-Can be housed in a router that connects all of the home computers to a DSL, cable modem, or other Internet interface
– Typcially much less complex than server-based or standalone firewalls
– Primary role is to deny unauthorized remote access
– May also monitor outgoing traffic to detect and block worms and malware activity
Stealth Mode hides the system from the internet by dropping unsolicited communication packets
UDP packets can be blocked
Logging for checking on unwanted activity
Applications must have authorization to provide services
Deploying firewalls
– Internal DMZ network
– Internal protected network
Add more stringent filtering capabililty
Provide two-way protection with respect to the DMZ
Multiple firewalls can be used to protect portions of the internal network from each other
An important aspect of distribute firewall configuration: security monitoring
Host-resident firewall, screening router, single bastion inline, single bastion, double bastion inline, double bastion T, distribution firewall configuration
