The hardware security systems that act as firewalls vary in configuration and sophistication. One relatively simple device involves using a router-which controls the sending and receiving of messages-equipped with packet filters to examine the messages. This system can be configured to block traffic to or from certain Internet destinations or all unknown destinations. This type of security system is relatively inexpensive and easy to set up, but it also offers only minimal protection from hackers. A slightly more sophisticated and secure system is a proxy server. A proxy server works by stopping all incoming and outgoing traffic for inspection before forwarding it. One advantage of this type of system is that it can create a log of all messages sent and received. Proxy servers can be difficult to install, however, and can also make Internet use less convenient for employees.
Both routers and proxy servers have one major disadvantage in terms of the security they provide. These systems base their evaluation and approval of messages on the header, which lists the sender, recipient, source, and destination. But hackers can easily create false headers to fool the filtering systems. One way to overcome this problem is through type enforcement, which also scans the content of messages. Another system, known as a stateful inspection firewall, uses an even more sophisticated method of verifying the sources of messages. Finally, it is possible to use any combination of routers, filters, proxy servers, and firewalls to create a layered security system. A large company like Motorola, for example, might place a firewall at the outside of the system, and connect it to a gateway computer, and then connect that machine to a router with packet filters, and finally connect the router to the internal computer network.
For companies that do business on the Internet, Emery suggests setting up a dedicated computer out-side the firewall to run the common network services that are most easily accessible from the outside. These include Web and FTP servers, Gopher servers, mailing list servers, Finger servers, Telnet servers, and SMTP e-mail software.