How to secure your Network by Firewall implementation and auditing
Protection of information assets is the major aim of IT Security policy. Firewall is one of the important tools for IT Security. Firewall protects networks from malicious intrusion from outside the network and many times from inside the network. Configuration and location of a firewall in a network is very important area for an Information Security Manager whereas an IS Auditor should see if firewall implementation helps in all the three basic requirement of a good Information System i.e. Confidentiality, Integrity & Availability of IS resources.
Before knowing what an IS Auditor should see while auditing a firewall. Let us see the benefits of different types of Firewall implementation.
1.SYN Flood defense
SYN Flood attack fills the connection table of vulnerable targets to prevent legitimate traffic and may result into Denial of Service attack later.
2.Protection from susceptible Services
Firewalls can restrict susceptible services that may compromise the whole network or a part of network.
3.Protection from Inherent Backdoors
Firewall can be configured to restrict known backdoors by blocking a known behavior.
4.Controlled Internet and network resources access.
Network resources can be allocated on need to know & need to do basis by using firewalls. A proxy system may help in restricting internet usage.
5.Stateful Inspection
Firewall can restrict/allow information on the basis of connection stateand not only on the basis of IP address.
6.Better management
Information System resources can be managed properly by using firewalls.
7.Protocol Inspection
Firewall can also check the movement of information by inspecting protocols & Services like HTTP, TCP/IP, SSH etc.
8.Sequence Number Scrambling
This feature helps in making guess by attacker a difficult process and making Information System more secure.
9.Privacy & Secrecy
Privacy & Secrecy of Information system is managed by Firewall. Specific types of services can be offered to specific types of users by using firewalls.
10.Protection from Spoofing
Many types of spoofing including address spoofing can be prevented by suitable type of firewall.
For all of the above location of firewall, configuration and type of firewall is very important. Audit of a firewall must include all of the following:
Configuration of firewall
Routing table
Location of firewall
Backup of firewall configuration
Backup or standby firewall
Sufficiency of firewall
Periodic Testing of firewall
Incident Management
Periodic Log verification
Abbreviation used:
HTTP-Hyper Text Transfer Protocol
TCP – Transmission Protocol
IP- Internet Protocol
SSH- Secure Shell
Before knowing what an IS Auditor should see while auditing a firewall. Let us see the benefits of different types of Firewall implementation.
1.SYN Flood defense
SYN Flood attack fills the connection table of vulnerable targets to prevent legitimate traffic and may result into Denial of Service attack later.
2.Protection from susceptible Services
Firewalls can restrict susceptible services that may compromise the whole network or a part of network.
3.Protection from Inherent Backdoors
Firewall can be configured to restrict known backdoors by blocking a known behavior.
4.Controlled Internet and network resources access.
Network resources can be allocated on need to know & need to do basis by using firewalls. A proxy system may help in restricting internet usage.
5.Stateful Inspection
Firewall can restrict/allow information on the basis of connection stateand not only on the basis of IP address.
6.Better management
Information System resources can be managed properly by using firewalls.
7.Protocol Inspection
Firewall can also check the movement of information by inspecting protocols & Services like HTTP, TCP/IP, SSH etc.
8.Sequence Number Scrambling
This feature helps in making guess by attacker a difficult process and making Information System more secure.
9.Privacy & Secrecy
Privacy & Secrecy of Information system is managed by Firewall. Specific types of services can be offered to specific types of users by using firewalls.
10.Protection from Spoofing
Many types of spoofing including address spoofing can be prevented by suitable type of firewall.
For all of the above location of firewall, configuration and type of firewall is very important. Audit of a firewall must include all of the following:
Configuration of firewall
Routing table
Location of firewall
Backup of firewall configuration
Backup or standby firewall
Sufficiency of firewall
Periodic Testing of firewall
Incident Management
Periodic Log verification
Abbreviation used:
HTTP-Hyper Text Transfer Protocol
TCP – Transmission Protocol
IP- Internet Protocol
SSH- Secure Shell
3 comments:
The title of the post was "How", all I saw was why it should be secured. Nothing about how to audit it either. I thought the post title was very misleading.
Cyberoam - UTM Firewall
If you have a small company and need an all in one solution that I would look at something like unified threat managment also known as a UTM.Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoam’s powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection.
The ICSA-certified Cyberoam firewall is available along with VPN, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering, bandwidth management and multiple link management, providing comprehensive security to small, medium and large enterprises, including remote and branch offices. Cyberoam is a Check Mark Level 5 certified UTM solution.
Thanks for your comments.
if you see the topic
How to secure your Network by Firewall implementation and auditing
this is about how to secure your network.and what is the role of implementation and audit.
First part of article talks about thebenefits of implemetation which means we should take care of the following:
1.SYN Flood defense
2.Protection from susceptible Services
3.Protection from Inherent Backdoors
4.Controlled Internet and network resources access.
5.Stateful Inspection
6.Better management
7.Protocol Inspection
8.Sequence Number Scrambling
9.Privacy & Secrecy
10.Protection from Spoofing
As we are aware that firewall can take care of above but we need to configure our firewall accordingly.
I hope this justifies the first part of the topic.
About Audit:
Kindly refer to the second part:
Audit of a firewall must include all of the following:
Configuration of firewall
Routing table
Location of firewall
Backup of firewall configuration
Backup or standby firewall
Sufficiency of firewall
Periodic Testing of firewall
Incident Management
Periodic Log verification
The above justifies the role of auditing.
I hope above clarifies.
Thanks for your valuable comment once again which will help us in our motto i.e awareness among all of us about Information Security and encourage people for CISA preparation.
Post a Comment