Firewall planning | General Recommendations

The following recommendations for firewall planning and implementation will help administrators plan for firewall placement and implement their firewall policies:

  • Placement and Deployment
    • Place a packet-filtering firewall at the edge of each discrete network in the organization.
    • Deploy firewalls at internal nodes in a network where one or more subnetworks have special needs that cannot be handled by the edge firewall.
    • Use a firewall with VPN (virtual private network) features when confidentiality of traffic between two points on the network is needed.
    • Deploy personal firewalls on user systems that need protection beyond what can be provided by firewall(s) closer to the edge of the network.
  • Firewall Policy
    • Deploy personal firewalls on all portable computers that may be used outside of a trusted organizational network.
    • Plan for the policy development and configuration of each firewall before it is deployed on the network.
    • Coordinate the policies of all firewalls in a network, and perform a regular review of all policies to ensure that organizational security policy is being met.
    • Only permit appropriate source and destination IP (internet protocol) addresses in the traffic that flows in either direction through a firewall.
    • Restrict the types of applications that can be reached from outside the protected network by blocking all non-approved TCP (transmission control protocol) and UDP(user datagram protocol) ports.
    • Allow ICMP (internet control message protocol) type 3 messages to pass through firewalls.

Published in Firewalls - VPN , Wednesday February 4th 2009
Tags: , ,



12 Responses to “Firewall planning | General Recommendations”

  1. Pappy says:

    My camera on YM is not working through firewall. I have disabled both Microsoft and ZoneAlarm firewalls. How can I resolve the problem ?

  2. admin says:

    First is I don’t recommend using two firewalls at the same time, because conflicts can appear. It is best to disable Windows Defender and let only ZoneAlarm Firewall.

    In Zone Alarm Panel go to “Program Control” and check the permissions for Yahoo Messenger.Also under Firewalls you can set the safe zones.

    If you have a router it may not be the firewall your problem, it could be your router. Make sure that the ports YM needs (usually 5150) are open.

  3. Tam says:

    How can I get around my company firewall ?

  4. admin says:

    Usually you need to do your job, but … you can use a proxy.

  5. Alexia says:

    Internet Protocol (IP) is defined by ?

  6. Alexia says:

    What is the role of the IP Packet Header ?

  7. Alexia says:

    What are the fields of the IP packet header ?

  8. admin says:

    1. RFC 0791
    2. RFC 2474
    3. RFC 3168
    4. RFC 3260

  9. admin says:

    The IP packet header is what tells an IP-based host what to do with the packet that was received

  10. admin says:

    Version (VERS, 4 bits)
    Internet Header Length (IHL, 4 bits)
    Differentiated Services field (DS field, 6 bits)
    Explicit Congestion Notification (ECN, 2 bits)
    Total Length (16 bits)
    Identification (16 bits)
    Flags (3 bits)
    Fragment Offset (13 bits)
    Time to Live (8 bits)
    Protocol (8 bits)
    Header Checksum (16 bits)
    Source Address (32 bits)
    Destination Address (32 bits)
    Options (variable)
    Padding (variable)

  11. Adam says:

    What is TCP ?

  12. admin says:

    The Transmission Control Protocol (TCP) is a connection-oriented transport mechanism that resides at Layer 4 of the OSI model

  13. Ken says:

    interesting post

  14. P. Silva says:

    a very good article about Firewall planning | General Recommendations

Leave a Reply


Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved