A company's first priority is to place a network firewall at the Internet perimeter, but there are many other areas that can benefit from firewall protection. The FBI's annual computer crime surveys typically identify the internal network and users as the source of more than 60% of successful network intrusions. By implementing network firewalls throughout key areas of the internal network, companies can mitigate much of this threat.
To identify these key areas, look for networks with high-value servers and internal network choke points. Internal servers are high-value assets because they house confidential data and provide mission-critical services to computer users. They are also typically less protected and therefore more vulnerable than servers that are accessible from the Internet. By firewalling these assets and only allowing access to needed services and users, companies can greatly improve the security of these high-value systems. Network "choke points" are areas where networks interconnect with remote sites, or networks that are designated only for a particular use (VoIP, storage, guest access, etc.). Firewalls in key choke-point areas can prevent propagation of worm outbreaks and limit damage in the case of network intrusion.