Firewall on a closed LANNetwork Administration

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Network Administration Firewall on a closed LAN

This topic contains 2 replies, has 2 voices, and was last updated by  Cheech 3 years, 7 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #82192


    Hay guys

    I am doing a small project at the moment using VMs. I am setting up a LAN which has a number of servers AD DC, DHCP and web with a few clients. I would like to implement a firewall (endian) just for trying to keep things as close to a real scenario as possible.

    The network I am building will not have any connections from the outside except for clients logging into the domain, in a real scenario would a closed LAN have a firewall? Would having clients even though connected to LAN be a reason for/not having a firewall?

    And lastly where would I best to be placing the firewall in this closed network? My thinking would be placing the clients and AD server in front of the firewall and having the web and file server behind it? Would placing a second firewall between AD and the client terminal be a good idea?



    I usually don’t build closed loop networks so someone else might have a more experienced opinion.

    But, a firewall usually protects you from something else (non-local network traffic). You say there is none, so nothing to protect again. If I had differing local network needs or security levels, I might compartmentalize my network to isolate traffic or data but you seem to say that is not an issue.

    If you are concerned about client to server communications, you’re probably more likely to have host-based firewalls limiting traffic types ot to ranges instead of a hardware firewall. This might be better for concerns like USB based concerns. I guess malware could infect local hosts without network access if provided via USB stick but host-based firewall could limit ingress/egress traffic to only needed ports and potentially foil infection.

    My opinion, worth every bit you paid.



    @smeek Thanks again for another great answer.

    With the network being closed it does seem pointless there doesn’t seem to be a particular part of the network where it would be appropriate.

    This is a project for university the main project is finished but I am just trying to scoop extra marks by adding a bit of creativity, I think I will open the network up so I can justify the firewall and implement a DMZ.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?