Chapter Summary
This chapter covered the world of firewalls and their role in securing a network. Not everyone believes in the value of these devices, and the discussions answered these naysayers and showed them the folly of their ways. Further proof of the importance of firewalls was provided by expanding on their pure technical aspects, while expressing the fundamental truth that firewalls are the manifestation of a company’s security policy.
One of the online resources that may assist you in determining the direction and policy of your network security is www.opengroup.org/jericho/about.htm. The Jericho Project was formed by a group of corporate security officers who saw the ever-decreasing security being driven by the concept of deperimeterization. In 2004, the Forum set out to drive and influence development of secure architectures, technology solutions, and implementation approaches, for the deperimeterizing IT world, to enable safe, secure collaborative interworking, globally between enterprises—business partners, customers, suppliers, and out-workers—and to encourage development of open standards that would underpin these solutions.
Operationally, this chapter covered how firewalls function, where and when to implement them, and how to design the access policies necessary to define access into your network. Furthermore, the chapter introduced the DMZ interface as an evolution in firewalls and how they provide special locations for various Internet servers. The chapter concluded with several brief case studies demonstrating firewalls in action, followed by some of their limitations.