What acts as the primary defense at a network's boundary and controls traffic?

A firewall acts as the primary defense at a network's boundary and controls traffic by monitoring incoming and outgoing network traffic based on predetermined security rules. The primary function of a firewall is to establish a barrier between a trusted internal network and untrusted external networks, such as the internet. Firewalls can be hardware devices, software applications, or a combination of both, and they are specifically designed to prevent unauthorized access to or from a private network.

In contrast, a switch operates mainly at the data link layer of the OSI model and facilitates communication within a local area network (LAN) by connecting devices and forwarding packets based on MAC addresses—it does not inherently control traffic for security purposes. A router, while capable of directing traffic between different networks and providing some security features through access control lists, is not specifically built to enforce security policies as a firewall does. A hub is a basic networking device that connects multiple devices in a network but lacks any intelligence or capability to filter traffic or enhance security.