In building construction, a firewall is a structure designed to contain building fires. For example, an attic crawlspace that covers the entire length of the building would allow a fire to roar from one end of the building to the other. Breaking up the crawlspace with non-flammable walls helps to slow the spread of a fire.
Network firewalls have a similar function. A firewall is a network security system, either a program or an actual device, that breaks up a network to contain viruses and hackers.
Imagine two large fish tanks side by side, separated by a wall. We want to allow the blue fish to mingle, but we need to keep the carnivorous fish on the left away from the baby fish on the right. If we opened a computer-controlled door in the wall, programmed to only allow blue fish to pass but no one else, that would be a fishtank firewall.
Network firewalls “segment” the network. Local traffic, the information that moves between the computers in that segment, doesn’t go through the firewall to the larger network outside. And information that doesn’t need to reach anyone inside the firewall is blocked out, just like the carnivorous fish in our example.
A Proxy is another network security tool. Proxies are replacements for Internet servers. When a computer requests a website from the internet, a main hub provides the IP address. A firewall can interfere with this, and declare that no one inside the firewall can surf the Internet. The Proxy is then the “official” way past the firewall.
A proxy server has a list of “authorized” websites. When the user’s computer requests the address from the Internet, the proxy checks it against the list, and if the website is approved, it authorizes the firewall to let the traffic through. If the website is not approved, then the firewall sends a message saying “you are not authorized to visit this website.”