Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure



Similar documents
Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

A Decision Maker s Guide to Securing an IT Infrastructure

How To Protect Your Network From Attack From Outside From Inside And Outside

Overview. Firewall Security. Perimeter Security Devices. Routers

March

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Payment Card Industry (PCI) Data Security Standard

THE ROLE OF IDS & ADS IN NETWORK SECURITY

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Guideline on Firewall

Cyber Security: Beginners Guide to Firewalls

8. Firewall Design & Implementation

Network and Host-based Vulnerability Assessment

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewall Firewall August, 2003

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL POLICY DOCUMENT

FIREWALL POLICY November 2006 TNS POL - 008

INTRUSION DETECTION SYSTEMS and Network Security

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

74% 96 Action Items. Compliance

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Network Instruments white paper

Achieving PCI-Compliance through Cyberoam

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Building Your Firewall Rulebase Lance Spitzner Last Modified: January 26, 2000

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Firewalls Overview and Best Practices. White Paper

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Firewall Environments. Name

CMPT 471 Networking II

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Intro to Firewalls. Summary

Global Partner Management Notice

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

How To Protect A Network From Attack From A Hacker (Hbss)

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

PCI Security Scan Procedures. Version 1.0 December 2004

Chapter 9 Firewalls and Intrusion Prevention Systems

Locking down a Hitachi ID Suite server

Chapter 15. Firewalls, IDS and IPS

Firewall Security. Presented by: Daminda Perera

SonicWALL PCI 1.1 Implementation Guide

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

HoneyBOT User Guide A Windows based honeypot solution

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Cisco Advanced Services for Network Security

Critical Security Controls

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

How To Protect A Web Application From Attack From A Trusted Environment

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

Chapter 11 Cloud Application Development

GFI White Paper PCI-DSS compliance and GFI Software products

ΕΠΛ 674: Εργαστήριο 5 Firewalls

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

SCADA SYSTEMS AND SECURITY WHITEPAPER

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Second-generation (GenII) honeypots

DMZ Gateways: Secret Weapons for Data Security

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Introduction of Intrusion Detection Systems

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Firewalls CSCI 454/554

Recommended IP Telephony Architecture

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

An Introduction to Network Vulnerability Testing

3. Firewall Evaluation Criteria

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Web Application Firewall

Protecting Your Organisation from Targeted Cyber Intrusion

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Transcription:

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure Security studies back up this fact: It takes less than 20 minutes for an unprotected computer to be attacked once it s connected to a broadband connection. Imagine what would happen if you connected your corporate network to the Internet without a security measure in place? Digital intruders could swarm your opened ports, infect machines and even abscond with your intellectual property. Faced with this scenario, many businesses have come to rely on the protection of a network firewall to monitor traffic that flows between the corporate network and the Internet. Firewalls serve as gatekeepers, deciding which data is allowed in and out of the network, and under what circumstances. Buying a firewall is the first key step toward securing your network, but it s just as important to make sure that it s configured according to industry best practices. How you set up your firewall will make a big difference in how it performs, so it pays to learn from the experts. You can tune up your firewall and boost your security by following these 10 expert tips: 1. Harden Your System Hardening is the practice of reducing the vulnerabilities in your hardware. Before you even install a firewall, you ll want to harden your host machine by closing any unused ports and disabling any protocols or user accounts you won t use. Ideally, firewalls should complement the security you ve already built into your systems. Hardware firewall vendors often tout their devices as pre-hardened, but if you ve purchased a software solution, you ll have to do it yourself. Fortunately, there are plenty of resources available on how to harden different machines, and your hardware vendor should also be able to help. 2. Keep it Simple A firewall is used to enforce network security policies, so you ll want a clear set of organizational guidelines before you start writing rule sets. Once you have a written security policy, try to keep the configuration as simple as possible while staying Copyright 2007 Tippit, Inc. 1

consistent to the policy. If you re working off of a legacy security manual, this is the perfect time to pare it down to the essentials. The firewall will be more efficient and easier to manage if you eliminate unneeded and redundant rules. 3. Organize Your Rule Elements for Quick Evaluation Firewalls process rules in the order you set for them, so you want to make sure that the most easily processed rules are at the top of your list. If a request matches one of your first few rules, the firewall won t have to bother with subsequent time-consuming rules. Easily processed rules include source port information, protocol definitions, Internet protocol (IP) addresses and schedules. Rules that are more complicated to process include domain-name and URL sets, as well as content type and users. 4. Deny, Deny, Deny Because you want only approved traffic to flow on your network, you should deny all traffic by default, then enable the necessary services. You can do this using globalallow and global-denial rules. Global-allow rules give specific access to all users while global-denial rules restrict specific access to all users. You might set an allow rule for access using a DNS (Domain Name Server) protocol, for example, and a denial rule for users trying to use a peer-to-peer protocol. These rule types will narrow down the traffic that a firewall has to process using subsequent rules and easily enforce certain access policies. 5. Monitor Outbound Traffic We usually think of network security as protecting our systems from outside threats such as viruses and worms, but attacks can just as easily be initiated from inside the network. That s why you should set up your firewall to filter outbound traffic, as well as incoming traffic. This kind of filtering, also known as egress filtering, keeps unauthorized traffic from leaving company computers and servers. It also prevents internal machines from being used to launch zombie attacks on other servers. Use egress filtering to block all traffic by default, then allow only certain kinds of traffic for specific servers, such as email, Web and DNS traffic. 2

6. Set Up a DMZ (Demilitarized Zone) A DMZ is a small network that sits between the internal (corporate) network and the Internet. The DMZ prevents outside users from getting direct access to company computers. In a typical setup, the DMZ would receive requests from corporate users to access Web sites and other information on the external network. The DMZ initiates requests for the information and forwards the packets back to the requesting machine. Companies often place Web servers on their DMZ so that external users can access their Web site but not the private data hosted on the corporate network. There are two types of DMZs. The first is called a three-homed perimeter network. In this setup, the firewall has three connections: one for the internal network, one for the Internet and a third for the DMZ. The second type of DMZ is called a back-to-back perimeter network, and it uses two firewalls. One firewall has a connection to the Internet and the DMZ, while the second has connections to your internal network and the DMZ. This way, the DMZ sits between the internal and external networks. In both setups, you want to configure the firewall to restrict traffic in and out of each network. 7. Configure NTP (Network Time Protocol) NTP is the name for a protocol and a client/server program that allows you to synchronize computer clock times on a network. Synchronized time is important for implementing distributed procedures over a network and for delivering file-system updates. Even a small difference in computer clock times can wreak havoc when you are distributing procedures in sequences. NTP uses UTC (Coordinated Universal Time) to synchronize times down to the millisecond. NTP is especially important for ensuring that your firewall log records events accurately. You may want to investigate an attack on your network by examining the traffic log, and timing will be critical to finding out what occurred. 8. Configure the Firewall as an IDS (Intrusion Detection System) IDSs are sometimes sold as stand-alone devices that detect attacks on a network or a computer, but you can also configure your firewall to act as an IDS. The key is to closely examine your firewall log for port scanning, hacking attempts or any other suspicious events. Pay particular attention to the traffic leaving your DMZ because that s where you ll often see the first sign of a compromise. Once you have that data, you can graph it and look for trends that will help you write tighter rules. You can also install an active log-file-monitoring tool to alert you to suspicious activity. 3

9. Test for Vulnerabilities Once you have your firewall up and running, you ll want to test it for known vulnerabilities. To be thorough, you should test on every firewall interface, in all directions. You might also want to try testing it with the rules disabled to see how vulnerable your system would be in the case of a firewall failure. New exploits are constantly being discovered, so it s best to get into the practice of testing and auditing your firewall on a regular basis. 10. Log On A firewall s log records information about the traffic flowing on your network and can be invaluable when you re trying to investigate suspicious traffic and attacks. Logs are also essential when you want to write rules against new threats since they allow you to identify and track new traffic patterns. Make sure that logging is enabled on your firewall as well as alerting, if the product has the latter feature. If you have multiple firewalls, you may also be interested in investing in a remote system-log server. The advantages are centralized management of logs, easier access to logs for auditing purposes and more secure retention. A remote server will also make it more difficult for malicious parties to alter or manipulate logs. 4

Tippit, Inc. 514 Bryant Street, San Francisco, CA 94107 Phone: 415-318-7200 / Fax: 415-318-7219 publishers@tippit.com 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information