Nutter helps a reader determine whether he needs another firewallAll the news about the worm currently making the rounds got me thinking about adding a second\u00a0firewall internally to protect really critical servers. I\u2019m not sure the benefit would offset the cost. Is this something I should implement?- Via the InternetIf you have a server that really can\u2019t be down and you want to take reasonable precautions against it being a target of attack, you need to look at all options. Depending on the level of comfort you have with the different\u00a0OSes (Windows, NetWare, Linux, etc), you may be able to approach the problem from several different directions.Whether you do packet filtering using features available in the OS itself (iptables in Linux for example) or go with a commercially available firewall, the best solution will depend on the level of protection you need. One criteria I recommend in judging a firewall is some type of intrusion-detection functionality or the ability to send alerts of that type to a syslog server on your network. Having a firewall may not help protect the server if an attack is launched and nothing realizes it.If you already have Vendor A's firewall on the exterior firewall of your company\u2019s network, having a smaller one to protect your critical servers would leverage your existing knowledge making it easier to administer. On the other hand, once the external firewall has been compromised, getting past another firewall from the same vendor probably wouldn\u2019t keep the unwelcome visitor out for long. Using a different firewall from Vendor B or C would require learning another firewall, but would make it a little more difficult for someone to get to your important servers.