By Michael Goodwin on May 25th, 2007
Buying a firewall is only the first step. Now you have to configure it — and proper configuration of a high-powered firewall is anything but a trivial task. It demands great skill from the firewall administrator, as well as an in-depth understanding of network protocols and some of the more esoteric aspects of computer security. Even a small mistake can render a firewall worthless as a security tool.
Developing a coherent network security policy is an essential first step. This document should outline rules for network access, determine how policies will be enforced and lay out the basic elements of the network security environment. A good security policy will go far beyond keeping the crooks out; it will govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. And it will specify these rules for individuals or groups of individuals throughout the company.
Network security starts by authenticating every user who attempts to access the network. Once the user is authenticated, a well-designed firewall enforces access policies, which should include a list of exactly which network services and resources that user will be allowed to access.
Authentication is essential if you want to prevent unauthorized access to company resources and data, but authentication alone offers no way of checking potentially harmful data (a computer worm, for instance) from entering the network and causing damage such as denial of service. An intrusion prevention system (IPS) is designed to detect and prevent such exploits. IPS keeps a lookout for suspicious network traffic, including such aspects as content, volume of traffic and anomalies in order to protect the network from attacks. In addition, communication between two hosts using the network might be encrypted to maintain privacy. Individual events occurring on the network can be tracked for auditing purposes, and for a high-level analysis at a later time.