|
|
This is only a preview of the paper
Click here to register and get the full text.
Existing members click here to login
|
|
|
... Firewall Components
At some point in your life you may have traveled from country A to country B. ... A simple firewall example is shown below. ... The term "firewall" not too long ago was only associated with buildings and architecture, literally a wall to block fire from reaching a different section of the structure. ...
The firewall itself is positioned logically between your internal network and the external world. ...
Over the last few years, providing this option to simply grant or deny access has been the addition of new features and options for the firewall. In addition to denying and granting access, now a firewall may perform additional services.
Services of newer firewalls:
• Network Access Translation (NAT) - NAT is used by the router to translate internal private IP addresses to external IP addresses
• Data Caching - Allows the router to store data that is accessed often by network clients
• Restriction on Content
• Available in many newer systems, allowing the administrator to control Internet access based on keyword restrictions
Firewall Methodologies
Firewalls have two general methods of implementing security for a network. ...
• Packet filtering - Packet filtering was the first type of firewall used by many organizations to protect their networks. ...
What a Firewall Cannot Do
So if a firewall can use packet filtering, proxy services, a combination of both, or custom filtering, what things cant a firewall do to protect the network? All too often a security administrator is told to go and buy a firewall to secure the network. ...
• Viruses - Even though some firewalls do have the ability to detect virus traffic, attackers can package a virus in so many forms that the firewall cannot possibly keep up. ... These connections render much of the firewall useless to this client. If File and Print Sharing is turned on, this can lead to adverse results, while the firewall itself may be properly configured.
• Social Engineering - If the network administrators give out firewall information to someone calling from your ISP, with no verification, there is a serious problem.
• Poor Policy - Without a good firewall policy, it is hard to configure the firewall properly, and it cant know what your intentions were! ... Create a Firewall Policy
Before we can identify configuration options, or implementation techniques, we must have a firewall policy. In many instances, organizations rush into firewall selection and installation, without enough thought on how this complex device is to be used.
It is as critical for the firewall to be designed and deployed correctly as that there be a firewall policy in place. While not as complete as an organizational security policy, the firewall policy has its place. The policy items in place for the firewall are part of the overall security policy the organization uses.
The firewall policy can generally have one of two viewpoints: either deny everything except what is explicitly needed, or permit everything except what is explicitly to be denied. ... They include the Acceptable Use Statement, the Network Connection Statement, the Contracted Worker Statement, and the Firewall Administrator Statement.
If the overall security policy becomes very large (some organizations have policies that are hundreds of pages long), you may want to pull out and copy the sections related to the firewall, and have a separate subdocument for the firewall alone. ... If there are examples that cannot be implemented on the firewall, even in part, they may be best located in the overall security policy document for the organization. ... These items clearly must be in the security policy, but may not be items that can be directly implemented on the firewall. ... Here is where you can define the issues related to the network operating systems and devices that use the network, and how those devices must be configured.
This section may have the most functional use on the firewall, as this section is defining actual network traffic. ... This may be where you spend the most time developing the firewall policy, as it is most relevant to implementation on the firewall. ...
The Firewall Administrator Statement
Some organizations may not have a separate statement on the administrator of the firewall itself.
Examples found in a typical Firewall Administrators Statements:
The firewall administrator. ...
• must be certified by the vendor of the firewall
• must have their SCNA certification
• must know all the applications authorized to be installed on computer in the network
• shall report directly to the chief security officer
• must be reachable at all times 24/7
As you can see, this area can almost be considered the job role of the firewall administrator. ...
From these examples, you can start to build the framework for the security policy, and in this case the specific firewall portion of the policy. The firewall policy should be a working document that can be modified on a regular basis. ... Rule Sets and Packet Filters
Having a solid policy is one important part of preparing to implement the firewall. ... Your firewall can examine this bit to ensure that the packet is indeed a reply to communication that originated inside the network. ... Proxy Server
As we have seen, packet filters are a great start to securing the network with a firewall. ... hk/ firewall/firewall. ... com/security/it12-firewall.
Approximate Word count = 4334
Approximate Pages = 17.3
(250 words per page double spaced)
|
|
|
|
|
|