Firewall + Firewall Policy = Improved Security
by Etienne Greeff - Professional Services Director, MIS Corporate Defence Solutions - Wednesday, 2 April 2003.
So far this year analysts, government bodies and even security companies have all stated that Internet security incidents are on the rise. Whether fact or fiction, the truth of the matter is that any company with a connection to the Internet increases the threat of theft, hacking, vandalism and data loss.

But most companies know this donít they? More than likely, yes. So they use a firewall to protect themselves donít they? Probably. Well theyíre safe then, and can sit back and put their feet up, canít they? No.

All organisations need to protect the valuable data and documents held on their network, and a firewall is the most efficient way to do this. Acting as guards, firewalls monitor and examine traffic between a network and the Internet. Any unauthorised or suspicious traffic is blocked. Firewalls can also be configured to secure one network from another. However, correct management is crucial. The firewall can become less than 30% effective within three months of installation if managed incorrectly.

A firewall is simply an enforcement device. It does not provide security in its own right. The actual firewall device provides approximately 20% of the security capability. It is the way the firewall is configured that provides the overall security effectiveness. Itís a bit like having locks on all the windows and doors in a house but then leaving the key in the door, or one of the windows open. The locks only work if time is taken to ensure that all windows and doors are closed and all the keys are removed.

The best way to achieve security effectiveness is to design a security policy. This will ensure the integrity of any mission critical device - especially firewalls. Below is a guide on how to create a firewall policy.

5 Tips to generating a firewall policy

1. Identify trust zones

The very first step in securing a network is to decide on the different zones of trust present. In its most basic form, network security is about zones of trust. A simple example would be the Internet (a Ďno trustí zone) and an internal network (a Ďhigh trustí zone); a firewall controls traffic between these different zones of trust. Of course, in the real world there are more than two zones. Typically these include Internet, web servers, external connection zone, internal network, and remote access zone. Once the zones are identified the different traffic flowing between the zones can be defined and the firewall policy can be configured accordingly.

2. Change Control

With any firewall it is very important to have change control. Far too often firewalls are found with rules that nobody remembers adding. What normally happens is that these rules remain because firewall administrators fear they might break something if they are removed. When rules are introduced there should be a well-defined method for documenting these and, in the case of temporary rules, the removal date for the rule should be added in a comment field. The only way of checking if the firewall is actually enforcing the agreed policy is to either verify it with an Intrusion Detection System, or to do a manual verification using a penetration test or a firewall review by a third party.

3. Log and review traffic

When deciding on a firewall policy, do not forget the importance of logging. One of the primary purposes of a firewall is to log traffic going through the firewall. Logging is no good unless these logs are reviewed on a regular basis; this should be included in the policy.

4. Monitor stability

A firewall is like any other infrastructure component and should be managed as such. In other words it should be monitored for availability to ensure maximum uptime. If a firewall isnít stable people will find ways of avoiding the firewall that leads to a low level of security. This should also be reflected in the policy.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th