College】 【weak network firewall issues carefully 12.

<br> firewall is to protect our network, the first barrier, if this line of defense in the fall, then our network to dangerous! .So we need to carefully look at matters carefully install a firewall! .1. Firewalls your security policy. .Firewall enhancements <BR> some security policy. .If you do not have a firewall in place before the development of security policy, then now is the time to develop. .It can not be written in written form, but can also be used as security policy. .If you do not have a clear security policy on what should be done so, install a firewall is the best you can do something to defend your site, and to always maintain it is not easy to do. .To have a good firewall, you need good security policy --- written in writing and accepted by all. .<BR> 2. In many cases, a firewall is not a single device. .<BR> Except in special cases the basic firewall is rarely a single device, but a set of equipment. .Even if you buy a commercial "all-in-one" firewall program, you also have to configure the other machines (such as your web server) to run along with them. .These other machines are considered part of the firewall, which contains the configuration of these machines and forms of management, their trust is what, in turn them as credible and so on. .You can choose a basic called "firewall" device is expected to shoulder all of its security responsibilities. .<BR> 3. Firewalls are not always readily available products. .<BR> Choose a firewall is more like buying a house instead of choosing where to vacation. .Firewall and the house is very similar, you have to stay with it every day, and you use it period is much more than a week or two. .Are required to maintain or will crash out. .Construction of the firewall have to carefully select and configure a treatment program to meet your needs, and then continued to maintain it. .Need to do a lot of decisions, on a site is the right treatment options are often the site of another is not correct. .<BR> 4. Firewalls do not handle all of your questions. .<BR> Not to expect the firewall on its own can give you security. .Firewalls protect you from the threat of a class of attacks, people try to direct attack from the outside inside. .But can not prevent attacks from within the LAN, it can not even protect you from all those who can detect the first attack. .<BR> 5. Use the default strategy. .<BR> Normally means you refuse to except that you know the necessary security services and any other services. .But the new vulnerabilities appear daily, closed insecure service means a constant war. .<BR> 6. Conditional compromise, not easily. .<BR> People like to do unsafe things. .If you allow all requests, your network will be very safe. .If you reject all requests, your network is also unsafe, you do not know where the hidden things unsafe. .Those who can not, and you will be working with people against you. .You need to find the form to meet the needs of users, although these forms will bring a certain amount of crisis. .<BR> 7. The use of hierarchical means. .<BR> And in one place since the single device. .The use of multiple layers of security to prevent a failure result in infringement questions you care about. .<BR> 8. Only what you need to install the. .<BR> Firewall machine can not install as an ordinary computer, as all the software distribution vendors. .Part of the machine as a firewall must be kept to a minimum installation. .Even if you think something is safe and do not when you do not have to install it. .<BR> 9. Use all the resources available. .<BR> Do not create a single source of information on the firewall, in particular, the resource does not come from manufacturers. .There are many resources you can use: for example, vendor information, we write books, mailing lists, and sites. .<BR> 10. Just believe you can be sure. .<BR> Do not believe the graphical interface and dialog boxes, or hand something about how to run the company's statement, testing to determine the connection should be rejected rejected. .Testing to determine the connection should be allowed to have allowed. .<BR> 11. Constant re-evaluation decision. .<BR> You bought a house five years ago today, may not fit you. .Similarly, you installed a year ago the firewall for your situation is not the best handling package. .For the firewall, you should be regular assessment of your decision and make sure you still have a reasonable treatment options. .Modify your firewall, just like new house, as have significant efforts and careful planning. .<BR> 12. To be prepared for failure. .<BR> Well prepared for the worst. .The machine may stop running, the user may be a good motivation for doing wrong things, a malicious user may be motivated to do bad things, and succeeded in beating you. .But we must understand that when these things happen when this is not a complete disaster. .<BR> <BR>.