---

O’Reilly Network: 12 Tips on Building Firewalls

  1. A firewall implements your security
    policy.
    … If you haven’t made explicit decisions about
    what you want the security policy to be, it’s probably not the best
    policy for your site, and it will certainly be difficult for you to
    maintain it over time.
    In order to have a good firewall, you
    need a good security policy–one that is written down and widely
    agreed to.”
  2. A firewall is not usually a single device.
    Except in the most simple of cases, a firewall is seldom a single
    device; it is usually a collection of devices acting in concert.
    Even if you buy a commercial “all-in-one” firewall appliance,
    you’ll still have to configure other machines (your public web
    server, for example) to work along with it. And these other
    machines should really be regarded as part of the firewall.
    …”
  3. Firewalls are not off-the-shelf items.
    Selecting a firewall is more like buying a house than choosing
    where to go on vacation. Firewalls and houses are complicated, you
    have to live with them every day, and you use them for more than
    just a week or two. Both need to be maintained, otherwise the
    weather gets to them or they fall apart. …”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis