Security Portal: Firewall Configuration PrerequisitesFeb 21, 2001, 08:30 (0 Talkback[s])
(Other stories by Jay Beale)
"Before we can really get into the firewall design, we really should consider where this box fits into your network architecture. See, a firewall generally serves as a point of connection between two networks. It's often called a "chokepoint" as it serves to stop selected data from crossing over from one network to another. In most SOHO environments, the two involved networks are: 1) the Internet and 2) your company's internal network."
"In any environment even slightly more complex, you might place these firewalls in additional locations: between your financial/HR network and the rest of your company's networks, perhaps. You might also use a single firewall to mediate connections between three or more networks...."
"Every firewall ruleset design begins with a decision between two basic security stances: default deny and default allow. Basically, under default allow, you allow all types of traffic that you don't specifically block. This is often the stance of choice for universities and other extremely open and flexible environments. At the potential cost of weaker security, you gain a huge amount of flexibility. It also models the kinds of interactions that your employees/bosses are most accustomed to: there are a set of rules that cannot be broken, but all other communication/behavior is permitted."