Building your firewall, Part 1

By Carole Fennelly, Unix Insider |  Security

Many system administrators try to avoid performing an architecture review by
purchasing from a vendor a one-stop shopping firewall solution
that will do anything they might ever want to do. While this
scattershot approach may seem to make sense, it might result in you
supporting (and upgrading!) features that are not necessary. There
is an old rule in system design that seems to have been ignored by
firewall vendors: keep it simple, stupid (KISS). Choose the
firewall that best fits your requirements, yet allows the
flexibility to add additional applications as needed.

Technical expertise goals

Does it make sense for your organization to maintain staff with a
high level of expertise? For a large company with a high demand
for technical services, it does. For a small sewing shop with one
system, it does not. The important thing to consider is the goal
with regard to this branch of your organization. Evaluate what you want from your
technical staff, not the expertise of the present staff. In
regards to firewall selection, this determination is important in
deciding whether you need a point-and-click interface or an
adaptive model that a highly technical person can integrate with
other solutions. If you have a high-quality technical department,
you may want to consider integrating some open source solutions with
vendor products.

I recently went through a complete kitchen renovation -- an enormous
task in which the kitchen was gutted down to the subfloor. It occurred
to me that renovating the kitchen could serve as a good metaphor for building a new security infrastructure. The typical solution for
the average person is to go down to the local building center, pick
out some ready-made cabinets, and have someone from the building
center plug in the standard cabinet sizes and appliances into the
available space. There's usually a lot of compromise necessary to
accommodate the products chosen.

Homeowners could also opt to install
such cabinets themselves if they are assured of an easy
installation with no special tools required. As installation
commences, however, they may soon discover that not one of their support walls is plumb. The solution that is then considered the most desirable is to
have custom cabinets made by a skilled craftsman. Homeowners get
exactly what they want and need with no wasted space. The downside
is that this is very expensive.

Another alternative is to build your own kitchen cabinets. This
requires some pretty sophisticated skills (and tools). We considered
all the renovation projects that we had done and planned to do in
the future and decided that it was worth the initial outlay in time
and effort.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question