There are various firewall security strategies that can be applied in the provided scenario, where security needs to be enforced. These strategies are straight forward in helping to deploy, build a firewall solution for any site or strengthen firewall rules. One of these strategies is least privileged that limits the firewall’s attack surface or exposure. This strategies supports limited access configurations or building up rules that limit access allowing any object such as a system, program, administrator, and user among others to have only privileges that they need to perform their assigned tasks (Trend Micro Solutions, 2017). However, this strategy is more costly to deploy especially due to the need of an administrator to constantly build the access rules that limit user privileges to access various files, applications, or folders. Similarly, it can be time-consuming in setting the access rules as well as disabling software or services that increase exposure to attacks or not needed as well as limiting applications that utilize the firewall.
A second strategy is a defense in depth that involves relying on multiple security mechanisms to reduce exposure to attacks by backing each other up. This strategy believes that even the strongest or seemingly impenetrable firewall sometimes attackers can figure way out to breach its securities and attack. Coming up with mechanisms to provide redundancy and backup of each can be a great security strategy. However, this means that the cost to deploy this strategy due to the need for extra backup and redundancy mechanism as well for maintaining them.
Another strategy that can be applied is the simplicity, because having it simple and not complex makes things easy to understand, manage, and cost-efficient, unlike complex program or mechanism hard to understand hence subject to more bugs and exposure to attacks. The disadvantage of this strategy is that it makes it easier to bleach hence not much advised since not very secure.
A fourth strategy is the diversity of defense, where just like in depth of defense additional security can be achieved by use of different types of systems. Using different systems from different vendors can reduce the exposure to attacks due to the lack of common configuration error or a bug. This strategy is more expensive, takes longer and subject to complexities to deploy multiple different systems. Also more cost to maintain them and train staff (Oreilly, n.d).
Least privilege strategy due to its support to explicitly grant permissions for any object, the strategy offers very strict inspection and data integrity. Similarly for both the defense depth and diversity of defense approach all emphasizing on layered level security offering redundant security controls.
Trend Micro Solutions. (2017). Best Practices: Deploying an Effective Firewall – Security News – Trend Micro USA. Retrieved from https://www.trendmicro.com/vinfo/us/security/news/…
Oreilly. [Chapter 3] Security Strategies. Retrieved from https://www.cs.ait.ac.th/~on/O/oreilly/tcpip/firew…