 192.168.2.12. The web server runs on port 80 and the email server on port 23. A computer on the network opens is web browser and opens a web page on  hosted on the web server. He would request the page from the address 192.168.2.12 on port 80. Suppose he then checks his email. He would request his messages from the address 192.168.2.12 on port 23. A port scan attack looks for open ports on computers. Ports are used by computers for print sharing, file sharing, and instant messaging, web services, music, etc. If there are ports open on your and you are not aware of this, then it is possible that a hacker could gain unauthorized access through a common port, although you inadvertently had no idea that it was opened.

There are basically two types of firewalls: "Hardware" firewalls, and "Software" (or "Personal") firewalls. In reality, all firewalls require hardware and software to run, but the distinction has to do with how the firewall is used. A hardware firewall is a firewall whose sole purpose is to protect a network from malicious attacks. The firewall usually connects to a router or modem on an "External", "WAN", or "Internet" port and then to network switch or PC through a "Local" or "PC" port. Some firewalls come integrated with a switch or act as a wireless access point in addition to being a firewall.

• Centralized Management: One is only dealing with one machine rather than numerous individual machines
• Easy Deployment: There is only one machine to set up and configure.

The second type of firewall I mention is a software firewall. A software or personal firewall is a program that runs on your personal computer that performs on the task of a network firewall except a local level. 

Personal firewalls are not designed to handle traffic for multiple computers, but they do have some other advantages:

• Portability: Since the firewall is installed locally, it can provide protection for your computer on wherever you take your computer and connect to a network such as a public wireless networks at coffee shops, your home network, and your school's network.
• Personalized Defense: Personal firewalls integrate with software installed on your computer such as virus protection and email and it prevents virus, trojans, etc. from accessing the Internet to invite more stuff should you get one or from other computers infecting your computer with malicious software.
• Extra Defense: If you already have a network firewall, then this just adds another line of defense.

NOBTS provides a hardware firewall on the public wireless network, but this firewall cannot prevent attacks that may arise from with the network. It is wise to have a personal firewall installed on your computer if you plan on using wireless networks.

Microsoft Windows comes with an integrated firewall. It has been known to be compromised on numerous occasions and typically ranked among the lowest software firewalls available. However, there is a free firewall that performs well: Comodo. Comodo is an easy-to-use firewall that has received great review from the security industry. Likewise, it is easy to install. Once installed, it will replace the Windows Firewall with Comodo, and you'll have a personal firewall installed. There are commercial firewalls available too, such as ZoneAlarm and Norton 360. These firewalls provide protection to your computer as well.