Considerations for Building a Transparent Firewall Complex
October 31, 2000

by James Mendelsohn

Virtually every business developing Internet operations needs a transparent firewall complex--an unobtrusive means of restricting access to a private network from unwanted intrusions via the Internet. The firewall must monitor activity such as e-commerce and restrict remote use of an enterprise network. Invisible to users--hence transparent--a firewall complex protects a network from such dangers as hacking, denial-of-service attacks, and theft of proprietary information.

• Assessing your business needs
• Identifying kinds of firewalls
• Choosing a firewall complex

First Stage: Assessing What Kind of Business You Do and Evaluating Your Security Policy

• How much do you use the Internet for e-commerce? for m-commerce? To what extent should customers have access to your network and how often?
• How much do you use the Internet to connect remote or mobile employees with your network? With each other?
• How large is your network? How much information does it exchange via the Internet?

Answering these questions should help you determine what access your firewall complex will need to limit and what it will need to allow.

• What additional network security components do you have, such as intrusion detection and anti-virus software? (A firewall is a controlled gateway. It can't stop attacks from malicious insiders, nor take the place of education and security policies and procedures.)
• Where are you most vulnerable?
• What are your most valuable assets?
• What access needs the most restriction from both outsiders and employees (such as databases containing proprietary information and financial records)?

You might consider hiring a security consultant to help you develop a comprehensive security policy, to assess your vulnerabilities, and to evaluate the firewall products available for the complex you build. All these factors will depend on both your budget and the in-house technology resources you have to create a security policy.

• support your home network;
• extend your network to remote devices such as
  • laptops,
  • mobile phones,
  • home desktops,
  • branch networks of your business.

The firewall complex is a number of components devoted to a single goal: to secure a network by controlling access to all entry and exit points.

• how much you need to restrict access;
• how much speed and convenience you need to encourage commerce and the exchange of information.

Identifying Kinds of Home Network Firewalls
You'll need to decide between four kinds of firewalls or a combination of two of them. They vary in their ability to restrict access and to facilitate the flow of information between your network and the Internet. One of them, the circuit level gateway, isn't transparent to users inside your network. The kinds of firewalls are as follows:

• fast
• inexpensive
• transparent
• easily implemented (because most networks already have routers)

• are the least secure form of firewall;
• make a network vulnerable to attack at the network address to which access has been granted;
• risk a network being fooled by someone spoofing a seemingly acceptable address if the host address cannot authenticate an address very well;
• do not enable a network to build in powerful user authentication ability;
• make it difficult to keep good logs and can be unaware of attacks and unable to recover well from them;
• are notoriously difficult to adjust to the preferences an administrator desires.

[Page 1]   [Page 2]