Security Portal: Firewall Configuration Prerequisites Feb 21, 2001, 08 :30 UTC (0 Talkback[s]) (5359 reads) (Other stories by Jay Beale)
"Before we can really get into the firewall design, we really should consider where this box fits into your network architecture.
See, a firewall generally serves as a point of connection between two networks. It's often called a "chokepoint" as it serves to
stop selected data from crossing over from one network to another. In most SOHO environments, the two involved networks
are: 1) the Internet and 2) your company's internal network."
"In any environment even slightly more complex, you might place these firewalls in additional locations: between your
financial/HR network and the rest of your company's networks, perhaps. You might also use a single firewall to mediate
connections between three or more networks...."
"Every firewall ruleset design begins with a decision between two basic security stances: default deny and default allow.
Basically, under default allow, you allow all types of traffic that you don't specifically block. This is often the stance of choice
for universities and other extremely open and flexible environments. At the potential cost of weaker security, you gain a huge
amount of flexibility. It also models the kinds of interactions that your employees/bosses are most accustomed to: there are a
set of rules that cannot be broken, but all other communication/behavior is permitted."
