Using Firewalls to Segment Internal Resources

Using Firewalls to Segment Internal Resources Perhaps the most overlooked implementation of a firewall is on the internal network. | Using Firewalls to Segment Internal Resources Perhaps the most overlooked implementation of a firewall is on the internal network. Many companies make the mistake of considering their entire internal network to be a trusted network. Unfortunately the prevalence of worms and viruses today undermine this philosophy. Companies are repeatedly decimated by worms that spread unchecked throughout the network because there are no firewalls implemented throughout the internal network to segment and control traffic on the internal network. In a number of instances firewalls should be considered on the internal network To protect sensitive internal resources To protect from WAN or remote-access VPN dial-in etc. requests To protect individual internal resources Protecting Sensitive Internal Resources Sensitive internal resources include any servers that contain critical and sensitive data such as human resources HR data financial data or source code. This could also include segmenting resources based on things such as department or job function. These servers and resources should really only be accessed by certain individuals and in conjunction with access controls in place on the server itself a firewall can be used to prevent unauthorized hosts from even being able to access the server in the first place. For example if the HR server only should be accessed by the HR department and the HR department resources are on a defined range of IP addresses a firewall can be configured to only allow those IP addresses to access the server over the network. An even better implementation exists in environments where the firewall can be configured frequently through the use of VLANS to place all the HR resources both the servers and the computers of all the HR users on the same protected subnet. This enables you to configure the firewall to block all traffic from external sources while still allowing the HR users to access any resources on the rest of the internal network. Figure 9-6 .

Bấm vào đây để xem trước nội dung
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.