Firewall_Rule_Base_Best_Practices.doc

Copyright 2000 2003 jp vossen

Info icon This preview shows pages 2–4. Sign up to view the full content.

View Full Document Right Arrow Icon
© Copyright 2000-2003, JP Vossen http://www.jpsdomain.org/security/rulebasebp.html
Image of page 2

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Firewall Rule Base Best Practices 2003-01-27 Page 3 of 8 Firewall Rulebase Best Practices Rule Guidelines Understand your Firewall This may sound obvious, but it’s amazing how many people install firewalls without really understanding how they work, and the quirks and idiosyncrasies of the particular product. To pick on CheckPoint, consider the “Policy Properties,” sometimes also known as “Rule 0.” By default, DNS, ICMP and RIP used to be allowed unrestricted and un-logged access both in and out! Hopefully, you are extremely alarmed by this. If you are not, consider the facts that: Many trojans, such as BackOrafice and NetBus, are configured to use port 53/udp as a communications channel. Port 53/udp is DNS, and is left wide open by a default CheckPoint installation! ICMP is the protocol used by ping and traceroute. Attacks such as a “Ping of Death” or a Smurf attack use ping! Ping and traceroute are also used to map and enumerate your internal network, to plan for later attack. If your routing is changed due to “poisoned” RIP, then your connection may not work (denial of service) or may route to somewhere unexpected, to facilitate sniffing your traffic to glean confidential information or so-called “man in the middle” attacks. For example, even scanning your outgoing email traffic for recipients only (which is trivially easy) could reveal details of a pending merger, if traffic between you and a likely acquisition target suddenly increases. Maintain your Firewall This may also sound obvious, but it’s amazing how many people install a firewall and do not touch it for a year. As quoted above, “Security is not a product, it’s a process.” New vulnerabilities in both operating systems and firewall software are constantly being announced. If you do not maintain your firewall operating system and software, you are asking to be attacked, and would have little claim to “due diligence” and “reasonable and prudent precautions” in any legal proceedings. Understand your Network Continuing with the trend of stating the obvious, you need to understand everything about your network. This includes the physical wiring (I’ve actually seen both interfaces of a firewall patched into adjacent ports on the same internal LAN switch!), and the logical aspects such as subnets and VLANs. It also includes knowing what services users in your environment need. It is very difficult to put a firewall into place where none was before. You will break a lot of things your users have come to depend on—I guarantee it. One possible strategy (though not recommended, for obvious reasons) is to put the firewall in place with wide-open rules that allow just about everything, and log it all. Then comb through the logs and see what is happening. Gradually lock things down until you have a realistically secure setup. This could take a long time, and one of the keys is massive communication with your users.
Image of page 3
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern