Firewall Design White Paper v 1.2 , Angelos Karageorgiou

Firewall Design White Paper v 1.2

Or a Heretics View of Access Nexuses.

By Angelos Karageorgiou

First of all let me define what a firewall is and does. Here I will digress a bit from the commonly accepted wisdom, and will define a firewall as an access nexus in the digital communication infrastructure of any organization. That is, you build a firewall not only to protect your internal systems but to also be able to overall enhance your communication abilities.

This paper here is not a set of instructions of how to built an access nexus it is more like a white paper of things you should expect from such a device and be able to ask for them from you vendor. Please do tell them that they are currently availlable on Open Source Servers. Also keep in mind that the following items are by no means the full repertory of an access nexus. These are just some common solutions to every day problems. One can become very fancy indeed in the applications that the nexus can support, but let's take a handsome and logical set.

Let us take a case study of a Linux box, substiture for your favorite Unix like OS here, serving as an access nexus. You are all familiar with the three-fold implementation of networks, Public, Private and DMZ so I will not bore you any further with silly graphics. We also have to take into account that most companies are using a router as an access point to the internet. Our router has the ability of having access lists built in, so why do we still need a firewall to protect some of the machines and not others ?


I will forego all rhetoric on the open source model and make some engineering remarks. You need a firewall/access nexus so that you can manage access to resources and data traffic. You must pass ALL your traffic through your access nexus so that you can know what goes where and does what. An access nexus should be as flexible as a swiss army knife, as maleable as puty and as resilient as a network engineer with a collapsed transatlantic backbone line :-)

Copyright and Copy 2001 Angelos Karageorgiou. Use freely but do not abuse. Please retain the Copyright notice.

<<BACK to my home page.