Latest news
But most companies know this don’t they? More than likely, yes. So they use a firewall to protect themselves don’t they? Probably. Well they’re safe then, and can sit back and put their feet up, can’t they? No.
All organisations need to protect the valuable data and documents held on their network, and a firewall is the most efficient way to do this. Acting as guards, firewalls monitor and examine traffic between a network and the Internet. Any unauthorised or suspicious traffic is blocked. Firewalls can also be configured to secure one network from another. However, correct management is crucial. The firewall can become less than 30% effective within three months of installation if managed incorrectly.
A firewall is simply an enforcement device. It does not provide security in its own right. The actual firewall device provides approximately 20% of the security capability. It is the way the firewall is configured that provides the overall security effectiveness. It’s a bit like having locks on all the windows and doors in a house but then leaving the key in the door, or one of the windows open. The locks only work if time is taken to ensure that all windows and doors are closed and all the keys are removed.
The best way to achieve security effectiveness is to design a security policy. This will ensure the integrity of any mission critical device - especially firewalls. Below is a guide on how to create a firewall policy.
5 Tips to generating a firewall policy
1. Identify trust zones
The very first step in securing a network is to decide on the different zones of trust present. In its most basic form, network security is about zones of trust. A simple example would be the Internet (a ‘no trust’ zone) and an internal network (a ‘high trust’ zone); a firewall controls traffic between these different zones of trust. Of course, in the real world there are more than two zones. Typically these include Internet, web servers, external connection zone, internal network, and remote access zone. Once the zones are identified the different traffic flowing between the zones can be defined and the firewall policy can be configured accordingly.
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
