Different Types of Office Requirements

The first question to ask when implementing a firewall is whether the firewall is going be located at a central location or a remote location.
Nội dung trích xuất từ tài liệu:
Different Types of Office RequirementsDifferent Types of Office RequirementsAlthough every firewall implementation is truly unique, a couple of fundamental designsfrom which virtually all firewall designs are created. The first question to ask whenimplementing a firewall is whether the firewall is going be located at a central location ora remote location. When you have answered that question, you need to examine theresources that need to be protected. With that in mind, the next step is to determine howmany demilitarized zones (DMZs), if any, need to be implemented.Although most of these design questions are based on protecting internal resources, theyshould be equally applied to the question of how the firewall will screen Internet accessfor your internal resources, essentially protecting the Internet from your systems, while atthe same time enabling you to restrict and filter the kinds of Internet-based traffic thatwill be allowed from your internal resources.Central OfficeAlthough referred to as a central office implementation, the key to this implementation isnot necessarily that it exists at the central office. Rather, the central officeimplementation refers to an implementation that has a number of common elements: • A concentration of resources must be protected by the firewall. • A significant number of internal users need access to external resources through the firewall (for example, if the firewall handles the majority of the companys Internet access). • Technical personnel can actively monitor and manage the firewall because they are physically located at the same location.As a result, the central office implementation is applicable in any environment thatmatches these elements. For example, many large companies have multiple locations thatwould all warrant the central office design, because there may be two or more hublocations with a high concentration of users, resources, and administrators.The central office implementation is highlighted by an implementation that tends to bemore complex than the remote office implementation and tends to utilize higher endhardware and software to achieve the objective of protecting resources. For example, thecentral office may utilize multiple firewalls in a dual-firewall implementation to protectresources and may have multiple firewalls implemented in a task-specific fashion. Youmight have a separate Internet-screening firewall, web-application firewall, and e-mail-filtering firewall.Central office implementation are also frequently underpinned by more advancedfirewallssuch as Cisco Secure PIX Firewalls, NetScreen, Check Point, or Microsoft ISAServeras opposed to smaller Network Address Translation (NAT) routers or smalloffice/home office (SOHO) firewall products.As a general rule, the central office implementation tends to provide for the mosthardened and secure firewall implementation.Remote OfficeThe remote office implementation tends to revolve around a more simple, point solutiondesign. As opposed to the central office, remote offices typically have few technicalresources at the location with the expertise required to effectively manage and maintain afirewall. Remote offices also rarely have internal resources that must be accessed byremote sources, which means that often the firewall implementation is little more than anInternet-screening firewall, keeping all Internet sources from accessing internal resourcesand restricting Internet access by internal resources.Although the central office implementation lends itself to protecting literally thousands ofusers and resources, the remote office implementation is really only effective atprotecting a relatively small number of users and resources, generally fewer than 100users and resources. Consequently, the remote office implementation lends itself to theuse of SOHO firewall solutions ranging from lower-end firewalls such as the Cisco PIX506E, NetScreen 5, or NetScreen 25 all the way down to the basic NAT filtering routerssuch as some of the Linksys or D-Link product lines.