[ previous ] [ next ] [ threads ]
 From:  Vince Van De Coevering <vpv at figaros dot com>
 To:  'James McKeand' <james at mckeand dot biz>, "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: Internal Firewall
 Date:  Thu, 1 Sep 2005 08:48:25 -0700
> By adding a firewall between your users and your servers you will be
> dealing with an overly complex setup. The only rational for doing this
> is if you do not trust the users, i.e. public access or student/lab
> users. If that is the case restrict the public access or labs from the
> LAN on a DMZ.
> Enforce policies on proper use, updates and antivirus. Don't 
> allow IM or
> AOL installs. Restrict installation rights on your workstations.
> Consider some kind of web content filtering to restrict access to
> questionable material/games.

I know of a large healthcare company who attempted to firewall off their
servers because they believed that HIPAA compliance called for that.  What
ended up happening is that they created a lot of latency in their network
which caused critical services to timeout, created bottlenecks, created
frequent disconnects, and ultimately resulted in lost worker productivity.

You have to weigh the potential problems caused by that level of security
versus the harms you are trying to prevent.  Make sure you lock down your
servers so they are only running the services they need to perform their
designated duties.

Vince Van De Coevering
IT Manager
Figaro's Italian Pizza, Inc.
503-371-9318 x216
vpv at figaros dot com