Securing the Internal Network
How secure the Internal network
should be is another issue that I have had "heated discussions" with my co-workers about. They
argue that if we "make sure" that the firewall is secure, then we don't need to worry about the
security on the internal network. To me this is the same issue as locking the
front door, but writing the safe combination on the wall. Based on my hacking experiences, I think
that it is unwise to take anything for granted.
Here again, you need to weigh security
with convenience. In most cases, the inconvenience of slightly slower connections or an extra two
seconds to login is negligible compared to the damage cause by a malicious
intruder. The best approach is to address those issues that we talked about
earlier, including implementing the private IP address as defined in
In addition, you should very much be considering implementing the same security
on the Internal machines as you would on your gateway.
The reason is security. If any intruder breaks into the gateway and if they can then
get into the internal, how safe of the other machines. If you left holes open on the gateway, the
odds are the holes are on the internal machines as well.