1.1.4 Requirements for a firewall at
each Internet connection and between
any demilitarized zone (DMZ) and the
internal network zone
1.1.4.a Examine the firewall configuration standards and verify
that they include requirements for a firewall at each Internet
connection and between any DMZ and the internal network
zone.
1.1.4.b Verify that the current network diagram is consistent
with the firewall configuration standards.
1.1.4.c Observe network configurations to verify that a firewall
is in place at each Internet connection and between any
demilitarized zone (DMZ) and the internal network zone, per
the documented configuration standards and network
diagrams.
Using a firewall on every Internet connection
coming into (and out of) the network, and between
any DMZ and the internal network, allows the
organization to monitor and control access and
minimizes the chances of a malicious individual
obtaining access to the internal network via an
unprotected connection.