Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Using Firewalls to Segment Internal Resources Perhaps the most overlooked implementation of a firewall is on the internal network. | Using Firewalls to Segment Internal Resources Perhaps the most overlooked implementation of a firewall is on the internal network. Many companies make the mistake of considering their entire internal network to be a trusted network. Unfortunately the prevalence of worms and viruses today undermine this philosophy. Companies are repeatedly decimated by worms that spread unchecked throughout the network because there are no firewalls implemented throughout the internal network to segment and control traffic on the internal network. In a number of instances firewalls should be considered on the internal network To protect sensitive internal resources To protect from WAN or remote-access VPN dial-in etc. requests To protect individual internal resources Protecting Sensitive Internal Resources Sensitive internal resources include any servers that contain critical and sensitive data such as human resources HR data financial data or source code. This could also include segmenting resources based on things such as department or job function. These servers and resources should really only be accessed by certain individuals and in conjunction with access controls in place on the server itself a firewall can be used to prevent unauthorized hosts from even being able to access the server in the first place. For example if the HR server only should be accessed by the HR department and the HR department resources are on a defined range of IP addresses a firewall can be configured to only allow those IP addresses to access the server over the network. An even better implementation exists in environments where the firewall can be configured frequently through the use of VLANS to place all the HR resources both the servers and the computers of all the HR users on the same protected subnet. This enables you to configure the firewall to block all traffic from external sources while still allowing the HR users to access any resources on the rest of the internal network. Figure 9-6 .