Firewall implementation and design for an enterprise can be a daunting task. Choices made early in the design process can have far-reaching security implications for years to come. In this series of tips, we take a detailed look at the task of firewall implementation and help guide you through the design process.

We've divided the process into four stages:

    Requires Free Membership to View

  • How to choose a firewall:
    Despite the development and evolution of next generation security technologies, the firewall remains a vital component of any network architecture. However, today's organizations have several types of firewalls to choose from. This tip outlines five basic questions to ask when identifying the type of firewall that best suits your organization's network security needs.
  • Choosing the right firewall topology:
    When developing a perimeter protection strategy for an organization, one of the most common questions is "Where should I place firewalls for maximum effectiveness?" This tip provides an overview of the three most common firewall topologies, including diagrams of a bastion host, screened subnet and dual-firewall architectures.
  • Placing systems in a firewall topology:
    Once you have decided which topology best suits your IT infrastructure, it's time to decide where to place individual firewall systems within the chosen topology. This tip reviews several factors to consider when deciding where to place systems in a firewall topology, such as bastion host, screened subnet and multi-homed firewalls.
  • Auditing firewall activity:
    Firewall configurations change quickly and often, making it difficult to keep on top of routine firewall maintenance tasks. In this tip, learn ways to audit a firewall's capabilities to help keep network events in order.

Reading through each of these tips will put you well on the road to firewall implementation success. Good luck!

 

ABOUT THE AUTHOR:

 
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide andInformation Security Illuminated.
 


This was first published in October 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.