What do companies do when they want to connect their corporate networks to the Internet? Simply wiring their company's internal network to a Net connection is too dangerous. Sensitive information might leak out, or hackers might find their way in.

The solution is a firewall, which allows only certain kinds of traffic to travel between the Internet and the corporate network. Firewalls can filter traffic based on the IP address, so that only specific addresses (or groups of addresses) are allowed through. They can also filter based on the port number to which the traffic is directed. For example, Web traffic typically uses port 80, so if you want to block your employees from browsing the Web, the firewall could be configured to block port 80.

A firewall's filtering capability is important, but sometimes it isn't enough. Packets that go through the firewall, such as internal Web browsing requests, can tell a remote site a lot about your network's configuration. These packets can give an outside user IP addresses that can be used to break into your network.

This is where the proxy server comes in handy. Instead of having each internal network user talk directly to the outside world, you can configure the Web browser to send its request through the proxy server. The proxy server then forwards the request to the remote site. When the remote site responds, the proxy server sends the request back to the original Web browser. This way, the proxy server is the only user that a remote site sees for your network. Usually, a proxy server is configured along with a firewall, which only allows Web requests that come from the proxy server.