Multilayer firewall strategy

ANALYSIS
While firewalls can secure Internet access, protect mission-critical information, and leverage the Internet to connect a global enterprise, they're just the starting point for building a security fortress. Some organisations may believe they're secure with current firewalls in place, but it won't be long before they realise they need more tools for securing their next connectivity initiative, such as a VPN. Whether you want to improve, replace, or initially install a firewall, it's a good time to refresh your knowledge of firewalls and understand the vital steps, such as developing a security policy, that you must take before making any more security moves. False firewall beliefs
A common misconception is that one firewall can protect every asset. While that might have been true a few years ago, it's not enough protection, given the advancements in hacking and increasing external threats. According to the CERT Coordination Center at the Software Engineering Institute (CERT/CC), the number of reported network security incidents has almost tripled in the past two years -- from 21,756 in 2000 to 73,359 at the end of Q3 2002. A second misconception is that a firewall device is a "connect, turn on, and forget about it" device. It's actually a technology that requires constant review, fine-tuning, and evaluation. In addition, many organisations plug firewalls into place without a security policy. Firewall deployment should be tied directly to security policies that address and support your company's objectives. Enterprises must consider a multilayered security approach, with a security policy, firewalls, and additional security tools (such as virus software). What a firewall can and can't do
A firewall can be hardware- or software-based. The tightest security is obtained when the two options are used in combination. Yet, even in this approach, a firewall system has its limits:
  • It can't protect the enterprise from attacks and threats from within your network.
  • Virus protection is limited without additional software and specialised technologies.
  • A firewall can't protect an organisation from attacks that avoid a firewall -- an external hack via a dial-up account can fully compromise the entire security plan.
Firewall technology, obviously, also can't protect organisations from employee carelessness or mistakes with passwords and unauthorised access. Only specific tools and policy guidelines on expected computer use and access can thwart those issues.

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

apexwm

NanWag : A Windows Server 2008 is being used because the environment that the Macs are in is a heavy Windows environment. I am proposing that...

42 minutes ago by apexwm on Windows Server 2008 drops the ball for Mac compatibility
BellamysIT

Really good article. You bring to light a few really good things. However, isn't it true that over 70% of fortune 500 companies use sharepoint?...

43 minutes ago by BellamysIT on Designing a SharePoint farm: Tiers before bedtime
annonymous2

If Piratebay is a crime then so is borrowing a dvd you purchased to a family member or a friend. Why should we not be aloud to share. Most of the...

3 hours ago by annonymous2 on UK ISPs ordered to block Pirate Bay website
NanWag

File Services For Macintosh was causing Excel to prompt for Overwriting changes or Save Another Copy because it was changing the timestamp on the...

3 hours ago by NanWag on Windows Server 2008 drops the ball for Mac compatibility
Regis Machado

creative cloud $48/month in the USA, £48/month in the UK ($79). good for the competitors

5 hours ago by Regis Machado via Facebook on Adobe move promotes piracy
Tom Espiner

Hello KosGirl, Good question. I've asked Belfius for a response. The latest post I can find on Pastebin about it is here:...

5 hours ago by Tom Espiner on Hackers hold bank to ransom over stolen data
KosGirl

Have there been any further updates to this story? I can't find any information on whether the hackers released the data or not.

6 hours ago by KosGirl on Hackers hold bank to ransom over stolen data
SandJ

I have done 7 speed tests this morning on different speed test tools. They tell me my download speed is: 12.3, 12.3, 12.3, 11.1, 12.7, 12.7, 11.7...

7 hours ago by SandJ on Watchdog: TalkTalk's broadband speed test misled users
Jack Schofield

@Mary Microsoft could always send Mozilla a spec sheet and oblige them to meet the same standards as IE. Then Mozilla can spend millions of...

10 hours ago by Jack Schofield on Windows RT browsers and the point of Windows RT
goth1csnake3

Not before time, that people making films,dvd's get whats coming to them. Well done, Virgin Media.

12 hours ago by goth1csnake3 on Virgin Media: Spotify deal will bring down piracy
Simon Bisson and Mary Branscombe

Apex - the question then is what about letting the user choose to have a tablet where they don't have to have that responsibility? why can't the...

22 hours ago by Simon Bisson and Mary Branscombe on Windows RT browsers and the point of Windows RT
Simon Bisson and Mary Branscombe

Moley, Apex, thanks; I think there's an interesting other dimension of choice - the choice to have a platform that is 'locked down' in the sense...

22 hours ago by Simon Bisson and Mary Branscombe on Mozilla accuses Microsoft of shutting Firefox out of WOA
Yellowcave

Not surprised. I once used the methods to let my firewall just notify me of breaches. Not one single logged event was genuine. Once, we all...

1 day ago by Yellowcave on Mobile porn filters catch innocent content, says report
duplex

live realy sucks in facebook becuase people hack your profile

1 day ago by duplex on Irish watchdog: Facebook privacy still falls short
Ed Macnair

If only it was that simple. When you start accessing Cloud applications you are stuck with the security model the vendor provides...........unless...

1 day ago by Ed Macnair via Facebook on IT security? You're doing it wrong!
Phil at Cloud4

Another good updaet, I have enjoyed going on the journey reading this series on SharePoint 2010 and have learned alot. Great writing.

1 day ago by Phil at Cloud4 on Designing a SharePoint farm: Tiers before bedtime
muteen

roumers of an ipad Mini, isnt that just an iTouch!?

1 day ago by muteen on Apple rebrands iPad 4G as 'Wi-Fi + Cellular' for UK
apexwm

Thanks for this article and bringing this issue to light. Unfortunately this type of activity is common not only with Adobe, but many other...

1 day ago by apexwm on Adobe move promotes piracy
Andy Bolstridge

there's a very thin line between tax avoidance and tax efficiency - earning £850 a month and claiming dividends to bring my income up to normal...

1 day ago by Andy Bolstridge via Facebook on The Idle Self-employed
Andy Bolstridge

I see that they are happy to announce these numbers.. but no-one will take any notice until they start announcing sales numbers too.

1 day ago by Andy Bolstridge via Facebook on Microsoft's score card for Smoked by Windows Phone