Building your firewall, Part 3

[mea culpa <jericho () DIMENSIONAL COM>]

http://www.sunworld.com/sunworldonline/swol-11-1999/swol-11-security.html

Building your firewall, Part 3
Implementation: Setting up firewall rules

Summary

A careful implementation of the firewall architecture can save a
tremendous amount of resources in maintenance. Carole runs through the
basic rules. (3,500 words)

By Carole Fennelly

Last month's column described the operating system installation that lays
the groundwork for firewall implementation.

Implementing firewall software is not really that hard. Maintaining it is.
If you can take a step back and look down the road at the possible traffic
jams, you can make maintenance easier by spending a little extra time with
the implementation. This column will attempt to offer some advice that
could save you some maintenance headaches.

 Building your firewall: Read the whole series!

  Part 1. Are you letting your firewall vendor decide your architecture?

  Part 2. How to make sure your OS is ready to go

  Part 3. Implementation: Setting up firewall rules I always find that
examples are the best way to explain a point. The problem with using
examples when discussing firewalls is that there are many types to choose
from. Trying to give examples of each would be tedious (assuming that I
even could).  To keep it simple, I'll try to stick to general issues and
give examples from two of the most popular firewalls available: Checkpoint
Firewall-1 (stateful inspection) and TIS Gauntlet (proxy). This is not to
be construed as an endorsement of either -- I'm just more familiar with
these.

[snip...]

ISN is sponsored by Security-Focus.COM