Definition: A firewall is either software, hardware or a combination of both that examines in-bound and, in some cases, outbound traffic for malware signatures and unauthorized traffic for information assurance purposes. Individual computer users can install software on their computers that performs the firewall function by examining in-bound and outbound Internet traffic. Hardware devices are typically used for computer networks that examine Internet packets so that the organization’s security policies can be enforced. Such network devices can even be used to segment a network so that a “network within a network” can be established. Policies related to the configuration of routers should relate directly to the information security plan.
Its Relevance: Software and hardware devices should be routinely placed between a network and the Internet for the purpose of "filtering" or examining the "legitimacy" of network traffic. The purpose is to ensure the legitimacy of Internet traffic and to protect information assets. Failing to do so would be negligent and a failure to practice due diligence.