Connecting a computer to the internet makes it visible to every other computer on the network, and the opportunity for remote misuse this presents is huge. A firewall sits between a computer and the network to control which computers can connect to it and what services they can use.
A firewall is a device that controls the flow of communications across networks of computers by examining their source, destination and type - and comparing these with predetermined lists of allowed and disallowed transactions.
It looks like you don't have Flash enabled on your computer. To view all the videos, tools and games on this website you will need to install the Flash player.
For information on how to do this, please visit the BBC WebWise guide to downloading Flash
You need a firewall because once you're on broadband, your computer is continuously connected to the global internet and identified by a unique number - its IP address. So it's potentially visible to anyone else on the network, and malicious users may be able to gain access to it.
How does it work?
The firewall sits between your computer and the internet and permits or blocks connections between your computer and other computers on the net, according to rules defined by you. This can make it much more difficult to launch remote attacks on your computer.
There are two kinds of firewall - software and hardware. A software firewall is a program you install on your computer and a hardware firewall is a physical device that plugs into your broadband router and your computer via cables. They have the same basic function, but there are differences.
A software firewall knows about the actual programs you are running, whereas a hardware firewall can only detect the generic nature of the services you are using - eg email, web access or instant messaging.
A software firewall can therefore make very precise decisions about what to allow or block as it can detect illegal attempts by specific programs to connect to the internet.
But it can be disabled by some malicious programs - 'malware' - if they do manage to infect your computer. A hardware firewall is more robust against such attacks, but it offers less precise control and is more complicated to set up.
If you have only one firewall it should be software. But it must be able to completely hide your computer from the internet except for specific connections your computer initiates. This is called 'stealth mode' and prevents attackers scanning your computer for weaknesses they could exploit.
Instructing your firewall
Once you've installed your software firewall, you must tell it what services you want to use and ensure it blocks everything else. It will have some basic rules built in, but will usually prompt you the first time any program you run requests an internet connection.
It's up to you to decide whether that's something you want to happen. If you just say 'yes' automatically whenever you get a prompt, your firewall will let everything through and will not protect you.
So ask yourself - does this request seem reasonable? For example, if your email program requests a connection when you try to send an email it makes sense to say 'yes', but if a program with a cryptic name you don't recognise suddenly asks for access, it might be malware and you should initially say 'no'. If what you were trying to do fails as a result, you might have to try again, saying 'yes'.Once you're sure the connection request is legitimate and necessary, you can make your decision permanent by ticking a box, thereby creating a rule your firewall will follow without prompting you again.
More than one firewall?
Finally, if more than one computer shares your internet connection, each should have its own software firewall. That will protect each computer independently against attacks from the internet and limit the spread of 'worms' between your computers.