Computer networks are typically a shared resource used by many applications for manydifferent purposes. Sometimes the data transmitted between application processes isconfidential, and the application users would prefer that others not be able to read it.A firewall is a specially programmed router that sits between a site and the rest of thenetwork. It is a router in the sense that it is connected to two or more physical networks
and it forwards packets from one network to another, but it also filters the packets that flow through it. A firewall allows the system administrator to implement a security policy in one centralized place. Filter-based firewalls are the simplest and most widely deployed type of firewall. They are configured with a table of addresses that characterize the packets they will and will not forward.
A VPN is an example of providing a controlled connectivity over a public network such asthe Internet. VPNs utilize a concept called an IP tunnel—a virtual point-to-point linkbetween a pair of nodes that are actually separated by an arbitrary number of networks.The virtual link is created within the router at the entrance to the tunnel by providing it with the IP address of the router at the far end of the tunnel. Whenever the router at theentrance of the tunnel wants to send a packet over this virtual link, it encapsulates thepacket inside an IP datagram. The destination address in the IP header is the address of the router at the far end of the tunnel, while the source address is that of the encapsulating router