Reference no: EM132182414
Write review for the article with 2 APA format references.
Firewall Placement Best Practices A firewall is a device that controls network traffic by preventing unauthorized network activity from entering or leaving a particular segment of the network (Kim & Solomon, 2014, p. 348). Firewalls continue to be an evolutionary process in an attempt to match the threats encountered by networks of all sizes.
The first firewalls were very basic and performed packet inspection to determine if and where traffic should be sent (Kim & Solomon, 2014, p. 349). Moreover, these types of firewalls had no memory about any prior packets processed on the network (Ferrell, 2017). Stateful packet inspection introduced the concept of memory and could recall information about a particular network communication (Ferrell, 2017). Processing demands were lessened since it only had to check the rules against a new communication session being established. Jumping ahead slightly are devices that are considered Next-gen firewalls. These are firewalls that include packet filtering and stateful inspection, but also perform deep packet inspection, which looks at the payload of the packet (Ferrell, 2017).
What do the various types of firewalls have to do with the question of firewall placement? The answer is everything. One must first consider what needs protecting? Most home and small business networks will likely implement a basic border firewall configuration that is placed behind the router and makes decisions about what WAN traffic can be sent across the firewall to the LAN (Kim & Solomon, 2014, p. 350).
It will also direct traffic from the LAN to the WAN. In most cases, a border firewall will use packet filtering or stateful inspection to defend the network (Kim & Solomon, 2014, p. 351). However, this configuration does not work well in situations where the organization is hosting public services (Kim & Solomon, 2014, p. 351). A screened subnet firewall, which is the most common approach, works best when hosting publicly accessible resources such as a web server (Kim & Solomon, 2014, p. 351).
In this configuration, a DMZ is segmented so users from the Internet can have limited access to specific resources within the DMZ (Kim & Solomon, 2014, p. 351). Direct access from the Internet into the LAN is not considered secure and is not allowed. A third approach is the incorporation of a multilayered firewall where the entire network is segmented in distinct parts. One firewall will act as a border firewall but will include additional firewalls for each segment of the network (Kim & Solomon, 2014, p. 351).
This type of configuration is used in areas where information must be kept secure, not only from the outside world but also separated from other areas within the organization. Additional firewalls will likely increase security if configured correctly. However, the administration of several firewalls creates additional complexity and can cause unintended results. Rules being implemented on several firewalls might wind up blocking legitimate traffic. User complaints will easily detect this situation. However, a far more serious issue is the situation where access was thought to be blocked and it is not.
This will likely go unnoticed since it will not spawn user complaints and creates vulnerabilities. So, what is the best firewall placement and type? The answer is likely to be "it depends." One must consider, what information needs protecting, what resources need to be accessible and which do not, and finally what is the budget?
This guides the firewall configuration and the complexity of management. I have found that listening to fellow Christians broadens my understanding of scripture. In these conversations, I often hear new and enlightening perspectives to the living Word of God. The Book of Proverbs states, "Iron sharpens iron, and one man sharpens another" (Proverbs 27:17 English Standard Version).
We often get to the resolution of a problem faster by reading and listening to multiple sources of data or information that has integrity. This can also be applied to our understanding of scripture when it is soundly based and legitimate. Therefore, one believer can sharpen the faith and knowledge of another.
References Ferrell, A. G. (2017, December). The five different types of firewalls.
Kim, D., & Solomon, M. (2014). Fundamentals of information systems security (2nd ed.). Burlington, MA: Jones & Bartlett Learning.