【 Weak current College 】 important considerations for installing Firewall

A firewall is to protect our network of the barrier, if this line of defence was lost, our network is dangerous! so we need to watch out for the installation of firewall considerations!
　　
Firewall for your security policy
　　
Firewall enhances some security policy. If you do not have in place before making the firewall security policy, then now is the time to develop. It can not be written in a written form, but also can be used as a security policy. If you are not yet clear on the security policy should do so, install a firewall you can best protect your site, and you want to keep maintaining it is not easy. If you want to have a good firewall, you need good security policy---written as written and been accepted by us.
　　
In many cases a firewall and is not a single device
　　
Except in special cases, a simple firewall is rarely a single device, but rather a group of devices. Even if you purchase a commercial "all-in-one" firewall application, you also have to configure the other machines (such as your Web server) and one of the same run. The other machines are considered to be part of the firewall, which contains the machine configuration and management style, their trust in what, what will they act as trusted, and so on. You cannot be a simple select one called the "firewall" device they expect their take on the responsibility of all safety.
　　
Firewall is not an out-of-the-box ready access products
　　
Select firewall more like buy a house instead of choosing where to go for a holiday. Firewall and houses are similar, you have every day and it stayed together, you use its duration of more than a week or two. Needs to maintain otherwise will crash. Building a firewall needs to carefully select and configure a solution to meet your needs, and then continue to maintain it. Need to make many decisions, on a site is the right solution is often to another site is wrong.
　　
Firewall will not solve all your problems

And don't count on the firewall by itself will be able to give you security. Firewall to protect you from the threat of a class of attacks, people try to internal from external direct attack. But it does not prevent an attacker from the internal LAN, it cannot protect you from the first of all those it detected attacks.
　　
Use the default policy
　　
Normally your means is refused but you know the necessary and the security of any service other than a service. New vulnerabilities appear every day, turn off unsafe service means a continuous war.
　　
Conditional compromises, rather easily
　　
People like to do unsafe things. If you allow all requests, your network is not secure. If you reject all requests, your network is not secure and you won't know what hidden is not secure. Those who cannot work with you in person will be against you. You need to find ways to meet user needs, although these will bring a certain amount of risk.
　　
Using hierarchical methods
　　
And in one place since a single device. Use multiple layers of security to avoid a mistake on your concerns.
　　
Only install what you need
　　
Firewall machine is not like an ordinary computer that installs all the software vendor. As part of the firewall machine must maintain a minimum of installation. Even if you think something is safe or not when you do not need to install it.
　　
Use all the resources available
　　
Do not build based on a single source of information for firewall, in particular the resource does not come from the manufacturer. There are many available resources: for example, the vendor information that we have written books, mail group and Web sites.
　　
Just believe that you can determine the
　　
Do not believe that the graphical interface of the manual and the dialog box or the manufacturer about how to run a certain thing, detection to determine the connection should be rejected are refused. Test to determine whether it should allow connections allowed.
　　
Constantly re-evaluate decisions
　　
You five years ago to buy a House today might have been not suitable for you. Similarly, you previously installed a firewall for your present situation is not the best solution. For firewall you should regularly assess your decision and confirm that you still have a reasonable solution. Change your firewall, like moving a new home, you need significant effort and careful planning.
　　
To prepare to fail
　　
Well prepared for the worst. The machine may stop running, well-motivated users may be doing wrong things, a malicious user might do the motivation of the bad things and successfully beat you. But we must understand that these things happen when this is not a complete disaster.