Questions:
Firewalls
1 - Can you think of situations that call for multiple firewalls on the same network or same network segment? Why might you firewall off two or more connections into a subnetwork?
In the #2 please give your own opinion if you agree or disagree and why. Like discussion.
2 - Yes there will be cases where we need multiples firewalls in on the same network or same network segment. Suppose a network where we have multiple servers with high or confidential data. To protect the database access from some of the workstation we can install a firewall access between the server containing this database and the other servers. Even Thought this protection can be done with other methods like group policy and access restriction a firewall will simply look at anything behind that server as external, which gives more protection. The same think can be done on the same network segment by installing an extra firewall for example between an IT testing computer and the other network computer to avoid that other computers been contaminated with some virus testing and installation on the IT computer.
3 - Many people think that firewalls are a complete security solution and as long as they've installed one on their Internet-attached LAN, they're safe. What's wrong with this argument?
4 - In fact firewall can not be the complete security option. Thinking that installing a firewall gives a total protection for the network is a wrong idea. Firewall is a software or combination of hardware and software that limits the network access according to defined rules. This simply means that a firewall can do many things but if the rules are not properly defined inside the firewall, the firewall can just seats there as a simple decoration tool. The other thing about the firewall is that it is basically designed to protect the network from outside attack. How about the potential inside attacker? From this point of view the firewall is meaningless. More than having a firewall with a well-defined rules, we should also consider putting in place some security measures to protect our network.