NIST Guidelines on Firewalls and Firewall Policy

936 KB | 3 files
PDFDOC

The type of firewall to use depends on several factors. This document, provided by NIST, contains numerous recommendations for choosing, configuring, and maintaining firewalls.


Partner logo

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

All IT Downloads from National Institute of Standards and Technology » | Visit National Institute of Standards and Technology »

From National Institute of Standards and Technology | Jul 29, 2009

Firewall technology has matured to the extent that today's firewalls can coordinate security with other firewalls and intrusion detection systems. They can scan for viruses and malicious code in electronic mail and web pages. Firewalls are now standard equipment for Internet connections. Home users who connect to commercial Internet service providers via dial-up or via cable/DSL are also using personal firewalls and firewall appliances to secure their connections.

Firewalls protect sites from exploitation of inherent vulnerabilities in the TCP/IP protocol suite. Additionally, they help mitigate security problems associated with insecure systems and the problems inherent in providing robust system security for large numbers of computers. There are several types of firewalls, ranging from boundary routers that can provide access control on Internet Protocol packets, to more powerful firewalls that can close more vulnerabilities in the TCP/IP protocol suite, to even more powerful firewalls that can filter on the content of the traffic.

The type of firewall to use depends on several factors, including the size of the site, the amount of traffic, the sensitivity of systems and data, and the applications required by the organization. The choice of firewall should largely be driven by its feature set, rather than the type of firewall, however. A standard firewall configuration involves using a router with access control capability at the boundary of the organization's network, and then using a more powerful firewall located behind the router.

Firewalls are vulnerable themselves to misconfigurations and failures to apply needed patches or other security enhancements. Accordingly, firewall configuration and administration must be performed carefully and organizations should also stay current on new vulnerabilities and incidents. While a firewall is an organization's first line of defense, organizations should practice a defense in depth strategy, in which layers of firewalls and other security systems are used throughout the network. Most importantly, organizations should strive to maintain all systems in a secure manner and not depend solely on the firewall to stop security threats. Organizations need backup plans in case the firewall fails.

This document, provided by NIST, contains numerous recommendations for choosing, configuring, and maintaining firewalls.

The attached Zip file includes:

  • Intro Page.doc
  • Cover Sheet and Terms.pdf
  • Guidelines on Firewalls and Firewall Policy.pdf
IT Downloads help you save time and money while executing essential IT management tasks. Download this useful resource now and put it to work for your business.

White Papers, Events, and Resources

10 Things Your Next Firewall Must Do

A next-generation firewall can help protect you network in today's varied and rich threat landscape. Download this white paper and discover the ten critical, specific requirements that make the job of securing enterprise networks easier, better, and simpler.

Firewalls for Dummies

A next-generation firewall can help protect you network in today's varied and rich threat landscape. Download this eBook and discover the critical capabilities you need to protect your business.