There are currently, 61 guest(s) and 2 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Firewall Operations - Protecting a Critical System
Posted by cdupuis on Sunday, 21 December 2003 @ 09:20:06 CET (2628 reads)
grasmussen writes "http://www.cyberguard.com/news_room/news_newsletter_121203firewall.cfm
Firewall Operations - Protecting a Critical System
By Gideon T. Rasmussen - CISSP, CFSO, CFSA, SCSA
Security teams must ensure that firewalls are installed, configured and maintained in accordance with mission requirements and the best interests of the organization. There are many reasons why firewall administration must be tightly controlled. Firewalls are inherently complex. Employee turnover can result in a lack of continuity. Firewall logs may be called as evidence in a court case. Many organizations must also meet auditing requirements.
Before installing a firewall, its administrators should become intimately familiar with its features and operations. While there is no substitute for formal training, other resources include system manuals, on-line documentation, manual pages, knowledge base entries and technical support.
If an organization does not have experienced personnel, administrators should engage a consultant to properly install and configure the system. Ensure that administrators are available to participate in the installation and obtain knowledge transfer. Test disaster recovery by reinstalling the firewall software and restoring from backup.
Thoroughly document how each firewall should be installed in a formal configuration standard. Installation must be in strict compliance with system manuals to help ensure stability and compliance with support agreements. A standard should also provide step-by-step instructions. Consider the following topics:
Proxies: Use proxies to limit traffic to designated protocols. Proxies can block file sharing programs such as Kazaa and iMesh. They can also defeat hacking tools. Proxies give administrators granular control over a protocol. For example, CyberGuard's FTP proxy can be configured to permit download and deny upload. The HTTP proxy makes it possible to run multiple Web sites on one system. You?ll find more information about CyberGuard?s proxies here: (http://www.cyberguard.com/news_room/news_newsletter_030619smartproxies.cfm).
Comments: Include comment entries in the packet filter rules file. Firewall rules grow quickly. It is important to retain the purpose of each rule. Adopt the following format as a standard: "rationale, mm/dd/yy, ticket #, your name."
Grouping: Grouping is very powerful and should be used whenever possible. Grouping reduces the complexity of firewall rules and minimizes the potential for human error. If you have several systems with the same service requirements, create hosts and services groups. The utility of grouping becomes more apparent as the number of systems increases.
Accounts: Create individual accounts for each administrator. Delete the common administrative account. This configuration enhances accountability.
Roles: Use duty roles to grant specific accesses. For example, an auditor should have read-only permissions. Support staff only requires the ability to stop and start the system.
Configuration Tracking: Configuration tracking records changes made during a login session. Its database enables administrators to compare the differences between an older configuration file and the current version. Configuration tracking can also record a user-supplied ticket number.
DNAT: Enable Dynamic Network Address Translation (DNAT) on each external interface. DNAT changes internal IP addresses to the external IP of the firewall with a unique source port. The outside world sees the external address. Upon return the firewall knows which IP to switch back to from the originating source port.
Passwords: Enforce strong password elements. Configure passwords to expire every three months. Password elements should include alpha, numeric and special characters.
Auditing: By default, binary logging is enabled. More than 300 events are logged. Configure activity logging to record security events and the services enabled on the firewall.
Logs: Schedule an export of binary audit logs to an FTP server. Copy system logs to a central syslog server. Configure log management to prevent the system disk from filling up.
Alerts: Configure the firewall to send notification of suspicious events. You can choose from a variety of notification methods including: file, window, e-mail, SNMP trap, pager, syslog and shell command.
Before granting production status to a system, confirm that a scheduled backup has successfully completed. Ensure the system is properly configured by conducting a security vulnerability scan. Also remember to monitor the firewall from a remote location.
Implement a formal change process and incorporate your firewalls into the system development life cycle. In particular, ensure that firewall rules are not left in place when a system is decommissioned. This can represent a serious vulnerability if a system is repurposed or its IP address reissued while firewall rules still provide access from the outside.
Apply new versions and product support updates as they are issued. The operating system?s multi-level security and hardened kernel are the foundation of the cyberGuard ?zero vulnerabilities? solution http://www.cyberguard.com/ukadseries/vulnerabilities.cfm. CyberGuard firewalls have achieved Common Criteria EAL4+ certification and maintain that certification through participation in the Assurance Maintenance program. That means that new versions and updates maintain their original certification.
Create an operations guide to ensure continuity. At a minimum it should detail how to stop and start the firewall and restore from backup.
Finally, include firewalls in disaster recovery planning. Store installation media and firewall backups off-site. Confirm that the recovery site has firewall hardware available.
IDRCI Impressive Firewall
Posted by cdupuis on Sunday, 25 May 2003 @ 16:22:18 CEST (2433 reads)
Once in a while I have the great pleasure of running into an application or security tool that is above and beyond what exist on the market. Today I would like to introduce you to a fantastic Stateful Firewall the was developed by the people at IDRCI.
It is based on the Windows Platform and quickly gaining mind share amongst large clients such as the department of defense, numerous universities, financial institution, and others.
It is definitively worth a look.
http://www.idrci.net/ (Main Page)
Great paper on Firewall architecture
Posted by cdupuis on Saturday, 05 January 2002 @ 10:31:12 CET (2953 reads)
matrix_spider writes "January 4, 2002 # NIST is pleased to announce Special Publication 800-41, Guidelines on Firewalls and Firewall Policy.
This document contains an overview of recent developments in firewall technology, and guidance on configuring firewall environments. It discusses firewall access control, active content filtering, DMZs, and co-location with VPNs, web and email servers, and intrusion detection.
It contains guidance on developing firewall policy and recommendations for administering firewalls. Lastly, it contains several appendices with links to other firewall-related resources and recommendations for configuring and operating firewalls.
Click here to see the document"
CHX-I Network Application Services Firewall
Posted by cdupuis on Tuesday, 30 October 2001 @ 20:23:51 CET (3965 reads)
While security issues concerned with levels 2 and 3 of the OSI model have been exhaustively dealt with by the firewall manufacturers ? the remaining daunting task of securing application services (levels 5, 6 and 7) is in its infancy. This translates into an organization with iron clad network security (stateful packet filters, application gateways, etc) but with their information exchange portals (web, mail, dns servers) world accessible and subject to malicious manipulation.
Click on ''More'' below to read this innovative approach to security
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Today's Big Story
There isn't a Biggest Story for Today, yet.
There isn't content right now for this block.