Linux Today: Linux News On Internet Time.

O'Reilly Network: 12 Tips on Building Firewalls

Jul 29, 2000, 13:35 (0 Talkback[s])
(Other stories by Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman)
  1. "A firewall implements your security policy. ... If you haven't made explicit decisions about what you want the security policy to be, it's probably not the best policy for your site, and it will certainly be difficult for you to maintain it over time. In order to have a good firewall, you need a good security policy--one that is written down and widely agreed to."
  2. "A firewall is not usually a single device. Except in the most simple of cases, a firewall is seldom a single device; it is usually a collection of devices acting in concert. Even if you buy a commercial "all-in-one" firewall appliance, you'll still have to configure other machines (your public web server, for example) to work along with it. And these other machines should really be regarded as part of the firewall. ..."
  3. "Firewalls are not off-the-shelf items. Selecting a firewall is more like buying a house than choosing where to go on vacation. Firewalls and houses are complicated, you have to live with them every day, and you use them for more than just a week or two. Both need to be maintained, otherwise the weather gets to them or they fall apart. ..."

Complete Story

Related Stories: