Problem solve Get help with specific problems with your technologies, process and projects.

What extra measures should I take after installing a firewall?

At this time our "security" is limited to virus protection software on workstations. We are looking at the PIX525 firewall. Our ISP manages our router, but it is on site. What extra measures should be taken after installing the firewall?

We have a small wireless network that we use for accounting/data collection. Currently the wireless signal is just string enough to connect workstations within the building.

Well, first make sure you have expert help in properly installing the firewall and configuring it. Make sure no user can bypass the firewall to get to the Internet. The firewall cannot protect connections made outside of it (i.e. modems, direct connections to your ISP ). Make sure all connections incoming and outgoing are blocked unless a specific firewall rule allows them. Such configuration requires a little knowledge about your network, so be sure to work with the expert if you hire that help.

You also need to examine your entire risk picture and your security policy. This means that perimeter protection is not enough, and controls on all hosts on your network are necessary. Things like the antivirus you are using, personal firewalls, patch updates, control over computer configuration and much more.

Also, you wrote that you have a small wireless network that you use for accounting/data collection and that your current wireless signal is just string enough to connect workstations within the building. Don't assume that this is true. Companies are often surprised at how far that signal can reach when a determined individual mounts an attack or when someone just gets lucky. Also, when contractors, salespeople and visitors come into your building, they now have access to that network -- which seems like it has some very sensitive data on it. Please be sure to implement encryption and look at WPA and PEAP and other security measures for wireless networks.

This was last published in September 2004

Dig Deeper on Network intrusion detection and prevention and malware removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.