Network firewall know-how: Avoid network latency while protecting your network

Introduction to firewalls
Types of firewalls
Firewall know-how
      → Who is responsible for firewalls?
      → Are two firewalls better than one?
      → Placement of a firewall
Firewalls for network security and auditing
Firewall purchasing advice

Firewall know-how: What firewalls protect

Troubleshooting firewalls In this Firewall troubleshooting guide, Microsoft MVP Brien Posey provides troubleshooting tips for common Windows firewall configuration issues.

Many people think that as long as their SAN or NAS is behind a firewall then everything is protected -- this is a myth of network security. Most storage environments span across multiple networks, both private and public.

Storage devices are serving up multiple network segments and creating a virtual bridge that basically negates any sort of firewall put in place. This can provide a conduit into the storage environment, especially when a system is attacked and taken control of in the DMZ or public segment. The storage back end can then be fully accessible to the attacker because there is a path for the attack.

Firewalls for Dummies author Kevin Beaver explains more about firewall myths in this expert response.

Who is responsible for firewalls?

This text was excerpted from the Who is responsible for firewalls? expert response with Puneet Mehta.

Are two networks better than one?

Most enterprises use a combination of firewalls, virtual private networks (VPNs) and intrusion detection/prevention (IDS/IPS) systems to limit access to internal networks. Generally speaking, there isn't much work to do in these areas; it's about maintaining these controls and adapting them as dynamic infrastructures change. The maturity of the technology offers the opportunity to focus limited financial and human resources on more challenging problems, such as endpoint/server management and application security.

SearchSecurity expert Mike Chapple says that two firewalls from different vendors may not cause processing delays, but if not used and arranged correctly, the devices can become a hassle for IT teams. If you're experiencing network latency by adding an additional firewall consider the placement of the firewalls. Are they both directly connected to each other with nothing else in between? If that's the case, consider using a different firewall topology that will get the most out of the two firewalls.

Read the rest of this Q&A about how to get the most out of two separate firewalls on SearchSecurity.com.

Placement of a firewall

Firewall best practices Security expert Puneet Mehta gives you quick but detailed information on firewall topology best practices in this expert response.

The first, bastion host topology, is the most basic option, and is well suited for relatively simple networks. This topology would work well if you're merely using the firewall to protect a corporate network that is used mainly for surfing the Internet, but it is probably not sufficient if you host a Web site or e-mail server.

The screened subnet option provides a solution that allows organizations to offer services securely to Internet users. Any servers that host public services are placed in the Demilitarized Zone (DMZ), which is separated from both the Internet and the trusted network by the firewall. Therefore, if a malicious user does manage to compromise the firewall, he or she does not have access to the Intranet (providing that the firewall is properly configured).

The most secure (and most expensive) option is to implement a screened subnet using two firewalls. The use of two firewalls still allows the organization to offer services to Internet users through the use of a DMZ, but provides an added layer of protection.

To read a more in-depth description of these options view the rest of Chapple's tip on firewall placement.

Continue to our Firewalls for network security and auditing section →

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Networking Tutorials and Technical Guides Networking certification guide Network management frameworks: FCAPS and ITIL Introduction to firewalls: Types of firewall Firewalls for network security and auditing Wireless access points Wireless protocols learning guide Wireless security 802.11 protocols Wireless network deployment and management Wireless troubleshooting Network Security Products As threats grow, crowdsourcing could be the future of network security Securing the new network architecture What security measures are recommended for each level of the TCP/IP model? Securing the new network architecture: Security for distributed, dynamic networks What is data loss prevention? -- An introduction to DLP To simulate voice over IPSec VPNs which simulators work? Is my firewall setting preventing wireless network guest access? How to configure Windows Server 2008 advanced firewall MMC snap-in How to retrieve passwords from locked laptops How to interpret test scan results to assess network vulnerability Network Security Best Practices Data loss prevention: Workers in developing economies are a risk Securing Wireless Systems -- 'Build Your Own Security Lab: A Field Guide for Network Testing,' Chapter 9 As threats grow, crowdsourcing could be the future of network security SIEM platform secures university's open network Shifting defenses and dynamic perimeters challenge network security IPsec VPN authentication: Generating and exchanging pre-shared keys IPsec protocol details for implementing VPNs Securing the new network architecture How to block porn with ISA-server firewalls Why implementing adequate security challenges LAN administration

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Nessus  (SearchNetworking.com) network analyzer  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary