Network security best practices
When operating a network, is it safe to forego firewall software on the second machine and rely on the Internet-facing machine firewall?
While you might be safe using a single firewall
, this is generally frowned upon within the security community because it fails to implement the "defense-in-depth" strategy. By eliminating your software firewall, the Internet-facing firewall is the only device protecting your network. If something happens to that firewall (a malfunction, misconfiguration, compromise, etc.), you don't have any fallback.
Given the fact that most operating systems come with free integrated firewalls, there's no reason to disable your host-based firewalls. I'd strongly encourage you to leave them turned on at all times.
Learn how to design and implement a firewall solution.
Learn why firewalls are essential to any network security strategy.
This was first published in July 2006