Firewall_Rule_Base_Best_Practices.doc

Everyone had followed these practices the sapphire

Info icon This preview shows pages 4–6. Sign up to view the full content.

View Full Document Right Arrow Icon
everyone had followed these practices the Sapphire worm would have gone nowhere because it would not be able to access any MS SQL servers in the first place. Do not Allow the AOL Service The AOL service acts as a kind of Virtual Private Network (VPN) between the AOL client and the AOL servers. E-Mail, web browsing, instant messaging, news reading and other services happen over that tunnel. You cannot detect, log, or monitor activity, scan for viruses or other hostile content, etc. You can log that some IP address in your LAN was talking to AOL, but that’s it. So any content filers, anti virus scanner or other tools are useless – your users can do anything they want through that tunnel, and you’ll never know. There used to be a possible business case for allowing AOL e-mail, but with the advent of AOL e-mail via a web browser, that is no longer true. Block AOL. Reject Ident (AKA Auth) Add a rule that rejects ident (i.e. acknowledges the packet, not something that simply drops the packets or makes it “disappear”). This will increase the connection speed of certain services such as SMTP and FTP as those servers attempt to use ident to establish the identity or origin of an attempted connection. If the ident request packet simply disappears, the connection will not actually be established until it times out— © Copyright 2000-2003, JP Vossen http://www.jpsdomain.org/security/rulebasebp.html
Image of page 4

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Firewall Rule Base Best Practices 2003-01-27 Page 5 of 8 usually about 90 seconds. However, if the ident request packet is rejected, it will “give up” much faster, and the connection will be established much quicker. Prefer Application Proxies (AKA Checkpoint Security Servers) Prefer application proxies over circuit-level filters or “Stateful Inspection”. Application proxies are far more secure, and often allow extensive customization to tailor security to fix specific needs. For example, the Checkpoint SMTP Security Server is easy to configure to block mail relaying (used by spammers). However, they are slower, and specific to each application (or protocol) proxied, so there is a delay when a new protocol comes out before an application proxy is available, if one is ever even implemented. Implement Good Logging Practices I argue that firewalls exist for two reasons. The first is to limit and control what traffic may pass, and the second is to log that traffic. Do not neglect the second function! “Good” logging practices will vary widely from site to site, depending on the environment. In general: Keep logs to a manageable size—“roll” them once a week, or once a month, as is reasonable for your volume. Try not to roll every day, as that will make tracking and correlating longer-term events far more difficult. Keep them for a reasonable length of time—usually at least 3-5 months, if possible. Consider an automated job to move old log files off the firewall server. If you use ftp, use an ftp client on the firewall side to a secure ftp server, do not run an FTP server on the firewall!
Image of page 5
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern