Most controls in a network are built at the
points where the network connects with an external network.
These controls seek to limit the type of traffic that can come
in or go out and also the origin and destination of the traffic.
For example, to provide access to a web server that is inside
the network to customers all over the world for placing
orders, the network should accept only a certain type of
traffic (HTTP) and not the kind of traffic that tries to log
into the server (telnet). In another situation where a partner
or vendor provides, for example, system development or
maintenance services over a dedicated network from a fixed
location, the network may allow traffic only from those
systems with specific addresses. Such controls are
implemented through suitable configuration of the rule base
in a firewall and/or through access control lists in the
routers. Antivirus software and intrusion detection systems
can detect viruses and other malicious code at these entry
points and take detective and corrective action.