Establishing firewall policy

One in five respondents to an Information Week/Ernst and Young Security Survey admitted that intruders had broken into, or had tried to break into, their corporate networks, via the Internet, during the preceding twelve months. Unfortunately, there is a growing impression that all of the security problems associated with internetworking can be fixed by deploying a firewall. True, many of the commercially-available firewall products are very powerful and firewalls deserve to be near the top of the agenda for organizations who have, or are thinking about creating, a connection between their network and another network. However, firewalls, at least in the narrow sense of the term, are not the whole answer. Broadly speaking a firewall is a system or group of systems that enforces an access control policy between two networks. More specifically, a firewall is a collection of components or a system that is placed between two networks and possesses the following properties: all traffic from inside to outside, and vice-versa, must pass through it; only authorized traffic, as defined by the local security policy, is allowed to pass through it; and the system itself is immune to penetration. In other words, a firewall is a mechanism used to protect a trusted network from an untrusted network