The National Institute of Standards and Technology recently uploaded Guidelines for Firewalls and Firewall Policy in the Knowledge Network.
Network firewalls have long been considered a necessary component of a network security strategy. They are most commonly implemented at the network gateway to prevent unauthorized traffic from the public Internet from entering the private intranet. However, they can also be implemented between network segments to enforce varying levels of trust. You might, for example, choose to filter traffic coming into the sales department's portion of the network to ensure that users from other departments are not accessing sales-related resources.
Firewalls are vulnerable themselves to misconfigurations and failures to apply needed patches or other security enhancements. Accordingly, firewall configuration and administration must be performed carefully and organizations should also stay current on new vulnerabilities and incidents. While a firewall is an organization's first line of defense, organizations should practice a defense in depth strategy, in which layers of firewalls and other security systems are used throughout the network. Most importantly, organizations should strive to maintain all systems in a secure manner and not depend solely on the firewall to stop security threats. Organizations need backup plans in case the firewall fails, this research concludes.
The NIST also has uploaded several other security guides to the Knowledge Network.