I heard that network firewalls and host firewalls would increase security.

$Id: firewall-security.html,v 1.3 2007/07/23 19:45:15 itojun Exp $
Unfortunately, no. They exist because of the problems in the operating system you are using.

Network firewalls block/permit certain network traffic from come in/ go out. By doing so, it is hoped that computers within the corporate network would be secured. However! With the existence of network firewall, the morale within the corporate network would (and surely) go down. People do not apply security patches to their client machines, and people do not upgrade their client machines even if the operating system is so old that they go EOL'ed (product end-of-life). The most important attack vector these days is from roaming clients such as laptops owned by technically-not-so-skilled people, and VPN (Virtual Private Networks) connectivity to the internal network of corporates. Those machines which are secured by the network firewall devices go out of the corporate network, connect to the hotel Internet services, get infected by worms and viruses, and goes back to the corporate network and gives trouble to network administrators.

To prevent it, host firewalls, or so-called "fire suit", are getting very popular. Every client machines get "virus scanner" and "packet policing engine" which blocks non-registered protocol packets from going out. However, if the client operating systems are secure enough to begin with, your client machine would never be infected by viruses and worms, and you shouldn't need host firewalls.

So, my recommendation is below:


Copyright(c) 2007 by ipv6samurais.com. All rights reserved. Unauthorized reproduction is strictly prohibited.

[IPv6 demystified] [IPv6Samurais] [itojun]