By Michael Goodwin on May 25th, 2007
All Internet data travels in packets. A traditional network-level firewall (the kind that's probably built into your router) examines the headers of those packets and refuses to allow data to pass through the firewall unless the packet headers match the rules — as defined by the firewall administrator or designer. A slightly different approach involves setting your firewall to allow any packet to pass through as long as it does not match one or more "negative rules."
Related Articles:
Unfortunately, these basic network-level firewalls are not very good at detecting and defusing worms, viruses and the latest application-specific attacks. Defending the network against this broader set of threats requires deeper inspection of the packet payload itself — a job done by anti-virus and anti-spyware applications, as well as the latest application-level firewalls. These applications use complex rules to look at the content of a packet, the type of traffic it represents, its source or destination address, the ports involved, the application being called and other many factors. This allows them to discover and block packets that contain malicious payloads.