Choosing A Firewall

controls the dialogue between communicating end nodes. As an application gateway, the firewall typically behaves as a client on the Internet and appears as a server to users on its secure, protected side. When operating in this mode, the firewall will examine specific application protocols to decide whether connections are permissible. The range of supported application protocols varies from firewall to firewall, but most examine such popular ones as TELNET, the World Wide Web’s HyperText Transfer Protocol (HTTP) or File Transfer Protocol (FTP). Application layer firewalls offer greater protection against hacker attacks than the packet filtering firewalls. Besides providing stronger logging capabilities, many firewalls can also provide features like network address translation, authentication, and virtual private net works. Choosing A Firewall Once the decision is made to use firewall technology to implement an organization’s security policy, the next step is to procure a firewall that provides the appropriate level of protection and is cost-effective. We cannot say what exact features a firewall should have to provide effective implementation of your policies, but we can suggest that, in general, a firewall should be able to do the following: Support a “deny all services except those specifically permitted” design policy, even if that is not the policy used. Support your security policy, not impose one. Accommodate new services and needs if the security policy of the organization changes. Contain advanced authentication measures or contain the hooks for installing advanced authentication measures. l l l Employ filtering techniques to permit or deny services to specified host systems as needed. Use an IP filtering language that is flexible, user- friendly to program, and able to filter on as many attributes as possible, including source and destination IP address, protocol type, source and destination TCP/UDP port, and inbound and outbound interface. Use proxy services for services such as FTP and TELNET, so that advanced authentication measures can be employed and centralized at the firewall. The firewall should contain the ability to concentrate and filter dial-in access. The firewall should contain mechanisms for logging traffic and suspicious activity, as well as mechanisms for log reduction so that logs are readable and understandable. If the firewall requires an operating system such as UNIX®, a secured version of the operating system should be part of the firewall, with other security tools as necessary to ensure firewall host integrity. The operating system should have all patches installed. The firewall should be developed in such a manner that its strength and correctness are verifiable. It should be simple in design so that it can be understood and maintained. The firewall and any corresponding operating system should be updated with patches and other bug fixes in a timely manner. SUMMARY In this chapter, we have covered some of the areas that need to be considered in the administration of a network. We have discussed network operations, the configuration of the network, network software, and network design. This is by no means all that will be required for administration, but it is a beginning. 1-19