For many years firewall hardware and software has been employed on large corporate and institutional networks to protect sensitive data. In the case of a bank or intuition with large amounts of personal data stored on their servers, it was imperative that these servers remain inaccessible to anyone but authorized users. In recent years, however, it has become common for home PC users to employ firewalls as well, primarily because of the advent of malicious and data mining software that attacks home PCs connected to the internet.
The principal that a firewall operates on is to create a barrier between the PC and the larger network as a whole. Computer network works on a system of ports. A windows PC has some 50,000 ports, and each one is a 'tunnel' between the PC and the internet. Each internet protocol that sends or receives data to the internet does so through an assigned port. Without firewall software or firewall hardware in place, all of a PCs ports remain 'open' - that is, all ports on the PC are accessible from the internet. So any sort of malicious or data mining application can access the PC through an unassigned port, and because there are some 50,000 of these ports, many are not in use at any given time.
What a piece of firewall hardware or firewall software does is to act a safeguard to all of these ports. By default the firewall hardware will block all ports that are not in use, preventing malicious software from searching for and taking advantage of open ports. By acting as the gatekeeper to your PC, firewall hardware is able to protect you from the internet. What a firewall will do is only open the few ports necessary for the internet protocol the PC is currently using. For example, and average home PC will have open ports for web surfing (the HTTP protocol) and email (SMTP, or POP protocol) and maybe a few others for verified applications that need to update (virus protection, for example.)
Whenever an application is installed that requires a new open port, the firewall software will generally verify with the user if this is acceptable, and then open the given port. The primary focus of firewall hardware and software is in preventing connections to your PC, rather than from them. By allowing only authorized connections to your PC, you protect yourself from the vast majority of malicious software, much of which scans the internet randomly, looking for PCs with open ports.
The most common firewall hardware that most users have, whether they realize it or not is the firewall built into their internet router, the device used to share in internet connection. This average router has built in firewall hardware that block all but the most common of inbound connections (HTTP, FTP, POP, etc. . .) Many users are likely introduced to the fact that their router contains firewall hardware when they try to use a p2p file sharing application that requires an open port for other users to access files on the user's machine. Often when trying to run these applications the user behind a firewall will find themselves inaccessible to other users on the network, and will have to go into their routers firewall setting to open the appropriate ports (and often forward them to the appropriate PC.)
Firewall software is a more transparent matter, being built into the Windows XP operating system. Most users won't even know it's there, and it will quietly do its job. In this way, firewall hardware and firewall software are an important but easy to use tool for every PC user.