Do you use the Internet at work? I see lots of hands. You may not realize it, but your access to the Net is most likely mediated by some kind of firewall. Companies are spending thousands, even hundreds of thousands, of dollars on these systems-and trust them to protect their networks from snoopers and intruders.

That's a problem, because firewalls often provide a mere illusion of protection. They don't make business systems significantly more secure. And by focusing attention on defending the perimeter, rather than on defending information assets within an organization, firewalls foster lax internal security practices that magnify the damage that insiders can inflict.

What firewalls do accomplish, however, is this: they make the Internet more cumbersome to use. I recently visited a friend's firm in New York and wanted to check my e-mail, so I plugged my laptop into a network jack in an unused office. Access denied: my PC wasn't set up to work with the company's firewall. So instead of reading my e-mail, I occupied myself by sniffing the traffic on the office network and probing for a way out. (Had I been inclined, I could have read everybody else's e-mail-or done real damage.)

Firewalls are simple in concept. A typical firewall consists of a special-purpose computer that has two network plugs. One plug goes to the Internet; the other connects to a company's office network. The firewall is programmed with rules that determine what traffic is allowed to pass and what is to be blocked. For example, a firewall might be set up to allow managers in human resources to browse the Internet, or to access their desktop PCs from home, while permitting people in the corporate call center only to access their e-mail. The better firewalls log everything that moves across the boundary, giving companies a powerful tool for auditing online activity.