Firewalls are used to protect an organization's internal network from those on the outside (internet). It limits and regulates the access from the outside to the internal network and also regulates traffic going out. It is used to keep outsiders from gaining information to secrets or from doing damage to internal computer systems. Firewalls are also used to limit the access of individuals on the internal network to services on the internet along with keeping track of what is done through the firewall.
Firewalls filter traffic based on their protocol, sending or receiving port, sending or receiving IP address, or the value of some status bits in the packet. There are several types of firewalls which include packet filtering, circuit level relay, and application proxy.
If your organization does not have a firewall, get one. At least implement a packet filtering firewall on a Linux based computer, if money is the concern.
- The firewall should filter e-mail, FTP file transfers, and web content traffic for potential harmful or hostile code and viruses.
- No computer should be directly connected to the internet without going through an IS approved firewall. This means independent modem connections to the internet should be forbidden.
- Set up a "spoofing filter" on your firewall - Don't allow traffic from the internet that indicates a source IP address matching any of your internal network addresses. This keeps attackers from "spoofing" your machines and possibly causing them to crash.
- Prevent spoofing from your network - Place an outbound filter (for addresses inside your network attempting outside access) on the firewall that only allows traffic from valid internal network addresses to be serviced. This should prevent attacks against other networks from being originated in your network.