tailieunhanh - Determining If You Need a Firewall

Firewalls should not be relegated exclusively to the realm of providing access to and protection from Internet-based resources | Determining If You Need a Firewall It is convenient and accurate to say that you always need a firewall if you are connecting to the Internet. Firewalls should not be relegated exclusively to the realm of providing access to and protection from Internet-based resources. Instead you should consider implementing a firewall any time a resource needs to be protected regardless of where the protected resource is located or where the requesting traffic will be coming from. Firewalls can and in many cases should be used to control access to important servers or different subnets within the corporate network. For example if two branch offices should never need access to each other s resources you should consider a firewall to enforce that policy and ensure that such access is never granted. To help determine where you can implement a firewall define what the cost of the data you are trying to protect is. This cost includes a number of variables. One variable to consider is the cost of restoring or repairing the data. An additional variable is the cost of lost work and downtime as a result of the data being inaccessible to employees. Yet another variable is the cost in lost revenue or income that might come as a result of the loss of data. A common way of quantifying this kind of cost is known as determining the single loss expectancy SLE and annual loss expectancy ALE . SLE is the expected monetary loss every time an incident occurs. The ALE is the expected monetary loss over the course of a year. The ALE is calculated by multiplying the annual rate of occurrence ARO by the SLE. The ARO is the probability that something will occur during a given year. The easiest way to understand how to calculate and determine this information is to go through a fictional scenario. Suppose that your external web server is compromised and that web server is used to process incoming requests that 100 data processors work on. The first thing to do is to define the SLE and doing that requires