55410 Logs and Audit Trails Most firewalls provide a wide range of capabilities

55410 logs and audit trails most firewalls provide a

This preview shows page 157 - 159 out of 325 pages.

verify proper operation prior to going operational. 5.5.4.10 Logs and Audit Trails Most firewalls provide a wide range of capabilities for logging traffic and network events. Some security-relevant event that should be recorded on the firewall’s audit trail logs are: hardware and disk media errors, login/logout activity, connect time, use of system administrator privileges, inbound and outbound e-mail traffic, TCP network connect attempts, in-bound and out-bound proxy traffic type. 5.5.4.11 Revision/Update of Firewall Policy Given the rapid introduction of new technologies, and the tendency for organizations to continually introduce new services, firewall security policies should be reviewed on a regular basis. As network requirements changes, so should security policy. 5.5.4.12 Example General Policies The following policy statements are only examples. They do not constitute a complete firewall policy, and even if they did, they would not necessarily apply to your organization's environment. The statements are grouped into those applicable to Low-, Medium- and High-Risk environments. Within each category, they are divided into statements targeted toward users, managers and technicians. In general, all organizations would employ at least the Low-Risk policies. 5 . 5 . 4 . 1 2 . 0 L O W - R I S K E N V I R O N M E N T P O L I C I E S User All users who require access to Internet services must do so by using ORGANIZATION-approved software and Internet gateways.
Image of page 157
148 148 A firewall has been placed between our private networks and the Internet to protect our systems. Employees must not circumvent the firewall by using modems or network tunneling software to connect to the Internet. Some protocols have been blocked or redirected. If you have a business need for a particular protocol, you must raise the issue with your manager and the Internet security officer. Manager A firewall shall be placed between the ORGANIZATION’s network and the Internet to prevent untrusted networks from accessing the ORGANIZATION network. The firewall will be selected by and maintained by the Network Services Manager. All other forms of Internet access (such as via dial-out modems) from sites connected to the ORGANIZATION wide-area network are prohibited. All users who require access to Internet services must do so by using ORGANIZATION-approved software and Internet gateways. Technician All firewalls should fail to a configuration that denies all services, and require a firewall administrator to re-enable services after a failure. Source routing shall be disabled on all firewalls and external routers (see section 0). The firewall shall not accept traffic on its external interfaces that appear to be coming from internal network addresses (see section 0). The firewall shall provide detailed audit logs of all sessions so that these logs can be reviewed for any anomalies.
Image of page 158
Image of page 159

You've reached the end of your free preview.

Want to read all 325 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture