A computer program or hardware device used to provide additional security on networks by blocking access from the public network to certain services in the private network. Firewalls contain rule sets that either grant or deny data traffic flowing into or out of a network. Simply put, firewalls are to the perimeter of a network what a moat and wall are to a castle.

Because system administrators need to grant access from the outside world to some services within the perimeter, such as email or a Web server, they need to drill holes for these services in their firewalls. Unfortunately, these holes can be exploited by perpetrators. For example, control of outgoing traffic is an often neglected area; there is a real risk that users can introduce malicious code into the network by opening an email attachment or by surfing to a Website having malicious content that installs a back door program on an internal system. These back doors initiate connections to an attacker that, from the firewall’s perspective, seem to be coming from “inside” and are therefore allowed. The reality is that back doors can allow attackers to take over control of an internal system and create considerable damage.

See Also: Back or Trap Door; Electronic Mail or Email; Network; Security.