From the Network World Archive

Steps for making the right selection

By Joel Snyder

     Choosing an Internet firewall starts with a clear definition of your 
security goals. Decide ahead of time what elements your policy will have, 
what logging and alarms you will need, what au-thentication is acceptable 
and where you need to put security barriers. 
     Next, decide on your system management philosophy. Do you want to have 
a vendor provide an all-in-one solution that you plug in and let loose? Or 
do you want an active part in defining filters, rules, special types of 
proxies, obscure protocols and unusual cases? Do you want to manage the 
firewall platform (typically a Unix system), or should this be a hands-off 
     Finally, think about the relationship between the firewall and other 
services on your network. What are the service goals that this firewall 
will support? Will you be expecting the firewall to handle Domain Naming 
Service? Process SMTP electronic mail? Be your World-Wide Web server? Or do 
you want to make a clear separation between the firewall and network 
     Once you have policy, philosophy and service goals in place, you'll 
find that only a few products on the market really fit your needs. Nothing 
takes the place of doing your homework on your organization first.
     Remember that firewalls are just one part of a much larger security 
plan. The greatest danger to corporate network security comes from internal 
users, not external attackers. Corporate networks are especially vulnerable 
to the simplest of eavesdropping and impersonation attacks, as well as just 
plain negligence and carelessness. Firewalls are also not the final answer 
to external security problems. A dedicated criminal can break into any 
network, given time and resources.
     --- Joel Snyder