Firewall Design White Paper

Firewall Design White Paper

Or a Heretics View of Access Nexuses.

By Angelos Karageorgiou

First of all let's define what a firewall is but a bit differently. Here I will digress a bit from the commonly accepted wisdom, and will define a firewall as an access nexus in the digital communication infrastructure of any organization. That is you build a firewall not only to protect your internal data but to also be able to overall enhance your communication abilities. This paper here is not a set of instructions of how to built an access nexus it is more like a white paper of things you should expect from such a device and be able to ask for them from you vendor. Please do tell them that they are currently availlable on Open Source Servers.

Let us take a case study of a Linux box, substiture for your favorite Unix like OS here, serving as an access nexus. You are all familiar with the three-fold implementation of networks, Public, Private and DMZ so I will not bore you any further with silly graphics. We also have to take into account that most people are using a router , let's say a Cisco, as an access point to the internet. Our router has the ability of having access lists builit in, so why do we still need a firewall to protect some of the machines and not others ?


I will forego all rhetoric on the open source model and make some engineering remarks. You need a firewall/access nexus so that you can manage access to resources and data traffic. You must pass ALL your traffic through your access nexus so that you can know what goes where and does what. An access nexus should be as flexible as a swiss army knife, as maleable as puty and as resilient as a network engineer with a collapsed transatlantic backbone line :-)