Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. In this series of tips, we take a detailed look at the task of firewall implementation and help guide you through the design process.
We've divided the process into four stages:
- How to choose a firewall:
Despite the development and evolution of next generation security technologies, the firewall remains a vital component of any network architecture. However, today's organizations have several types of firewalls to choose from. This tip outlines five basic questions to ask when identifying the type of firewall that best suits your organization's network security needs.
- Choosing the right firewall topology:
When developing a perimeter protection strategy for an organization, one of the most common questions is "Where should I place firewalls for maximum effectiveness?" This tip provides an overview of the three most common firewall topologies, including diagrams of a bastion host, screened subnet and dual-firewall architectures.
- Placing systems in a firewall topology:
Once you have decided which topology best suits your IT infrastructure, it's time to decide where to place individual firewall systems within the chosen topology. This tip reviews several factors to consider when deciding where to place systems in a firewall topology, such as bastion host, screened subnet and multi-homed firewalls.
- Auditing firewall activity:
Firewall configurations change quickly and often, making it difficult to keep on top of routine firewall maintenance tasks. In this tip, learn ways to audit a firewall's capabilities to help keep network events in order.
Reading through each of these tips will put you well on the road to firewall implementation success. Good luck!
ABOUT THE AUTHOR:
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide andInformation Security Illuminated.