It would also be useful to find out what inbound traffic from the Internet can be considered valid and what is invalid.The design guidelines presented in this module will help you select the features you need from your firewall, taking into account major considerations such as growth and cost.There may already be firewalls in the environment that can be reused and routers that can have a firewall feature set installed.Your ISP can often implement firewall restrictions on your link, such as , i.e.
If you are offering a public Web server facility when users may want to connect 24 hours a day, you need almost 100% uptime.
limiting the rate at which certain packets are sent to you in order to reduce distributed denial of service attacks, DDo S, when your network is bombarded simultaneously by many other computers.
Ask your ISP if they perform filtering according to RFCs 19.
The module will also provide you with information on some of the most damaging intrusions so that you can determine which are most likely to occur in your environment and how intrusions can be prevented, not just by installing a firewall but, for example, by tightening up server configurations or discussing controls with your Internet Service Provider (ISP).
This module also defines different classes of firewalls and using the design guidelines you should be able to select the most appropriate class of firewall to meet your requirements.
Later on this module, the firewalls are grouped into classes to differentiate them, but before selecting a firewall, you need to determine what your requirements are, taking the following considerations into account: What is the available budget?