TMS zl Management and Configuration Guide ST.1.0.090213
4-4
Firewall
Overview
Overview
In the past, corporate networks were defined by clear, distinct boundaries,
and network administrators implemented security using an “us versus them”
mentality. Their job was to protect the inside, trusted network (us) against
would-be attackers on the outside (them).
To provide this protection, the first line of defense for any network has always
been a firewall—a collection of components configured to enforce a specific
access control policy between an internal (trusted) network and any other
(untrusted) network. Firewalls filter incoming and outgoing packets to ensure
that only authorized packets pass.
Today’s networks have changed, however. As companies have adapted their
networks to meet the ever-changing face of business, the boundaries between
private and public networks have blurred. The Internet has become a critical
work tool for nearly every company, and companies have opened parts of their
private network to guests—such as partners and customers—allowing tem-
porary and permanent accounts with varying levels of access.
Although providing guests with limited network access is a good business
practice, it introduces security vulnerabilities into what was the inside, trusted
network. You must protect that network against these less-trusted users.
In addition, network users are increasingly mobile, working from home or on
the road and roaming between rooms and even buildings at their company
offices. These users connect their devices to the Internet or other company
networks, where they are exposed to viruses and other malware, and then
plug them back into the company network.
Because these threats are occurring on the inside, trusted network, traditional
security measures—such as firewalls strategically placed between the private
and public networks—do not detect them. The traditional security measures
are still required, but companies must implement additional measures to
protect the network in this new environment. They must filter traffic within
the trusted network, checking for attacks and controlling access to network
resources.
The HP ProCurve Threat Management Services (TMS) zl Module provides this
kind of protection. The TMS zl Module acts as a traditional firewall between
and within networks. The module controls all network traffic, not just traffic
flowing between the trusted network and the untrusted; it allows you to filter
internal traffic, as well.