What makes a good firewall |
 |
|
|
| > |
QUESTION POSED ON: 25 June 2001
I would like to know what makes a good firewall?
|
|
| > |
|
The obvious answer is one that stops what you want to stop
and allows what you need to allow.
There are many good firewalls on the market. What is best for
your organization depends on your needs, such as bandwidth,
complexity of the access rules needed, etc.
I personnaly prefer those firewalls that rely on port-blocking
along with statefull inspection. While there is nothing inherently
wrong with those based on proxies, I have found that some
administrators have trouble setting them up correctly and maintaining
them.
Flexibility in the rules sets is also a key. If you want to block a
particular port from everyone except from a certain IP range, you
want to make sure the firewall can do that. Some less capable
packages have a port either on or off for everyone.
If your organization is large, you probably want to have multiple
interfaces to the firewall, as well. That way you can effectively
have different back-end networks served by the same firewall.
The firewall should also support different rules sets for those
separate networks. If both have to have the same rules set,
the multiple interfaces don't do much good from a security standpoint.
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
