Welcome to cissp CISSP training Certified Information Systems Security Professional
Nickname Password Security Code Security Code Type Security Code  

CompTIA Security+ Tutorial CBT quiz cram


Where do you find the best price for books?

The ISC2 webstore
At a physical book store
Other (Please leave a comment with name of site)


Votes 2253

Who's Online

There are currently, 95 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
cissp CISSP training Certified Information Systems Security Professional: Firewall

Search on This Topic:   
[ Go to Home | Select a New Topic ]

Firewall Operations - Protecting a Critical System
Posted by cdupuis on Sunday, 21 December 2003 @ 09:20:06 CET (2890 reads)
Topic Firewall

grasmussen writes "http://www.cyberguard.com/news_room/news_newsletter_121203firewall.cfm

Firewall Operations - Protecting a Critical System

By Gideon T. Rasmussen - CISSP, CFSO, CFSA, SCSA

Security teams must ensure that firewalls are installed, configured and maintained in accordance with mission requirements and the best interests of the organization. There are many reasons why firewall administration must be tightly controlled. Firewalls are inherently complex. Employee turnover can result in a lack of continuity. Firewall logs may be called as evidence in a court case. Many organizations must also meet auditing requirements.

Before installing a firewall, its administrators should become intimately familiar with its features and operations. While there is no substitute for formal training, other resources include system manuals, on-line documentation, manual pages, knowledge base entries and technical support.

If an organization does not have experienced personnel, administrators should engage a consultant to properly install and configure the system. Ensure that administrators are available to participate in the installation and obtain knowledge transfer. Test disaster recovery by reinstalling the firewall software and restoring from backup.

Thoroughly document how each firewall should be installed in a formal configuration standard. Installation must be in strict compliance with system manuals to help ensure stability and compliance with support agreements. A standard should also provide step-by-step instructions. Consider the following topics:

Proxies: Use proxies to limit traffic to designated protocols. Proxies can block file sharing programs such as Kazaa and iMesh. They can also defeat hacking tools. Proxies give administrators granular control over a protocol. For example, CyberGuard's FTP proxy can be configured to permit download and deny upload. The HTTP proxy makes it possible to run multiple Web sites on one system. You?ll find more information about CyberGuard?s proxies here: (

Comments: Include comment entries in the packet filter rules file. Firewall rules grow quickly. It is important to retain the purpose of each rule. Adopt the following format as a standard: "rationale, mm/dd/yy, ticket #, your name."

Grouping: Grouping is very powerful and should be used whenever possible. Grouping reduces the complexity of firewall rules and minimizes the potential for human error. If you have several systems with the same service requirements, create hosts and services groups. The utility of grouping becomes more apparent as the number of systems increases.

Accounts: Create individual accounts for each administrator. Delete the common administrative account. This configuration enhances accountability.

Roles: Use duty roles to grant specific accesses. For example, an auditor should have read-only permissions. Support staff only requires the ability to stop and start the system.

Configuration Tracking: Configuration tracking records changes made during a login session. Its database enables administrators to compare the differences between an older configuration file and the current version. Configuration tracking can also record a user-supplied ticket number.

DNAT: Enable Dynamic Network Address Translation (DNAT) on each external interface. DNAT changes internal IP addresses to the external IP of the firewall with a unique source port. The outside world sees the external address. Upon return the firewall knows which IP to switch back to from the originating source port.

Passwords: Enforce strong password elements. Configure passwords to expire every three months. Password elements should include alpha, numeric and special characters.

Auditing: By default, binary logging is enabled. More than 300 events are logged. Configure activity logging to record security events and the services enabled on the firewall.

Logs: Schedule an export of binary audit logs to an FTP server. Copy system logs to a central syslog server. Configure log management to prevent the system disk from filling up.

Alerts: Configure the firewall to send notification of suspicious events. You can choose from a variety of notification methods including: file, window, e-mail, SNMP trap, pager, syslog and shell command.

Before granting production status to a system, confirm that a scheduled backup has successfully completed. Ensure the system is properly configured by conducting a security vulnerability scan. Also remember to monitor the firewall from a remote location.

Implement a formal change process and incorporate your firewalls into the system development life cycle. In particular, ensure that firewall rules are not left in place when a system is decommissioned. This can represent a serious vulnerability if a system is repurposed or its IP address reissued while firewall rules still provide access from the outside.

Apply new versions and product support updates as they are issued. The operating system?s multi-level security and hardened kernel are the foundation of the cyberGuard ?zero vulnerabilities? solution
http://www.cyberguard.com/ukadseries/vulnerabilities.cfm. CyberGuard firewalls have achieved Common Criteria EAL4+ certification and maintain that certification through participation in the Assurance Maintenance program. That means that new versions and updates maintain their original certification.

Create an operations guide to ensure continuity. At a minimum it should detail how to stop and start the firewall and restore from backup.

Finally, include firewalls in disaster recovery planning. Store installation media and firewall backups off-site. Confirm that the recovery site has firewall hardware available.


(Read More... | Score: 0)

IDRCI Impressive Firewall
Posted by cdupuis on Sunday, 25 May 2003 @ 16:22:18 CEST (2710 reads)
Topic Firewall

Once in a while I have the great pleasure of running into an application or security tool that is above and beyond what exist on the market.  Today I would like to introduce you to a fantastic Stateful Firewall the was developed by the people at IDRCI. 

It is based on the Windows Platform and quickly gaining mind share amongst large clients such as the department of defense, numerous universities, financial institution, and others.

It is definitively worth a look.

http://www.idrci.net/  (Main Page)

http://www.idrci.net/doc/chx.htm (Documentation)



(Read More... | Score: 1)

Great paper on Firewall architecture
Posted by cdupuis on Saturday, 05 January 2002 @ 10:31:12 CET (3242 reads)
Topic Firewall

matrix_spider writes "January 4, 2002 # NIST is pleased to announce Special Publication 800-41, Guidelines on Firewalls and Firewall Policy.

This document contains an overview of recent developments in firewall technology, and guidance on configuring firewall environments. It discusses firewall access control, active content filtering, DMZs, and co-location with VPNs, web and email servers, and intrusion detection.

It contains guidance on developing firewall policy and recommendations for administering firewalls. Lastly, it contains several appendices with links to other firewall-related resources and recommendations for configuring and operating firewalls.

Click here to see the document"

(Read More... | Score: 0)

CHX-I Network Application Services Firewall
Posted by cdupuis on Tuesday, 30 October 2001 @ 20:23:51 CET (4267 reads)
Topic Firewall

While security issues concerned with levels 2 and 3 of the OSI model have been exhaustively dealt with by the firewall manufacturers ? the remaining daunting task of securing application services (levels 5, 6 and 7) is in its infancy. This translates into an organization with iron clad network security (stateful packet filters, application gateways, etc) but with their information exchange portals (web, mail, dns servers) world accessible and subject to malicious manipulation.

Click on ''More'' below to read this innovative approach to security

(Read More... | 4487 bytes more | Score: 0)

Highly Recommended

There isn't content right now for this block.

Login here



Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

CCCure Partners


Logical IT

Best Security Training in Brazil

São Paulo
Rio de Janeiro
Belo Horizonte


Contact us if you need training in the USA
Send an email to: [email protected]


CISSP Montreal
CISSP Ottawa
CISSP Toronto
CISSP Quebec City
CISSP Vancouver
CISSP Winnipeg


CISSP Abu Dhabi
CISSP Kuwait

Send us an email if you have any needs for training

Email us at:  [email protected]


CISSP Dublin, Ireland
CISSP London, UK
CISSP Edinburgh, Scotland

Best security training you can get in Ireland


Kudelski Security
Cyber Academy

Preparation Program

Lausanne, Switzerland

Geneva, Switzerland

Kudelski Security


Lagos, Nigeria
CISSP and Security Training

Send us an email if you have any needs for training

Email us at:  [email protected]

Most Active Members

· 1: side_winder
Total points: 15492
· 2: webplu9
Total points: 15228
· 3: Lopezco
Total points: 8514
· 4: cdupuis
Total points: 8262
· 5: cissp_newbie
Total points: 7593
· 6: mikeyoung_fla
Total points: 5536
· 7: Vladimir
Total points: 4613
· 8: damoose
Total points: 3539
· 9: MMM
Total points: 2969
· 10: educk
Total points: 2619

Today's Big Story

There isn't a Biggest Story for Today, yet.

Past Articles

There isn't content right now for this block.

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.

  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

  • Page Generation: 0.23 Seconds