Print this chapterPrint this chapter

Packet Filtering

1. A firewall

 

People often think that a firewall provides the ultimate security, but they are wrong. A firewall is also a piece of software and should be treated the same way as any other piece of software, because it is just as likely to contain bugs.

So think before implementing a firewall! Do you really need one? If you think you need one write a policy on how it should work, what type of firewall, and who should operate it. But first, read this guide.

Firewalls are used for two purposes:

  • To keep users (worms/attackers) out.
  • To keep users (employees/children) in.

 Basically, there are three types of firewalls:

  • Packet filtering.
  • Circuit relay.
  • Application gateway.

 A firewall should be a dedicated machine running no services (or sshd as the only one) and secured the way this guide recommends it be.