- What asset(s) (corporate, customer, e-commerce) is/are at risk?
- What is the value of that asset? What are the ramifications relating to downtime, lost revenue, or lost client and customer confidence?
- What is the actual threat? Have internal threats been sealed off? What's the potential for external breaches?
When it comes to architecture, you have two choices: a single firewall or a multilayer firewall approach (see Figures A and B).
| Figure A |
 |
| Single architecture |
| Figure B |
 |
| Multilayer architecture |
Because security policies are a direct reflection of a corporation's security needs, the immediate decision is how much access is required. An organisation can meter out services or deny all but the most critical required access. The second policy issue, which also directly ties to any firewall decision, is the access level. Do you want all users to have basic access or limited access? This requires examining current use -- does each user separately log into the Internet? What will be each user's site restrictions? Don't forget to examine the types of file extensions you want allowed and disallowed for downloading and document transfers. The policy also must determine the degree of redundancy your organisation needs -- should you have a failover backup or provide multitiered protections? Also, what, who, and how do you want to monitor network access and Internet use? Finally, take into account the financial considerations of a firewall technology purchase -- you don't want to buy too much or unneeded protection, but you will have to provide for ongoing maintenance costs. A few final tips
While a security policy and firewall plan should be created and developed, that's not where security ends. IT administrators must ensure they have all vendor patches properly applied and that each system is kept up-to-date. The true value of a firewall system is in the constant maintenance of all resources. Comprehensive security requires safeguards in a layered defensive approach. Keep in mind that your ultimate solution must be flexible enough to provide for scalability and growth.
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
