I'm actually writing a book on this subject (technically it is on hardening your network infrastructure, but this will be a component in a chapter). The quick answers off the hip are:
1) To protect internal resources such as business critical servers and systems (i.e. HR data) from threats in the exact same manner that you protect your network from the Internet. 2) To filter and restrict data entering your network over non-Internet based links. For example, putting a firewall between your frame-relay router and your internal network. 3) To very granularly restrict the traffic that can pass through a given segment. For example, if you run a bunch of file servers you can place a firewall in front of them and only allow file sharing ports to be opened from your users. 4) To provide application proxy functionality against your servers. Here is a quick CERT recommendation: http://www.cert.org/security-improvement/practices/p075.html HTH Wes Noonan [EMAIL PROTECTED] http://www.wjnconsulting.com > -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto:FW-1- > [EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, December 09, 2003 09:44 > To: [EMAIL PROTECTED] > Subject: [FW-1] use of internal firewalls > > Hi > > Anyone have any good documents on why one should use a internal firewall, > or statistics on the number or organisations using internal firewalls. > > > > > This E-mail transmission may contain confidential or legally privileged > information that is intended for the addressee only. > E-mail communications are not necessarily secure and may be intercepted or > altered after they are sent. Norwich Union International does not accept > liability for any such alterations. Any views or opinions presented are > solely those of the author and do > not necessarily represent those of Norwich Union International. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution or reliance upon the contents of this E- > mail is strictly prohibited. If you have r > eceived this E-mail transmission in error, please notify the sender > immediately, so that Norwich Union International may arrange for its > proper delivery. Please then delete the message from your inbox. While > steps have been taken to prevent computer vir > uses, we cannot guarantee that attachments are virus free and we would > therefore advise that you make further checks as Norwich Union > International are not liable to third parties for any damages resulting. > > Norwich Union International Limited is supervised by the Regulatory > Authorities of the Republic of Ireland. > > Norwich Union International Limited 6 Georges Dock International Financial > Services Centre Dublin 1 Republic of Ireland Registered No 303257 > Telephone + 353 1 802 8494 Fax + 353 1 802 8400 > www.nuinternational.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
