Multilayer firewall strategy
Mitch Bryant
Published: 14 Feb 2003 21:07 GMT
- What asset(s) (corporate, customer, e-commerce) is/are at risk?
- What is the value of that asset? What are the ramifications relating to downtime, lost revenue, or lost client and customer confidence?
- What is the actual threat? Have internal threats been sealed off? What's the potential for external breaches?
CIOs and network administrators need a complete and comprehensive understanding of not only Internet activities but also internal network traffic, such as bandwidth requirements, protocols in use, and access requirements. Remember that all access points are vulnerable and subject to attacks.
Once you have this information, you can move on to building a firewall architecture.
Basic firewall design considerations
When it comes to architecture, you have two choices: a single firewall or a multilayer firewall approach (see Figures A and B).
| Figure A |
 |
| Single architecture |
| Figure B |
 |
| Multilayer architecture |
To determine which would work best for your enterprise, you need to first flesh out and develop a security policy, because the two are tightly linked.
Developing the security policy
Because security policies are a direct reflection of a corporation's security needs, the immediate decision is how much access is required. An organisation can meter out services or deny all but the most critical required access.
The second policy issue, which also directly ties to any firewall decision, is the access level. Do you want all users to have basic access or limited access? This requires examining current use -- does each user separately log into the Internet? What will be each user's site restrictions? Don't forget to examine the types of file extensions you want allowed and disallowed for downloading and document transfers. The policy also must determine the degree of redundancy your organisation needs -- should you have a failover backup or provide multitiered protections? Also, what, who, and how do you want to monitor network access and Internet use?
Finally, take into account the financial considerations of a firewall technology purchase -- you don't want to buy too much or unneeded protection, but you will have to provide for ongoing maintenance costs.
A few final tips
While a security policy and firewall plan should be created and developed, that's not where security ends. IT administrators must ensure they have all vendor patches properly applied and that each system is kept up-to-date. The true value of a firewall system is in the constant maintenance of all resources.
Comprehensive security requires safeguards in a layered defensive approach. Keep in mind that your ultimate solution must be flexible enough to provide for scalability and growth.
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
Previous
Did you find this article useful?
98 out of 220 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
