Protecting Your Perimeter

This chapter examines methods to secure the network perimeter and provide administrator the access that is needed to administer the network. The Linux built-in fire-wall netfilter was covered extensively because of its power and flexibility as a free stateful firewall. In addition to iptables, several GUI front ends were looked at that allow managing the netfilter firewall without knowing the iptables command line syntax. With the perimeter secured, the next step is to establish a secured doorway, so that sitting at home and care of the network could be taken. It is necessary to have some type of firewall for protection on all unsecured connections. It is said unsecured––not Internet, intentionally––because any business partner, home user network, or the Internet are all considered untrusted. It means that there is no or incomplete administrative control over the security of the network connected to. Ultimately, there is no guarantee or proper security control of an untrusted network. The chapter states that having the Internet connection without firewall between a computer and the Internet makes odds very high of compromising. For other types of untrusted connections the odds may be better, but it is still gambling if steps are not taken to protect a network and its systems.