Chapter 10. Firewalls and Intrusion Detection Systems

Previous page
Table of content
Next page
   

Firewalls are an integral part of any enterprise network design. Firewalls can tremendously enhance the security of a network and provide detailed information about traffic patterns from the core to the edge of the network, and vice versa. Firewalls can also be a security risk. The complexity that many organizations require from their firewalls can create unforeseen security holes and allow unwanted traffic through.

Before deploying a firewall it is important to map exactly what purpose the firewall will serve, and what benefits it will bring to the network. If a firewall exists on the network, then it is a good idea to audit it periodically to see if it is fulfilling its design goals.

Too many administrators assume they are well protected because a firewall is in place; sometimes this is simply not the case. A firewall is only as good as the rule sets provided to it. If bad data is entered into the firewall, it will do a poor job of guarding the network. Many security consultants will sometimes recommend against the use of a firewall, especially if it is going to be used as a security panacea. With no firewall an organization is forced to secure the rest of the network and follow good security practices.

A firewall is an excellent tool, when used as part of an overall security strategy. But it should be viewed as just that: one part of a network security strategy. In a layered security design, no one layer of the security infrastructure is more important than any other. So, while firewalls may get all of the attention, they should not be viewed as the primary security strategy, and the firewall should most definitely not be the only security strategy for an organization. [1]

[1] Despite claims to the contrary from vendors .

Before delving into firewall network design, it is important to understand the purpose of a firewall, what a firewall cannot do, and the different types of firewalls. This type of information will help security administrators design a more complete security plan for firewall deployment, management, and monitoring. The more detailed the information included in the firewall security plan, the easier it will be to implement the firewall and perform tests against that plan.

   

Previous page
Table of content
Next page
The Practice of Network Security. Deployment Strategies for Production Environments
The Practice of Network Security: Deployment Strategies for Production Environments
ISBN: 0130462233
EAN: 2147483647
Year: 2002
Pages: 131
Authors: Allan Liska
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
A Practitioners Guide to Software Test Design
C++ GUI Programming with Qt 3
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy