Timely Security Issues
Service Offerings
Products and Partners
Internet Security Corporation
|
|
|
| How To Design Your Firewall |
Engineer your defenses |
- Develop your security policy
The first step in developing your firewall should be a
statement of the goals you hope to accomplish with the
firewall. Some claim this is unnecessary, but you will have
a security policy by default. If you don't choose it, it
will choose you.
- Use a screening router
We believe that a good firewall should begin at the router
connecting your organization to the Internet. Consider asking for our
professional judgement when selecting hardware, firmware, port mappings
and other advanced router settings.
- Consider a bastion host
Every situation may not require a bastion host, or DMZ host, but
your analysis or your paranoia may indicate you want one. Should you
choose to employ one, we urge you to seek our informed advice to
configure it and test it.
- Use a combination to fulfill the security policy
Why would you want to combine a DMZ host and a screening router?
Vendors of each tell you that you don't need the other, so why combine
your defenses? Moreover, why separate them?
Here are our thoughts on this
issue.
|
|
Qualify your defenses |
- Static tests
- Packet filters
- Access restrictions
- Intrusion exercises
- Review our network
certification approach to network auditing.
|
|
Control Additional Access |
Authentication:
Review our multi-factor authentication approach.
|
|
Typical permitted network services |
- Domain Name Service (dns)
- World Wide Web (www)
- Anonymous ftp
- Secure shell (ssh)
- IMAP, POP2, POP3, other email
How To Reach Us
|
|
