How can a computer be connected safely to an untrustewrthy network

One solution the use of a firwell to separate trusted and untrusted system.A firwell is a computer appliance or router that sits between the trusted and untrusted.A network firwell limits network acess between the two security domains and monitors and logs all connection. It can also limit connection best on source or destination adress ,source or destination port,or direction of the connection.For instance,web server use HTTP to communicate with web browsers. A firwell may also only HTTP to pass form all host outside the firwell to the web sever with in the firwell.The morris internet worm used the finger protocol to break in to computers,so finger would not be allowed to pass,
A network firwell can separate a network into multiple firewall.
A common implementation has the internet as the untrusted domains. A common implementation has the internet as the untrusted domain.A semi trusted and semi-secure network called demilitarized domain.
A firwall itself must be secure and attack-proof,otherwise its ability to secure connections can be compromised.Firwell do not prevent attacks that tunnel,or travel within protocols or connections that the firwell allows. A buffer-overflow attack to a web-server will not be stopped by the firwell. Because the HTTP connection that house the attack,likewise, denial-of-service attacks can affect firwell as much as any other mchines.Another vulnerability of firwell is spooling, in wich an unauthorized host pretends to be an authorized host by meeting some authorization criterion. If a firewell rule allows a connection from a host and identifies that host by its IP address,then another host could send packets using that same address and be allowed through the firwell.
IN addition to the most common network firewalls,there are other,never kinds of firewalls,each with its pros and cons. A personal firewall is a software layer either included with the operating system or added as an application.Rather than limiting communication between the security domains,it limits communication to a given host. A user could add a personal firewall to her PC is connected.An application proxy firewall understands the protocols that applications speak across the network.Firewall understands the protocols that application speak across the network.SMTP is used for mail transfer.An application proxy accepts a connection just as an SMTP server would and then initiates a connection to the orginal destination SMTP server.It can monitor the traffic as it forwards the message, watching for and disabling illegal commands,attempts to exploit bugs. Some firewalls are designed for one specific protocol. An XML firewall, has the specific purpose of analyzing XML traffic and blocking disallowed or malformed XML. System call firewall sit between application and the kernel, monitoring system-call execution in Solaris 10, the “least privilege” feature implements a list of more than fifty system calls that process may or may not allowed to make. A process that does not need to spawn other processes can have that ability taken away for instance.